Question 1
A business continuity plan (BCP) is a combination of procedures and processes for ensuring that activities within a given organization continue running before and after a catastrophe. Disaster recovery plan (DRP) are the sets of procedures and processes for recovering particular business information and applications within an organization (Thejendra, 2014). Legal and regulatory requirements have been put in place to ensure the implementation of these measures in organizations. For example, healthcare industries are required to maintain audit trails and records according to the 21 CFR part 11.
Question 2
Recovery strategy for the IT systems, data and applications should be put in place. The strategy should cover all aspects of the IT environment such as the hardware, connectivity to service provider, software applications, data, backup and its restoration, and the computer rooms and environment (Snedaker, 2007). The implementation of such a plan is done in stages. Developing an inventory of all hardware components is the first step. All critical information and data should then be backed up. Copies of critical software and programs should also be stored. The plan should be tested regularly for security purposes, weakness exposure and necessary improvements.
Question 3
Disaster recovery can be implemented in five major stages for any company (Phillips, 2009). The first stage is the identification of the company’s or the organization’s resources usually by inventory. This allows for easy identification and allocation of losses and damages. The second stage is assessing of threats and their accompanying consequences. These are the liabilities facing the resources and performance of the company. The causes and chain events accompanying these threats are studied thoroughly (Phillips, 2009). The third stage is the formation of prevention, detection and correctional methods for controlling the threats. These helps in stopping, alerting and controlling unwanted circumstances respectively. The fourth stage is the control of data loss. This involves backup, prevention of data corruption and ensuring data integrity. The last stage is testing the plan. This is done regularly to expose weaknesses, training the employees and generally improving the plan by modifications (Phillips, 2009).
References
Phillips, B. (2009). Disaster Recovery. Boca Raton: CRC Press.
Snedaker, S. (2007). Business Continuity and Disaster Recovery Planning for IT Professionals. Burlington: Syngress.
Thejendra, B. (2014). Disaster Recorvery and Business Continuity: A Quick Guige for Small Organizations and busy Executives. Ely, Cambridgeshire IT Governance Ltd.