Pau Lo
asked on
DR/BCP risks and controls examples
Can you recommend any sites/articles that would give some examples of risk events (IT and IT support staff specific) and countermeasures/containments/recovery tasks, that would typically be documented in any DRP/BCP. I just need some examples for some research tasks I am involved with. Especially useful would be any which cover risks around unavailability of critical IT support staff. I think this should be more BCP examples as opposed to DR, e.g. risks and countermeasures to keep IT operational during a disaster/pandemic, rather than recovery/restore tasks after a disaster. I'm not sure if its still the correct terminology in this field, but these used to be covered in a 'TRA' (threat and risk analysis), but that is going back several years.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
It sounds like you are looking for something very specific, relative to your environment. Are you looking to shed some light on risks you see surrounding the loss of key personnel in your IT staff, or something else?
I've been a part of MANY of these. If you give me some specifics about what you want management to see/understand, I can help you create a BCP/DR scenario that will help.
I've been a part of MANY of these. If you give me some specifics about what you want management to see/understand, I can help you create a BCP/DR scenario that will help.
ASKER
IAre you looking to shed some light on risks you see surrounding the loss of key personnel in your IT staff- yes
I dont work in the operational side of IT, but the pandemic has highlighted how quickly you could lose key IT staff short/long term, and that in itself is a risk that needs managing. So I was just trying to see countermeasures (e.g. knowledge management/skills matrix as picked up from another question), and any tests you could do to see how well prepared an IT team would be for such a scenario.
Loss of key staff seems a common risk I have seen on most IT related BCP's, it was just how to test for resiliency and minimize the impact of such a scenario.
ASKER