Link to home
Create AccountLog in
Avatar of Pau Lo
Pau Lo

asked on

DR/BCP risks and controls examples

Can you recommend any sites/articles that would give some examples of risk events (IT and IT support staff specific) and countermeasures/containments/recovery tasks, that would typically be documented in any DRP/BCP. I just need some examples for some research tasks I am involved with. Especially useful would be any which cover risks around unavailability of critical IT support staff. I think this should be more BCP examples as opposed to DR, e.g. risks and countermeasures to keep IT operational during a disaster/pandemic, rather than recovery/restore tasks after a disaster. I'm not sure if its still the correct terminology in this field, but these used to be covered in a 'TRA' (threat and risk analysis), but that is going back several years.
ASKER CERTIFIED SOLUTION
Avatar of Andrew Porter
Andrew Porter
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Pau Lo
Pau Lo

ASKER

Some good ones there, thanks. I was wondering how a table top exercise may look for a scenario of losing a couple of senior/key IT support staff who look after critical parts of your IT, e.g. infrastructure/servers/networking hardware in the short/long term, and any types of tests you could do to determine the teams resiliency there. It is a rather unique "disaster" (could that be seen as serious enough to constitute a "disaster" in itself?), and although not like a cyber attack, or major hardware failure, but could have far reaching affects if it occurred (possibly), as will have been common place with the COVID pandemic. Almost trying to prize out single points of failure in your support and knowledge levels.
It sounds like you are looking for something very specific, relative to your environment. Are you looking to shed some light on risks you see surrounding the loss of key personnel in your IT staff, or something else?

I've been a part of MANY of these. If you give me some specifics about what you want management to see/understand, I can help you create a BCP/DR scenario that will help.


Avatar of Pau Lo

ASKER

IAre you looking to shed some light on risks you see surrounding the loss of key personnel in your IT staff
- yes

I dont work in the operational side of IT, but the pandemic has highlighted how quickly you could lose key IT staff short/long term, and that in itself is a risk that needs managing. So I was just trying to see countermeasures (e.g. knowledge management/skills matrix as picked up from another question), and any tests you could do to see how well prepared an IT team would be for such a scenario.
Loss of key staff seems a common risk I have seen on most IT related BCP's, it was just how to test for resiliency and minimize the impact of such a scenario.