Join now Sign in

Articles People Learning Jobs

Sign in
Stay updated on your
professional world

Sign in

By clicking Continue, you agree to

LinkedIn’s User Agreement, Privacy
Policy, and Cookie Policy.

Sign in to view more content Continue with Google

Create your free account or sign New to LinkedIn? Join now

in to continue your search

Sign in Insights from the

community
Clearing the Confusion
or

By clicking Continue, you agree to LinkedIn’s User

IT Service Management

among IRP, BCP and

Agreement, Privacy Policy, and Cookie Policy.
What are the common ITSCM
Continue with Google gaps and how do you address

DRP New to LinkedIn? Join now

them?

Hashan Wickramasingha Wadanambi (H.W.W) Business Continuity

IT Infrastructure Specialist | IT Infrastructure Services
How do you align your RPO with
Management | IT Project Management | Cybersecurity | ISO/IEC
+ Follow your recovery time objective
27001 Information Security Internal Auditor | Scrum Master |
Strategy Implementation Professional (RTO) and service level
Published Dec 12, 2023 agreement (SLA)?
Like Comment Share 8

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 From my observations, I've seen IT teams often getting stressed
because of the confusion in distinguishing between the Incident Business Operations

Response Plan (IRP), Business Continuity Plan (BCP), and Disaster What are the best ways to
Recovery Plan (DRP). While it might appear that these plans overlap, improve incident response
they actually have distinct definitions and are three separate plans. capabilities with business
continuity metrics?
First, the Incident Response plan responds to abnormal operating
conditions to keep the business operating. An incident is “An event that
Business Continuity Planning
actually or potentially jeopardizes the confidentiality, integrity or
How do you incorporate lessons
availability of an information system or the information the system learned from previous crises into
processes, stores or transmits.”. In here the event is defined as “Any your business continuity plan?
observable occurrence in a network or system” (Source:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.
Business Continuity Planning
800-61r2.pdf).
How do you incorporate RPO,
RTO, and MTO into your risk
management and contingency
The four major components of IRP are. planning?

1. Preparation
Contingency Planning
2. Detection and Analysis
How do you integrate
3. Containment contingency planning testing
with other business continuity
4. Eradication and Recovery and resilience activities?

5. Post-Incident Activity Show more

Incident response life cycle

Others also viewed

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 (source: The Proper Way of
Assessing BCP/DR
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP. Readiness When Your
800-61r2.pdf) Company is Performing
an IT Security Risk
Assessment on a New
3rd Party Vendor
Below are the major tasks which are included in each phase of Incident Rocio Baeza · 3y

response life cycle.

Business Continuity
Planning in Today’s
Preparation: Everchanging World
Charlene Aldridge · 2y
o Develop a policy approved by management.
Do you have a Business
o Identify critical data and systems, single points of failure. Continuity Plan (BCP)?
Ravindra Perera · 7y
o Train staff on incident response.
Show must Go On ... So
o Implement an incident response team. Should The BCP
Gautam Sarnaik · 7y
o Practice Incident Identification.
How to Determine
o Identify Roles and Responsibilities. Continuity needs using
Recovery Point
o Plan the coordination of communication between stakeholders with Objective (RPO) and
Recovery Time
primary and secondary contacts. Objective (RTO)
Eric Morano · 9y

By failing to prepare,
Detection and Analysis: you're preparing to fail.
Philippe Cornette · 2y
o Monitor all possible attack vectors.
Show more
o Analyze incidents using known data and threat intelligence.

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 o Prioritize incident response. Explore topics
o Standardize incident documentation. Sales

Marketing

Business Administration
Containment, Eradication and Recovery:
HR Management

o Gather evidence.
Content Management

o Choose an appropriate containment strategy. Engineering

o Identify the attacker. Soft Skills

o Isolate the attack. See All

Post-incident Activity:

o Identify evidence that may need to be retained.

o Document lessons learned.

The Business Continuity plan is designed to keep the

organization operating through the crisis. When there is an
event which has created a disturbance to the operation and if
you need to find a way to maintain the business then the
Business Continuity Plan (BCP) guides you.

The BCP mainly consists of the following components.

o List of the BCP team members, contact methods and secondary

contacts when primary is not available.
PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 o Immediate response procedures and checklists (security and safety
procedures, fire suppression procedures, notification of appropriate
emergency-response agencies, etc.).

o Notification systems and call trees for alerting personnel that the BCP
is being enacted.

o Guidance for management, including designation of authority for

specific managers.

o How/when to enact the plan.

o Contact numbers for critical members of the supply chain (vendors,

customers, possible external emergency providers, third-party partners)

At last, if both the Incident Response and Business Continuity

plans fail, the Disaster Recovery plan is activated to return
operations to normal as quickly as possible.

The general objective of the DRP is bringing the operation back to

normal stage as quickly as possible. The DRP generally includes the
components below.

o Executive summary providing a high-level overview of the plan.

o Department/Sector specific plans.

o Technical guides for IT personnel responsible for implementing and

maintaining critical backup systems.

o Full copies of the plan for critical disaster recovery team members.
PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 o Checklists on individual contributions and responsibilities.

I once performed a gap analysis on the infrastructure operations to

develop an Infrastructure roadmap for an organization. Even if the plans
like IRP, BCP, and DRP are written down, sometimes they're not really
part of how things happen. So, even though they're written, it's a big
problem when there's a real issue.

There was a time when ERP System in the organization was running
slowly. The security and infrastructure teams were worried and trying
hard to fix it. Everyone was making calls, and it was a stressful time for
all the teams. As things got worse, four questions came up from both
non-tech business users and senior leaders in infrastructure and
security.

1. Why can’t we activate the disaster recovery plan?

2. Why can’t we stop applications from primary Data Center and spin
out Apps from Disaster Recovery Data Center?

3. There is huge pressure from business, what can we do?

4. What else can we do as an alternative plan to run the operation?

After the teams resolved the issue, I scheduled a meeting to discuss this
matter.

I asked the senior technical experts that I heard some of you were
telling “Why can’t we activate DR plan? “. Then I received an answer
saying, “no one took the responsibility for taking that decision”.

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 Next, I asked when we should activate the DR plan, then there was only
silence.

Then I further asked where the DR plan is and then it was identified that
most of the technical persons were not aware of the DR plan. But in the
DR plan it is properly documented when to activate and how to proceed
and the roles who are responsible for taking decisions.

Then after that as a team we started awareness sessions and initiated a

journey of looking at these important factors.

In short, regularly checking the prepared plans like IRP, BCP, and DRP is
crucial. It doesn't matter how well-written the documents are; what
matters is putting them into practice. It should be a routine, normal
practice in real situations, avoiding confusion and pressure.

This article aims to share industry experiences to help others learn from
mistakes and improve their IRP, BCP, and DRP if they haven't been well-
prepared. It underscores the importance of being aware of and
effectively implementing these plans.

I would like to thank https://www.isc2.org/ for the knowledge that

was produced and listening to a podcast between Chad Kliewer and
Daniel Hernandez on Incident Response Priorities motivated me to write
this article.

Further I believe a vision of sharing knowledge and experiences with

others makes a world a better productive place as I have learnt a lot
from others. Therefore I value sharing knowledge with others and learn
from others.

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 To view or add a comment, sign in

More articles by this author

Have we identified The Future Of IT The Untold Story of A

what digital… Departments Kangoo Jumps Quee… w
Feb 3, 2024 Jan 19, 2024 Dec 31, 2023 D
See all
© 2024 About Accessibility User Agreement Privacy Policy Your California Privacy Choices Cookie Policy Copyright Policy Brand Policy

Guest Controls Community Guidelines Language

PDFmyURL converts web pages and even full websites to PDF easily and quickly.