Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 159

In some organizations, the IT and/or security departments bear sole responsibility for business continuity planning, and no other operational or support departments provide input. Those departments may not even know of the plan's existence until a disaster looms on the horizon or actually strikes the organization. This is a critical flaw! The isolated development of a business continuity plan can spell disaster in two ways. First, the plan itself may not take into account knowledge possessed only by the individuals responsible for the day-to-day operation of the business. Second, it keeps operational elements “in the dark” about plan specifics until implementation becomes necessary. These two factors may lead to disengaged units disagreeing with provisions of the plan and failing to implement it properly. They also deny organizations the benefits achieved by a structured training and testing program for the plan.

To prevent these situations from adversely impacting the BCP process, the individuals responsible for the effort should take special care when selecting the BCP team. The team should include, at a minimum, the following individuals:

 Representatives from each of the organization's departments responsible for the core services performed by the business

 Business unit team members from the functional areas identified by the organizational analysis

 IT subject-matter experts with technical expertise in areas covered by the BCP

 Cybersecurity team members with knowledge of the BCP process

 Physical security and facility management teams responsible for the physical plant

 Attorneys familiar with corporate legal, regulatory, and contractual responsibilities

 Human resources team members who can address staffing issues and the impact on individual employees

 Public relations team members who need to conduct similar planning for how they will communicate with stakeholders and the public in the event of a disruption

 Senior management representatives with the ability to set the vision, define priorities, and allocate resources