logo image

?Task 1 (C) – JIT2 Risk Management Essay

C. Recommendations
Create an implementation plan in which you recommend ways of implementing, monitoring and adjusting the BCP. For the task of creating a Business Continuity Plan (BCP), I will follow a logical and systematic formula for implementation, monitoring and reviewing the plan for United Health Group. The goal is to minimize the impact of any disruption by containing it within a predictable and predetermined period of time. To do this, I recommend that this plan be developed and implemented with as many preventative controls, contingency resources, and procedures designed to allow the organization to quicky bounce back from any long-term business interruption. With this document I’ll present a workable DR plan that focuses not only on safeguarding critical data but also on the restoration of all normal business functions. The process for developing a sound Disaster Recovery plan will involve many layers of detail from the obvious to the not so obvious. Since disasters are by their nature unpredictable, this DR plan must be thorough enough to provide a certain amount of relief to know that if one does occur, the affects on the business will not be catastrophic. Disaster Recovery Topics:

1.Secure executive-level leadership commitment
Senior leadership buy-in and support is

Need essay sample on "?Task 1 (C) – JIT2 Risk Management"? We will write a custom essay sample specifically for you for only $ 13.90/page

critical to the long-term success of any enterprise level initiative. Disaster Recovery and Business Continuity Plans are no different. Further, securing their involvement in the development various aspects of the plan will set the tone for cooperation from all levels of the business. Appropriate time and effort commitments must be endorsed by senior leaders to ensure that an effective plan can be developed. 2.Organize a DR Plan planning team

Knowledge experts from all functional areas of the business must be identified to be on the DR Planning Team. This team will oversee the design and implementation of all aspects of the plan. Names and business roles should be defined in the plan itself to give a face to the different areas
being represented. 3.Conduct a thorough risk analysis

The planning committee will then set out to identify any and all potential risks that may befall the company. These may be natural, technical or human caused events that pose serious threats or risks to the company. These threats will be itemized and prioritized in a Risk Register for planning purposes. Business impact analysis will identify the people and systems that will be affected and the financial impacts associated with each identified business risk. 4.Prioritize the business functions to be restored

Vital business functions and processes must be prioritized for coming back up in the event of a disaster. A ranking system that itentifies Critical, Important and Non-Essential will help to create the hierarchy of functions and which should be brought back first, second, third, etc. These are the most likely priorities for each functional business area, an the expected priority they represent in the resoration process: •Monetary Operations

•Information Systems
•Critical Processing Systems
•Customer Data
•Policies and procedures
Service Level Agreements must be honored, so a thorough review of all related contract delivery dates must be the basis for determining which functional areas are to be prioritized for resumption within the business areas. Focus should be on identifying the most critical needs of the inidividual business units such as financial processes, operational processes and daily internal business functions. 5.Establish a solid recovery strategy

Replacement facilities must be designated outside of the local disaster area in order resume most business functions. The identified locations should be evaluated on several levels: Location, hardware, communications equipment, software, network connectivity, physical space, etc Types of Recover Site solutions that could be considered include: ·Hot Sites

·Warm Sites
·Cold Sites
·Recipricol DR Agreements
·2 Redundant Data Centers
·3rd Party Service Centers (Vendor Provided)
Which ever solution is selected, written agreements for the location should be drafted to formalize the following terms and conditions: ·Length of the contract period
·Up-time commitments
·Availability for independent testing
·Site owner testing
·Versions of installed software
·Termination of contract process
·Fee Structure
·Data and site security
·Support staffing requirements
6.Safeguard mission-critical databases and processes
All customer records and critical financial records (transactions and historical records) must be kept safe and intact so as to allow complete restoration of data throughout the departments. Examples of critical business data:

·Corporate and Vendor contact numbers
·Internet Conectivity
·Policies and Procedure Documents
·Physical Plant and Equipment
·On-Site Server Locations
·DR Declaration Notification checklist
·Off-site storage location inventory
Backup copies of appropriate vital records must be maintained in a secure off-site storage location. The off-site storage location has been selected due to its location which will ensure it is unaffected by the disaster since distance and accessibility were considered in site selection. 7.Memorialize the DR plan in a logical, written form

The best way to standardize the plan is to create a logically flowing document that outlines the overall plan and contains detailed guidelines for the entire Disaster Recovery plan. Having all the steps and procedures documented will make the adoption of the plan by the senior leadership more attainable. Reasons for having all aspects written down and easy to follow will serve to benefit the organization by instilling a organized structure to the process and identifies all the significant steps to follow in the case of a disaster. Also, have a coherent structure of the written plan will make it easier to insert new steps and updated instructions to older steps in a consistant fashion. Focus should be on developing a standard review process for the DR document by all relevant Disaster Recovery Committee memebers. Standardization will also play an important role when more than one person is charged with writing the various procedures. Steps need to be outlined for all facets of the business recovery process including before, during and after an actual disaster. A procedures must be developed and followed for the periodic review and maintenance of the document to accommodate movement of key individuals, unique business operational developments or any external impacts such as technology and vendor impacts. The identified individuals for the various department must be the process owners for the disaster plan is concerned. These teams should play a critical role in identifying known areas of concern and calling out any new items as they become known such as the specific processes they control, hardware and support needed to function in the case of an actual disaster. Restoring the business to full functionality may result in material changes in current procedures which requires each unit to be responsible for its own organizational structor. 8.Design Effective Pre-disaster Testing

This Plan is designed to address the occurance of the following disaster scenarios. Gradiations are deemed to be Local, Regional and Multi-regional. These scenarios were deemed in-line with the realities of UnitedHealth Group’s business environment and will satisfy the overall objective of testing the appropriateness and effectiveness of the plan. Recovery of operations from these scenarios from a complete interruption will be achieved by using appropriate portions of the Plan. The exercise will include an assessment of the Plan strategies relative to the nature and
scope of a specific disaster scenario. Scenario #1 – Loss of Facility

Worst-case scenario is total disruption. Complete interruption of facilities without access to its equipment, local data and content. The interruption may impact a single site or multiple sites in a geographic region (up to a 400 mile radius). Scenario #2 – Loss of Critical Resources

Complete interruption with 100% loss of personnel within the first 24 hours and 50% loss of personnel long-term. The interruption may impact a single site or multiple sites in a geographic area (up to a 400 mile radius). Scenario #3 – Loss of Critical Systems

Complete interruption and/or access of critical systems and data located at the various UnitedHealth Group Data Centers for an extended period of time. Scenario #4 – Loss of Critical Vendors
Complete interruption in a service or supply provided by a third-party vendor(s).
In all scenarios it is vital that the plan be put through all phases for testing for feasibility and viability of both the plan and the external recovery site’s effectiveness. Full-on tests should be schedules to take place on a frequent basis (I’d suggest semi-annually). Each test attempt on these procedures should also be documented for learning and possible improvement steps. 9.Engage in Mock Disaster Walk-throughs

Now that the 4 disaster scenarios have been identify, the whole organization should attempt to perform a formal “table top” disaster walk-through test. This test would normally occur around a big conference room table with all internal and external parties lined up to participate. The testing should take place after business hours so as to minimize the impacts of the disaster exercise on normal operations of the business. This procedure is designed to elicit feedback from all areas to further improve the design and bredth of the plan for continual adjustments to be made to improve the DR plan. As a result of the test and any new issues identifies, the plan must be updated accordingly and redistributed to all DR Committee members as it is to be deemed a sort of living document subject to
review and improvement over time. The overall objectives of the exercise are to:

·Ensure the recovery strategy and associated recovery tasks support the reery time objective and capability to sustain recovery for a minimum period of days. ·Create awareness and enhance the level of competencies of the Business Continuity Plan and in understanding the event notification process. ·Ensure department personnel are familiar with the department’s Plan content and their roles and responsibilities during an event. ·Review the department’s Business Recovery Team members’ interactions when issues are presented. ·Develop the Remediation Report that establishes expected timelines for remediation of any deficiencies identified in the Plan. Items to include in the test:

·Thorough end-to-end process flow
·Departmental procedures checklists
·Full System Cut-over to test speed and accessibility ·Regression testing of all systems once services are restored 10.Obtain Sign-off of The Plan by senior leadership
Finally, based on the successful design and testing of the plan, the results should be reviewed and approved by senior leadership. Since it is ultimately the company’s executive team who must ensure that there is a documented and thoroughly vetted Distaster Reconvery plan. The role of the senior leadership team is to provide final approval of all the identified policies, procedures for the recovery plan and do so in writing. Having a completed DR plan in place is not the final step. Management must also review and inspect the similar DR plans for all vendors and supplier to ensure compatibility of their plans with that of UnitedHealth Group. Coordination between all related entities is very important to ensure all areas of the business are restored especially those areas that rely heavily on external vendor support. Senior managers and their designees are to be the only ones who can assess a potential disaster, activate the recovery plan and oversee the contact with all employees via the communication portion of the plan. 11.Monitor, Evaluate and Adjust the plan regularly

Throughout the year, any member of the DR planning team can suggest the plan be reviewed for relevance due to ever-changing business scenarios. Business changes like hirings, terminations, relocations, acquisitions, sell-offs, etc., will trigger this type of review at any time during the year or when the “change” event happens. Team leaders should consolidate all the relevant details of the most recent test and transform it into summaries and narratives, which address the demonstrated strengths, and areas for improvement throughout the plan’s instruction. Each exercise of the plan should be followed by an After Action Report/Improvement Plan meeting between DR Plan Committee members and the executive leadership team. The end goal of the exercise is to produce an “After Action Report” with recommendations for improving preparedness capabilities at all levels of the company. Any items identified for review and improvement, should be shared with the whole committee to ensure appropriate personnel are tasked with revising that part of the plan.

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy