IT Compliance

IT Operations

IT Outsourcing Management

Project Management

Speaking Services


BCP100             Business Continuity, Disaster Recovery and Incident Management Planning

CPE            7.0

Description:  The continued successful operation of an organization depends on senior management’s awareness of potential disasters, their ability to develop a plan to minimize disruptions of critical functions and the capability to recover operations expediently and successfully.  This seminar examines the various causes of computer failure, and presents feasible alternatives for recovery.  Session participants will examine the key components of disaster recovery, business continuity and incident management planning, how to measure the effectiveness of their organization's business recovery, continuity and planning program, and what questions they should be asking to determine their organization's overall preparedness to endure a disaster "event".

Audience: This seminar is intended for internal and external audit professionals, General Counsels, Chief Security Officers, Controllers and their management, InfoSec professionals, continuity planners, first responders, operations managers, Human Resource professionals, third-party service providers, emergency management personnel, personnel newly assigned to a disaster recovery role or those employed in a technical role who need to have a better understanding of the breadth of continuity planning, and anyone interested in obtaining a better understanding of the requirements necessary for identifying, developing and maintaining a viable and successful enterprise-wide business continuity plan.

Prerequisites:  There is no prerequisite for this seminar.

Objectives:  After completing this seminar, participants will be able to:

  • Pinpoint security requirements necessary for effective recovery operations
  • Define the requirements necessary in order to declare an incident (plan activation)
  • Conduct an assessment of an “incident event”
  • Understand the actions required to recover from a major incident.
  • Appreciate the extent to which the recovery depends on pre-planned resources and pre-defined actions.
  • Identify the options available for recovery and how to select those most appropriate.
  • Develop continuity plans which help to minimize potential economic loss to the enterprise
  • Identify strategies designed to decrease potential exposures leading to and resulting from a “disaster event”
  • Reduce the probability of disaster occurrence within their organization
  • Identify policies and procedures designed to reduce disruptions to operations
  • Implement proactive plans to ensure organizational stability
  • Develop policies and procedures which will provide for an orderly recovery, and minimizing insurance premiums
  • Reducing reliance on certain key individuals
  • Identify practices aimed at protecting the assets of the organization
  • Create continuity plans which ensure the safety of personnel and customers, and minimizing the organization’s legal liability
  • Improve the quality of decision-making during a disastrous event

Course Outline:

Why Consider Business Continuity Planning?
Disaster vs. Business Interruption -- Are They One in the Same?
Analyzing Risk
Developing A Risk Management Policy
Analyzing Business Impacts
Control Considerations in an Automated Office Environment
Developing and Exercising a Business Continuity Plan
Business Recovery from a Terrorist Attack
The Future of Backup and Recovery
Auditor's Role and Responsibilities
Disaster case study and team exercise


Dr. Marcella’s seminar is based on findings from his book, Disaster Recovery, Business Continuity, and Incident Management Planning: A Resource for Ensuring Ongoing Enterprise Operations published by the Institute of Internal Auditors, ISBN 0-89413-527-9.

Back to Courses