SYSTEM ADMIN

GROUP THREE
AINABYOONA JACQUELINE S20B13/204 A89575
JUMA JOSEPHAT S20B13/222 A89842
MAFABI PATRICK S20B13/201 A89572
MUHANGUZI SAMUEL S20B13/002 A84028
MATHIAS PRAISE RINDI S18B00/041 A82931
KAHWA JOEL J2B13/216 A89587
 With examples, explain how you understand by Business Continuity Plan and Disaster Recovery Plan

Business Cotinuity
Business continuity is an organization or company’s
ability to maintain essential functions up and A business continuity plan is a document that
running during and after a disaster has occurred’ specifies an organization’s planned strategies for
post-failure procedures by taking into account
These disasters are numerous and unpredictable storing data in a way that can easily be accessed
such as natural disasters, fires, disease outbreaks, following a disaster, risk management, and planning
cyberattacks among others an organization’s needs to stay operational during
disaster or disruptions.
Organization should plan and come up with risk
management processes, new technologies such as With business continuity, an organization can
disk mirroring, and procedures that aim to prevent dig into its weaknesses deeply and gather key
interruptions and bring about full function to the information such as contact lists to improve its
organization as soon as possible. communication with professional people who
could come to the rescue immediately a
When a disaster occurs, continuity is key, thus disaster occurs, technical diagrams of systems
bringing us to the business continuity plan. that can be useful outside of disaster situations
thus improving technology and resilience.

1
 Disaster Recovery
A disaster recovery plan is a formal
document created by an organization that
Disaster recovery involves a set of contains detailed instructions on how to
policies, tools, and procedures to respond to unplanned incidents such as
natural disasters, power outages, cyber-
enable the recovery or continuation of attacks and many more.
vital technology infrastructure and A good disaster recovery plan. Has the
systems following a natural or human- following components;
induced disaster. identifying the assets, mapping out the
assets, identifying your assets’ criticality
and context, conducting a risk assessment
defining the recovery objectives, choosing
a disaster recovery setup, budgeting for
the setup, testing and reviewing the plan.

Disaster Recovery Plan

2
 B) EXPLAIN THE DIFFERENT TYPES OF DISASTERS THAT IT SYSTEMS CAN ENCOUNTER.

Considers potential and different types of disasters are Natural Disasters, physical disasters and
Technology based disasters.
Natural disasters.
Environmental disasters. These can be regional based or anywhere.
Natural fires.
Earthquakes. Your business could be located in areas known to experience them. These are very
unpredictable and could damage the building, distract the delivery of key services and utilities
Severe weather. It may damage your building or interrupt delivery services such as electricity.
Floods. These could wreck electrical equipment such as computers

3
 Physical disasters.
Theft. At work, equipment such as servers and computers might be stolen in bulk
Terrorism. In a world full of war, terrorist attacks are possible.
Intentional damage. This includes vandalism may damage your computer systems.
Sabotage. An employee may get hold of an administrator’s account and password and do
all nasty things to your network.
Equipment failure. Air-conditioning systems are crucial to regulate temperatures in com-
puter rooms, computer equipment failure, elevators, and automatic doors among others.
Other potential disasters include;
Labour disputes, workplace violence, loss of key staff because of injury, resignation,
death, public health issues such as epidemics, pandemics (COVID-19)

4
  C) STEPS FOLLOWED WHEN DEVELOPING A BUSINESS CONTINUITY
PLAN.
KEY TERMS
Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume
business in the event of a disruption

Critical Process – Business activity or information which could not be interrupted or

unavailable for several business days without significantly jeopardizing operation of the
organization

Recovery Time Objective (RTO) – The maximum amount of downtime that is allowable
for a critical process before the impact becomes severe enough to drastically hinder
patient safety and/or stop the continuation of business services

Recovery Time Actual (RTA) – The actual time it takes to restore an IS application
Critical Records – Records or documents that, for legal, regulatory, or operational
reasons, cannot be irretrievably lost or damaged without materially impairing the
organization’s ability to conduct business

6
Why Have a BCP?
Enhances ability to reduce:
• Disruptions to service delivery
• Financial losses
• Regulatory fines
• Loss of market share
• Damages to equipment
Benefits
• Continuation of patient services
• Fulfill moral responsibility to protect:
 Employees
 The community
 The environment
• Facilitates compliance with regulatory requirements
When Do You Use the BCP?

• The BCP will be used in emergencies and other catastrophic

events where the building or a department is severely
impacted:
• The loss of service poses significant physical,
operational, and business challenges and risks
• Continuity of the service, somewhere within the facility, is
integral to ongoing facility viability and community support
• The BCP will be used in addition to the Emergency Operations
Plan (EOP) to resume/return business functions to a normal
state post-disaster
 THE STEPS.
This is by assembling a business continuity
Initiation of management team. A good Business Continuity
01 the planning Plan should detail what staff needs to do in the
event of a disaster, what communication methods
project.
are required, and the time frame in which IT
services need to be available.
Prioritizing the safety of your employees Ensure the safety
since they will look to you, their community, and wellbeing of
and the government for guidance and
addressing their concerns
your employees 02
Once the business Continuity Management team is assembled conduct a
Understanding business impact plan. Conducting a BUSINESS IMPACT ANALYSIS to reveal
03 the risks to your any possible weaknesses and consequences of a disaster on various
departments of the organization to inform it of any crucial functions and
company systems to prioritize in a business continuity plan. Conducting a RISK
ASSESSMENT to identify potential hazards, i.e. cyberattacks and technology
failures, to an organization that could affect the staff, customers, building
When the disaster occurs and financial losses begin to
grow, a Business Continuity Plan enables a company or
Implement operations, and company reputation, and further details on what or who a
risk could harm forms of that risk.
organization to get on track. Therefore, you discuss options Recovery
with your team such as;
 Do you have a way to get sales, manufacturing and
support personnel back to work after a disaster to
Strategies. 04
Carry out a test, get a review on how it went, and update the
continue operating the business. plan accordingly. However, a regular schedule for testing,
 How will you continue to meet the demand for products
or services if your equipment is damaged?
Testing and making review, and updating is adapted since its helpful especially if the
business changes its staff frequently and operations.
improvements
05
 If facilities are impacted will your employees work from
home or an alternate location?
5