Select Page
  

few paragraphs rewrite. kindly read, understand and rewrite to make sense and have a good flow.
a_business_continuity_plan.docx

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Article Writing Paragraphs to Rewrite on Business Continuity Plan
Just from $10/Page
Order Essay

A business continuity plan (BCP) is an instrumental part of an organization. A BCP is
ensures the survival of an organization in the case of a disaster. A BCP Combines information
technology and disaster recovery planning with business functions recovery planning (Hebda & Czar,
2013). The ultimate goal of a BCP is to restore an organization’s services within a specific amount of
time. There are several stages within the process of completing a BCP. The first step is creating a BCP
workgroup. This workgroup is in charge of:






Securing support from top management and resources: this is a critical part because this step
ensures that the plan will be viable which will be what makes or breaks the organization.
Selecting the members of the workgroup: ensuring those that are experts in their respective
fields are a part of the process to make suggestions.
Perform a risk assessment: at this point the workgroup will identify the types and
probabilities of disasters, the impact potential of a disaster, an estimated cost of lost or
damaged information, estimated costs to replace the lost or damaged information, equipment
or facilities and estimate the risk of the worst-case scenario.
Set processing and operating priorities: at this time, the workgroup will determine the
equipment and telecommunications link needed to perform daily functions in the event they
are not available.
Collect data needed to support the plan: determining what resources are available.
Write a plan: each expert in their field combines their portion to come up with a solid plan.
The second step in creating a BCP is analysis. During this stage, a business or problem is
examined and broken down to better understand how they are related to the business. The analysis of the
business aspects of an organization is the process of determining the critical functions of the organization
and the information vital to keeping these functions operational as well as the applications and databases,
hardware, and communication facilities that use, house, or support this information (Hebda & Czar,
2013). The third stage is the solution design. The goal of this stage is to recognize the most cost-effective
disaster recovery solution that meets the two basic requirements of: minimum set of applications and
application data requirements and time frame in which the minimum application and application data will
be available.
The fourth stage in BCP is actually implementing the plan. This entails the execution of the
design processes and policies found in the design phase. This stage also involves identifying the actions
needed to prevent, detect and lessen the effects of any potential disasters. Another activity done during
this phase is the development of implementation plans including emergency response, damage assessment
and salvage plans. The fifth stage in BCP is testing and acceptance. The purpose of this stage is to achieve
organizational acceptance in the hopes that the BCP meets the recovery requirements set by the
organization. During the test, reliability, adequacy, compatibility and appropriateness is considered. The
final step is maintenance. During this step, three activities are completed. The first is confirmation and
verification of the information. The second is testing and verification of solutions and the third is testing
and verification of the organization’s recovery procedures.
With the many disasters that could happen at any point in time, it is imperative that
organizations have BCPs in place to cover themselves. BCPs allow organizations to be able to
function after any situation. Even with something as full proof as a BCP, there is never a
guarantee of full protection from any event. With that being said, it is still good to have a plan in
place that can anticipate issues and minimize the losses that could occur by damage. There are
many advantages and disadvantages associated with BCP. Advantages include:
• Identifies strategies for correction of vulnerabilities within the organization
• Provides a reasonable amount of protection against interruption in services, downtime,
and data loss
• Ensures continuity of the client record and delivery of care


Expedites reporting of diagnostic tests
Captures charges and supports billing and processing of reimbursement claims in a timely
fashion
• Ensures open communication with employees and ensures customers of availability of
services or interim arrangements
• Provides a mechanism to capture information needed for regulatory and accrediting
bodies
• Helps to ensure compliance with HIPAA legislation and requirements of the Joint
Commission
• Establishes backup and restoration procedures for systems, databases, and important files
• Allows time for restoration of equipment, the facility, and services
The advantages of BCP show that it can benefit the organizations that have them in place. With
anything that has advantages, there are always disadvantages. The biggest disadvantage is establishing a
BCP in an organization is time-consuming and its implementation as an essential part of an organization,
is difficult. When a BCP is not developed or implemented how it is supposed to, it could cost the
organization money. Poor implementation or development could be caused by the employees not being
able to put their input on the plan. When creating a workgroup, it is imperative to use individuals that are
experts in each field so in the event of a disaster, they are able to recover the information. Not having the
right people in the workgroup to recover the information, could cause a delay, ultimately ending in the
organization losing money and time. Another disadvantage is organizations finding the need for a BCP
and the low support from management in that aspect. Having steps to create, test and implement BCPs are
important for the organization. If they do not complete the steps completely, this could lead to unexpected
errors due to not testing and identifying any issues. Organizations need to also be aware that some
recovery efforts can be expensive which could be a disadvantage.
Electronic medical records contain important information that if lost, can devastate a healthcare
facility. The ability to have the information contained in these records, protect the information and
guarantee that these records are available at all times, is mandatory for healthcare personnel and facilities.
Disaster recovery is the process of an organization resuming business after a disaster. These plans enable
the retrieval of critical data from backup storage, restore lost data and allows organizations to continue on
with daily operations. With disaster recovery, this process could take 48 hours or more to complete.
Objectives
The loss of EMR function due to a disaster causes a great amount of issues. The main issue is the
safety of the patients and their information. When working with any organization where important
information is transmitted or shared, it is imperative to have a plan in the event of a disaster. In the event
of a disaster, healthcare personnel need to be able to have answers to how patient information will be
accessed and how will the information be restored. The objectives of a BCP for a healthcare facility
would include:
• Minimize the impact on daily facility operations
• Minimize the loss of EMR functions which include access to patient information, ordering tests
and writing prescriptions
• Alternate sources for supplied and locations
• Establish records and document storage
• HIPAA enforcement
• Recover and resume service as quickly as possible
• Protect patient information from breach
Threat Analysis
Threat analysis refers to those elements that can affect an organization’s efficiency and
productivity. Threats have the ability to expose the vulnerable aspects within an organization. Not all
threats lead to loss, however, the process of recovery can take long and can cost the company money.
Threats to organizations include:
• Disease: can reduce the number of employees available for work
• Earthquake: structural and IT equipment damage
• Fire: structural and IT equipment damage
• Cyber-attack: data, IT equipment and operating system damage
• Utility outage: IT equipment, medical equipment, data and media damage
• Electrical: blackout
• Operating system failure: media and data damage
• Hacking
• Sabotage
Each form of threat can out an organization at risk. When it comes to medical records, it is important
to have a threat assessment plan in order to mitigate the affects of these threats and to also have a plan in
the event something happens. Medical records are 100 times more valuable than stolen credit cards
(Akpan, 2016). There is just not enough security to protect our medical data. Due to the fact that EMR has
become popular amongst healthcare facilities, the thought of cyber security and the protection of such
information would be the most important issue to tackle. Health care occupies a vulnerable cybersecurity
space. With the rise of health frackers, self-care and personalized medicine, people, doctors and regulators
want easier modes of access to patient data. The dangers come from opening huge highways for sharing
and storing data without the proper digital protections (Akpan, 2016). With earthquakes and other natural
disaster, the damage that can be caused can sometimes be irreparable while at the same time causing
disruptions in power, communication, internet function and lack of personnel, causing the healthcare
facility money and possibly patients.
Solution Design
The purpose of the solution design stage is to recognize the most cost-effective disaster relief
solution. The solution stage of should consist of:
• The crisis command structure
• The location of the secondary worksite
• The software required at the secondary worksite
• Timeframe for the restoration of data after a disaster
• Replicated data
The organization is located in Mayfield Heights, Ohio. The secondary location sites will be Garfield
Heights, Ohio and Shaker Heights, Ohio. These sites will be used as backup sites as well. Organizations
have different ways to back up their data on their servers and the way they back up their data. This
particular organization backs up their own data. Having a server in each location helps to minimize
recovery and down time during and after a disaster. The data will need to be backed up every hour or
every time there is a big push for information such as an update on software. This will ensure that the
most up to date data is being recovered at the secondary locations. Because the data is supposed to be
protected, the organization will need to spend a little extra money to purchase encryption and security for
this data. Depending on how much information is stored on the servers, determines the amount of time an
organization will account for recovery. The data that is deemed the most critical to the organization,
should be recovered first.
Implementation
During this stage, the execution of the BCP will begin. The secondary locations have already
been identified so the setup of the servers and personnel will happen. Any contracts with suppliers of
services will be signed. Any extra equipment that will support the implementation will need to be
purchased and the development of what each individual will do during the recovery will be discussed.
Testing
This is where the organization will test the plan to see if it meets the expectations set. The test
will start out with a full backup of the most recent data. Once the data is backed up, IT personnel will
send the data from the main server to each of the backup sites to make sure that those servers has the
access to the applications and data. Personnel will be tested on their effectiveness and efficiency during
this phase. Here, they will show whether or not they know what they are supposed to do in the event of a
disaster. Personnel will be working past business hours during a disaster so they will be tested in that
high-volume environment. If any part of this plan should fail or not meet expectations, it could be due to
insufficient or inaccurate recovery requirements, solution design flaws, or solution implementation errors
(Hebda & Czar, 2013). Organizations have the ability to set schedules on when testing should take place.
In the event any part fails, once changes are made to correct those deficiencies, the organization will retest. Once a solid plan is made, testing will occur once a quarter.
Maintenance
At this stage, the plan has already been tested and has met expectations. Confirmation
and verification of the information within the BCP will be distributed to essential personnel and
those with critical roles that need any extra training, will receive it. The testing and verification
of technical solutions will take place as well as verification of the organization’s recovery
procedures. Because the business can change at any time, including personnel, the BCP needs to
change with it to guarantee that the plan stays up to date. Changes to the BCP can include :
• Clients and their contact details
• Vendors and suppliers contact details
• Any changes within the organization’s departments
• Changes to the company’s mission
• Changes in the supplier’s routes
Healthcare facilities that maintain medical records are mandated t o have a backup plan, a
recovery plan, an emergency mode of operation plan, and testing and evaluation procedures. Although
HIPAA does not specify the exact processes or procedures for compliance, it does demand safeguards for
the security of protected healthcare information while operating in both normal and emergency modes
(Hebda & Czar, 2013). When it comes to ethics, BCPs pose huge issues. One ethical issue comes from
the backup of data itself. When patient’s health data are shared or linked without the patients’ knowledge,
autonomy is jeopardized. The patient may conceal information due to lack of confidence in the security of
the system having their data. As a consequence, their treatment may be compromised (Ozair et al., 2015).
Although business continuity plans have some benefits for organizations, implementing a BCP comes
with issues the bigger the company grows. The benefits of a BCP do outweigh the negative.
Organizations benefit from having a BCP because it provides a positive image of the protection it
provides to its assets and personnel. Having a BCP in place helps to secure an organization’s finances by
making sure they recover in a timely manner during and after a disaster. The more successful
organization’s BCPs are, the more it will be mandated by law for companies to have them. The thought of
a disaster ruining important data such as EMR in a healthcare facility, should motivate every organization
to create, test and implement a BCP. The first priority of any organization that serves the public is their
safety and having a BCP in place allows that protection.

Purchase answer to see full
attachment

Order your essay today and save 10% with the discount code ESSAYHSELP