BUSINESS CONTINUITY INTERVIEW QUESTIONS


Most Important Frequently Asked Business Continuity Interview Questions




Interview Quesions on Business Continuity

    1. Question 1. What Is Business Continuity Management?

      Answer :

      Business continuity management (BCM) is the way organisations manage and respond to risks. The aim is to allow mission-critical functions to continue operating in the event of disruptions. This includes anything from bad weather to cyber attacks.

      BCM also helps organisations return to ‘business as usual’ promptly and with as little trouble as possible after a disruption.

    2. Question 2. How Does Business Continuity Work?

      Answer :

      Organisations can achieve effective business continuity by implementing a business continuity management system (BCMS). The international standard ISO 22301 describes best practice for a BCMS. It involves developing business continuity plans (BCP) to manage and protect against identified risks.

    3. Question 3. Why Should I Certify To Iso 22301?

      Answer :

      ISO 22301 sets out the requirements for a BCMS and is considered the only credible framework for effective BCM.

      Organisations that certify to the Standard can:

      • Prove to existing and potential clients that they have an effective BCMS that will enable continued service delivery in the event of an incident.
      • Obtain an independent opinion about the effectiveness of their business continuity management programme, thereby providing assurance to stakeholders and the board;
      • Accredited certification involves regular reviews and internal audits of the BCMS to make sure it functions as it should and continually improves; and
      • Meet regulatory requirements. The EU General Data Protection Regulation (GDPR) and the NIS Directive state that organisations must implement incident response capabilities. Certification to ISO 22301 provides a best practice approach to business continuity.

    4. Question 4. What’s The Difference Between Disaster Recovery And Bcm?

      Answer :

      Whereas BCM makes sure that an organisation can continue to function while recovering from a disruption, disaster recovery is the process of returning a business or organisation to a state of normality.

      The two are closely linked. Disaster recovery usually takes place within a BCMS, outlining the technicalities of recovering specific operations, functions, sites, services or applications. A single business continuity plan might contain or refer to a number of disaster recovery plans.

    5. Question 5. What’s The Most Important Part Of A Bcms?

      Answer :

      Making sure you’ve correctly identified the risks you face. If you plan for incidents that have little chance of occurring, you will be wasting time and resources. It would be even worse if you failed to identify a threat that came to pass, because you would have no way to manage the situation.

    6. Question 6. What Are The Organisation’s Purpose, Core Roles And Functions?

      Answer :

      To establish the correct context for the business continuity planning process, it is important from the outset to identify the organisation’s core roles and functions. In the exercise, it is likely that a number of items will be listed; hence it is necessary to also rank them by how critical they are to the organisation and its mandate.

      From an IT/ICT perspective, this process should also be followed. However, the questions should first be answered from an organisational perspective. (If an organisational business continuity plan exists, that information might be readily available.) However, thereafter, the focus should be on identifying what might be the IT/ICT department’s mandate, or the role of IT/ICT within the organisation, and ensuring that they are aligned with the overarching organisational obligations.

    7. Question 7. What Are The Critical Products And/or Services That Must Be Delivered?

      Answer :

      Following on from the previous question, this question encourages a fuller recognition and examination of the products and/or services that must be delivered by the organisation to its clients and customers. Generally, the results of that engagement are a key source of revenue for the business, or are otherwise used to gauge its performance.

      Again, it may be necessary to rank the listed goods and services in order of priority, as acceptable delivery levels and downtime are likely to be more stringent for the most critical ones, and ultimately may vary across the list of products and services.

    8. Question 8. What Are The Types Of Disruptions The Organisation Can Experience?

      Answer :

      Although a key purpose of a business continuity plan is to focus on minimizing and managing the aftermath of a disruptive incident, it is critical to ensure that the plan also includes preventative measures that can be implemented and provide some redundancy against failure. Hence it is recommended that attention be given to identifying the types of disruptive incidents to which the organisation could be subject, and arranging them by likely frequency and potential impact on the organisation.

      Factors such as geographic and physical location, country and civil stability, the actual products and services offered, among other things, are likely to influence the types of disruptions listed, and how they are ranked. For example, tropical storms and hurricanes frequently occur across most of the Caribbean – from the Bahamas to Saint Vincent and the Grenadines, and so should feature prominently in plans developed in those countries. However, for plans developed in CuraƧao or Guyana, for example, that specific type of storm might be considered a rare occurrence, as those countries generally lie outside the hurricane belt.

      Within the context of an IT/ICT business continuity plan, disruptive incidents may be scheduled or unexpected, or may be internal to the network, or due to external forces. Examples of disruptive incidents that could affect an organisation’s IT/ICT infrastructure and ought to be listed and considered would include, but not limited to:

      • Electrical outages
      • Equipment damage and malfunction
      • Software glitches
      • The effects of system breaches/network hacking
      • Equipment/system servicing, upgrades, changeovers

    9. Question 9. What Are The Consequences To The Organisation?

      Answer :

      In order to truly drive home the importance of business continuity, the final question to be answered is regarding the consequences to the organisation.  Again, it is best to be thorough and, to the extent possible, quantify the losses that could result, for example with respect to:

      Loss of revenue:

      • Additional expenses that may be incurred, such as for penalties and fines, for interim arrangements, and to rectify to problem, and
      • Other losses that might be incurred, such as sanctions that might be imposed or losses to the organisation’s reputation, market share, or stock price
      • In summary, the above five questions would provide organisations with a solid foundation upon which to develop their business continuity plans, and to appreciate the resources that may be needed for its successful implementation. It is therefore emphasized that the effort made to thoroughly address these questions will have an impact on the final quality of the plan developed.

    10. Question 10. Why Do I Have To Develop A Plan Or Keep My Plan Updated?

      Answer :

      Developing a plan will enable UT Arlington to carry on the university’s mission and recover from an incident or lessen the impact. Carrying out the mission of the university under adverse conditions means that campus may be working with diminished resources, such as loss of space or information technology infrastructure. Critical functions will be identified in your plan that will help limit vulnerability.

    11. Question 11. What Is The Process Of Creating A Plan?

      Answer :

      The department dean/director or supervisor will lead a small planning team to determine who will need to go to an orientation. (The short list of individuals picked should be those that will input data into the system.)

      • Identified individuals who will attend one of the orientations.
      • Begin to develop your plan. Once the plan has been created, send an email to OEM to let them know you are done, and they will review the plan and offer any suggestions to fill gaps.
      • Update your plan with provided suggestions; put the plan on a site such as SharePoint or interoffice or hand out a hard copy and have the department review the plan.
      • Once they have read the plan, have them sign the “Review Sheet”. Send a copy of the Review Sheet to OEM and you will be done with your plan.

    12. Question 12. When Is The Business Continuity Plan Due?

      Answer :

      All plans are due on the last week of October at close of business. That will give OEM time to review all the plans and send them back if gaps exist. Every October 31, Mr. John Hall, Vice President of Administration and Campus Operations, receives a memorandum of all BCPs status.



Topic: Business Continuity Interview Questions
Interview Quesions on Business Continuity

No comments:

Post a Comment