Calendar				Person			% of
Task		Step		Description		Deliverables			Weeks				Days			Total
100		Structure, Plan, and Manage the Project  (DRII/BCI Subject Area 1)				Total Task Time Estimates		9	to	16		5	to	8		10%
		110	Define and Confirm Approach, Objectives, and Scope			1 - Project Work Plan, Schedule, and Charter
			10	Meet with Project Sponsors to Define Project Objectives and Scope		2 - Project Team Lists
			20	Select Project Steering Committee from Key Groups		3 - Communications Plan
			30	Hold Kick-off Meeting with Steering Committee; Identify Project Concerns		4 - Status Reports
			40	Define and Confirm Basic Approach
			50	Define Method to Identify Mission Critical Systems, Apps, Owners, and Operators
			60	Review Approach to Determining IT Assets for BC/DR Plan
			70	Obtain Contact Info on Key Systems and Networks Personnel
			80	Confirm Extent to Which Specific Systems and Services are in Scope
			90	Identify All Requirements and Obligations Which Must Be Considered
		120	Develop Project Work Plan and Charter
			10	Schedule Project (resource loading, milestones)
			20	Develop Project Tracking Approach
			30	Set Up Issues Database
			40	Confirm Project Deliverables and Work Products
			50	Document Project Work Plan Charter
		130	Identify and Obtain Required Resources and Budget
			10	Staff Project
			20	Orient Project Team Members
			30	Set Up Workspace
		140	Establish Communications and Quality Assurance Processes
			10	Develop Project Documentation Standards
			20	Identify Expectations of Project Team and Sponsors
			30	Develop QA Communications Plan (meetings, publications)
		150	Manage the Project
			10	Provide Project Supervision
			20	Conduct Team Meetings as Required
			30	Prepare Status Reports
			40	Track Project Time
			50	Maintain Project Communications
			60	Obtain Executive Management Commitment and Support
			70	Integrate Results Into BC/DR Plan
200		Perform Risk and Criticality Assessments and BIA  (DRII/BCI Subject Areas 2 & 3)				Total Task Time Estimates		3	to	5		14	to	23		30%
		210	Identify Critical Systems and Data			1 - Summarized Findings
			10	Visit Key Facilities		2 - Prioritized Risks Matrix
			20	Determine Physical Vulnerabilities		3 - Prioritized Mission Critical Business Functions,
				1	Conduct Walkthroughs	Systems, and Processes
				2	Evaluate Facilities (Structure, Location, Power, Cooling, Fire Protection, etc)	4 - Threat Model
				3	Examine Site Security	5 - Business Impact Matrix
				4	Identify Exposure to Disaster Types (Manmade, Technical, Natural)
			30	Identify Critical Systems, Networks, Applications, Data, and Staff
				1	Identify Critical Applications and Owners/Users
				2	Identify Critical Systems and Networks
				3	Identify Critical Data (electronic and other)
				4	Evaluate Data Backup and Storage
				5	Identify Key Staff Members
				6	Identify Technical Resource Requirements and Dependencies
			40	Evaluate Risks
				1	Determine Criticality of Systems and Apps
				2	Identify Single Points of Failure
				3	Determine Interruption Impacts (Operational, Financial, User, Staff)
				4	Determine Downtime Tolerance and Recovery Windows
			50	Document Findings
		220	Conduct Criticality Assessment to Identify Critical Business Functions and Processes
			10	Survey Users on Key Applications and Mission Critical Systems
			20	Identify Departmental Applications
			30	Select Sample Users of Key Applications
			40	Survey Users to Determine Criticality of Key Applications
			50	Determine Critical Business Systems, Functions, and Processes
			60	Identify Site Specific Systems and Applications
		230	Conduct Business Impact Analysis (BIA) to Quantify and Assess Overall Risks,Threats, and Business Impacts
			10	Build Threat Model
			20	Conduct Risk Impact and Probability Assessments
			30	Classify Risks as Business Interruptions or Catastrophic
			40	Identify High Priority Risks
			50	Document Business Impacts of Failures of Mission Critical Business Functions and Processes
		240	Summarize and Prioritize Risks, Impacts, and Mission Critical Business Systems
		250	Document Risk Assessment and Business Impact Analysis Conclusions and Priorities
300		Prepare Emergency Response Procedures  (DRII/BCI Subject Areas 5, 9, & 10)				Total Task Time Estimates		1.5	to	2.5		7	to	11		15%
		310	Define Basic Emergency Response Approach			1 - Emergency Response Procedures
		320	Define Emergency Management Teams (EMT)			2 - Crisis Communications Plan
			10	Identify EMT Executive Team Members		3 - External Agency Coordination Plan
			20	Identify and Select EMT Team Members
		330	Create EMT Procedures
			10	Identify and Review Existing Emergency Response Procedures
			20	Define Command and Control Requirements to Manage an Emergency
			30	Update Existing Emergency Response Procedures Based on Risks
			40	Document Step by Step Emergency Response Procedures
				1	Who To Call
				2	Where To Go
				3	What To Do
		340	Establish Emergency Operations Center(s) in Appropriate Facilities
			10	Identify Specific Locations for Command and Control Center(s)
			20	Define Roles, Authorities, and Communications Processes Necessary
		350	Establish Crisis Communications Plan
		360	Establish External Agency Coordination Plan
400		Develop Recovery Strategies  (DRII/BCI Subject Area 4)				Total Task Time Estimates		1.5	to	2.5		7	to	11		15%
		410	Define Recovery Strategy Requirements to Maintain Mission Critical Functions			1 - Recovery Requirements Summary
			10	Define Minimum Requirements (e.g.data backups and alternate sites)		2 - Industry Best Practice Recovery Strategies Summary
			20	Define Equipment and Telecommunications Requirements		3 - Alternative Recovery Strategies Comparison Matrix
			30	Define Key Records Recovery Requirements		4 - Recommended Recovery Strategies
			40	Identify Staffing and Funding Requirements
		420	Conduct "Best Practices" Search for Recovery Approaches Used by Similar Clients
		430	Develop and Analyze Recovery Strategy Alternatives for Mission Critical Systems
			10	Identify Alternative Recovery Strategies to Meet Requirements
			20	Perform Analysis and Evaluation of Alternative Recovery Strategies
			30	Develop Recovery Strategy Recommendations
		440	Hold Facilitated Sessions with Client Staff and PAC to Select Recovery Strategies
			10	Review and Confirm Recovery Strategy Requirements
			20	Present Recovery Strategy Alternatives and Recommendations
			30	Define High Level Cost Estimates for Strategy Alternatives
			40	Compare and Contrast Strategy Alternatives
			50	Select, Prioritize, and Document Recovery Strategies
			60	Obtain Team and Management Support of Recommended Strategies
500		Develop BC/DR Procedures and Plans  (DRII/BCI Subject Area 6)				Total Task Time Estimates		2	to	4		9	to	18		20%
		510	Develop Basic Plan Layout and Structure			1 - DR Procedure Templates
		520	Consolidate Recovery Strategies			2 - BC/DR Procedures and Plans
		530	Identify and Incorporate Critical Documents
			10	Recovery Strategies
			20	Emergency Response Procedures
			30	Phone Lists
			40	Equipment Inventories and Specifications
			50	Network Diagrams and Circuit Identification Numbers
			60	Data Backup Retrieval/Restoral Procedures
			70	Vendors/Suppliers Contact Lists
		540	Develop BC/DR Procedures and Plans
			10	Develop and Distribute DR Procedure Templates