List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Evaluate impact of system on business continuity | 1.1 Identify business critical functions and the security environment from documentation and from discussion with business area and project team 1.2 Identify critical data and software from documentation 1.3 Assess potential impact of business risk and threats on ICT systems 1.4 Identify and evaluate statutory requirements, commercial requirements and contingency possibilities according to specifications and cost constraints |
2. Evaluate threats to system | 2.1 Identify threats to the system, considering security analysis and internal and external business environment 2.2 Evaluate risk minimisation alternatives against specifications and cost constraints |
3. Formulate prevention and recovery strategy | 3.1 Evaluate prevention and recovery options to support critical business functions against business specifications and cost constraints 3.2 Review current operational procedures to ensure adequate risk safeguards and contingency plans are in place 3.3 Submit disaster recovery and prevention strategy to appropriate person for approval |
4. Develop disaster recovery plan to support strategy | 4.1 Identify and document resources required for disaster recovery according to specifications and cost constraints 4.2 Identify and document processes required for disaster strategy according to project standards 4.3 Identify cut-over criteria before initiating disaster plan 4.4 Document disaster recovery plan and submit to appropriate person for review and sign-off |
Evidence of the ability to:
develop a contingency plan that identifies threats and minimises down time for business critical functions
develop clear and specific directions on how to handle serious down time
coordinate, plan and articulate flexible logistics requirements.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
compare and contrast backup methodologies
explain the business planning process relevant to the development of information and communication technology (ICT) business solutions
analyse the client business domain
evaluate disaster recovery plan strategies and components, including:
physical security
system failure, accident or sabotage (hackers)
denial of service
virus attack
cyber attack
telecommunications failure
contingency arrangements
interpret and analyse key workplace health and safety, legislative and organisational requirements relevant to the task
evaluate the organisation’s current systems functionality and systems engineering.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work, and include access to:
vulnerability assessment and general definition of requirements
acceptance test plan
business impact analysis
information technology security assurance specifications
relevant statutory documentation.
Assessors must satisfy NVR/AQTF assessor requirements.