Business Continuity Plan
(Redirected from BCP)Jump to navigation Jump to search
- A plan used by an organization to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems.
- Because human life is invaluable, the main priority of any business continuity and disaster recovery plan should be to protect people.
Developing a BCP
- Conduct Business Impact Assessment
- Develop Recovery Strategy
- Once the business impact analysis (BIA) is completed, the next phase in the business continuity plan (BCP) development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster that will meet the time lines and priorities defined through the BIA.
- Develop a specific plan DRP
- After developing various recovery strategies, a specific BCP can be developed, tested and implemented.
- Implement a plan
- After selecting a strategy, a specific BCP can be developed, tested and implemented.
- The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives.
- Test and Maintain a plan
- Depending on the complexity of an organization, there could be more than one plan to address various aspects of business continuity and disaster recovery, but the plans must be consistent to be effective.
- The plans do not necessarily have to be integrated into one single plan.
- Although each plan may be independent, each plan has to be consistent with other plans to have a viable business continuity planning strategy.
- It may not be possible to define a sequence in which plans have to be implemented because it may be dependent on the nature of disaster, criticality, recovery time, etc.
- Integrating the business continuity plan (BCP) into the development process ensures complete coverage of the requirements through each phase of the project.
Activation of BCP
- The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the duration of an outage.
- In the event of a disaster, it is important to have a current updated list of personnel who are key to the operation of the plan.
Maintaining the BCP
- Conduct annual Risk Assessment
- Testing the BCP
- Table Top - The primary purpose of tabletop testing is to practice proper coordination because it involves all or some of the crisis team members and is focused more on coordination and communication issues than on technical process details.
- Functional testing involves mobilization of personnel and resources at various geographic sites. This is a more in-depth functional test and not primarily focused on coordination and communication.
- Full-scale testing involves enterprise-wide participation and full involvement of external organizations.
- Deskcheck testing requires the least effort of the options given. Its aim is to ensure the plan is up to date and promote familiarity of the BCP to critical personnel from all areas.
Disaster Recovery Plan
- Determine the incremental daily cost of losing different systems. This will allow RTO to be established.
- Determine RTO, RPO objectives.
- Business Continuity Self-Audit - This is a tool for evaluating the adequacy of the BCP but not for gaining an understanding of the business.
- Resource Recovery Analysis - This is a tool for identifying the components necessary for a business resumption strategy but not for gaining an understanding of the business.
- Risk Assessment - This, along with Business Impact Assessment, are tools for understanding the business as a part of a business continuity plan (BCP).
- Gap Analysis - Gap analysis can play in BCP is to identify deficiencies in a plan but not for gaining an understanding of the business.