Flood / Fire / Hurricane - Would Your Company Survive?

David Higgins - 4ITSec

Business Continuity Planning (BCP)

Business must exercise due diligence to ensure that shareholders’ interests are protected in the event disaster strikes and some industries are subject to regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to, or SLA’s with, their clients that must be met irrespective of a disaster.

There are a number of the important concepts that underlie business continuity planning (BCP) practice; each will contribute towards ensuring that business operations continue uninterrupted in the face of an emergency.

A business organization analysis ensures that every aspect of the business is included and the individuals responsible for leading the BCP process determine which departments and individuals have a stake in the business continuity plan. It is used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.

The team should contain representatives from each of the operational and support departments; IT department; personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and senior management. Their first task would be to review and validate the business organisational analysis initially performed by the team that were spearheading the BCP idea.

Conduct a business impact assessment, to determine the risks that your business faces and that require mitigation; use both quantitative and qualitative assessments and both sets of results used to visualise the impact.

The gap between business impact assessment (BIA) and business continuity planning (BCP) is addressed by analysing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP by designing procedures that will actually mitigate the risks.

The business continuity plan must be approved by senior management, and everyone be trained on their roles in the BCP process.

Test the plan, update the plan and then re-test the plan - re-test atleast onve a year.

You must create the documentation required to ensure that your plan is effectively communicated to present and future BCP team participants and all staff. The BCP training plan should include a plan overview briefing for all employees and specific training for individuals with direct or indirect involvement. In addition, backup personnel should be trained for each key BCP role.

The business continuity plan must contain statements of importance, priorities, organizational responsibility, and urgency and timing. In addition, the documentation should include plans for risk assessment, acceptance, and mitigation, a vital records program, emergency-response guidelines, and plans for maintenance and testing.

Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes ensures the orderly progress of events in an emergency.

Well - think about it - would your company survive a disaster if it happened tomorrow?

Share this

Gold Patrons