Generally speaking, business continuity plan development involves four steps:
. Performing Risk Assessment
. Developing an emergency response/preparedness plan, detailing requirements and timelines to remove or control identified risks
. Preparing comprehensive procedures, listings of solutions, equipment, applications, etc., needed to assure business continuity
. Choosing either an internal (in-house) or external (outsource) approach to Business Continuity implementation
White Paper:
Ensuring Business Continuity -
When downtime and data loss are
simply not acceptableEnsuring Business Continuity
Business Continuity Development (BCD) is an interdisciplinary methodology to create andvalidate a logistical plan on how a business or organization will recover and/or restoreinterrupted business functions within a predetermined time following disruption.
Business Continuity Development should not be equated with Disaster Recovery. A DisasterRecovery Plan is reactive, and usually focuses on recovering the computing hardwareenvironment or restoring applications thereon. Although disaster recovery may involve somework to harden a computing infrastructure, the plan's main emphasis is on recovery fromdamage within the computing infrastructure. This is often accomplished by utilizing an alternaterecovery site and emergency equipment replacement.
Business Continuity Development comprises how an entire business/organization prepares forfuture natural disasters, or man-made disruptions, that could jeopardize its core mission andoverall health. A subset of Business Continuity, IT Disaster Recovery, concentrates solely on acompany's information technology installations and functions. For today's business, IT DisasterRecovery is no longer enough. Executives and administrators are increasingly asked to mitigate,eliminate or minimize the risks and effects of unplanned outages on the business, and do so ascost-effectively as possible. Solutions are required for the business and its IT to assure that allassets - including data and applications - remain mostly available despite the risks and effectsof unplanned outages. That is what a good Business Continuity Plan accomplishes.
Objectives of Business Continuity Development
During a natural disaster or business disruption, time can be the scarcest corporate resource.Business Continuity Development can produce executable plans for each critical business processin the company, establish priorities and linkages among these plans, and allow the organizationto quickly retrieve and implement recovery programs as needed. Specific BCD objectivesinclude the following:? Reduce the likelihood of disruption in the business management process? Minimize the impact of such disruption when it does occur? Ensure that staff members know their individual responsibilities? Address potential failures within the supply chain? Preserve and maintain customer relationships? Mitigate negative publicity? Protect the organization's market share and/or competitive advantage? Protect profits and revenue while avoiding financial losses? Prevent or reduce potential damage to reputation and image? Protect critical business activities and ensure that related services are maintained? Enhance the ability to recover quickly and efficiently, as well as to return to normaloperations following a disruption? Satisfy legislative and regulatory requirements
2Selecting the Development Team
The Business Continuity Plan will guide an organization through multiple evaluations of theactivities, processes and solutions that constitute "normal operations." To help reach that goal,management should appoint a core development team, with representatives from all criticalareas and functions. The team will be responsible for overseeing each step in the continuityprocess, as outlined below.
Steps in the Business Continuity Plan
Generally speaking, business continuity plan development involves four steps:1. Performing Risk Assessment2. Developing an emergency response/preparedness plan, detailing requirements andtimelines to remove or control identified risks3. Preparing comprehensive procedures, listings of solutions, equipment, applications,etc., needed to assure business continuity4. Choosing either an internal (in-house) or external (outsource) approach to BusinessContinuity implementation
Performing Risk Assessment
Risk assessment involves identification of threats, vulnerabilities, risks and the potentialbusiness impact of a disruption to each. It is an in-depth review of resources and operationsthat the organization considers critical to meeting its goals. This can involve analyzing strategicrisks, financial risks, legal risks, operational risks and technology risks. During the assessment,five basic questions must be answered.1. What are we trying to protect? (system inventory and definition)2. What are we trying... [download for more]
