Business Continuity Planning (BCP)
Business continuity planning is defined as a process that provides a quick and smooth restoration of operations after an event. Business continuity planning takes a broader approach to the problem and is a major component of risk management. It can also be defined as a process to identify an organization's exposure to internal and external threats, and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity.
Business continuity planning includes the following steps:
- Project initiation
- Business impact analysis
- Recovery strategy
- Plan design and development
- Implementation
- Testing
- Maintenance
Objectives of Business Continuity Plan
A business continuity plan is designed to address specific business objectives or scope. These objectives should be outlined in the plan, and reflect the approval of senior management. Each of the objectives should be specific, for example “to restore web site,” and measurable, example “within one business day.”
If the business continuity objectives are not well written in the plan or scope is not properly frozen, the plan cannot be properly evaluated.
Will Business Continuity Plan Work
We can say that the business continuity plan can call for the restoration of financial systems within half a day. If the data center supporting these functions is destroyed by an earthquake, or intentional human plan, can essential financial activities be restarted within the half-day recovery window? If the answer is no, then the plan objective is too ambitious, or the recovery scheme is inadequate. In either case, the plan will not work.
Relevancy of Business Continuity Plan for the Employees
Business Continuity Plan should be relevant to the employees of the organization and the answers to the following questions should be affirmative.
- Are employees aware of and familiar with the business continuity plan?
- Did they give their inputs for the development of the plan?
- Do they fully understand their specific roles in the event of plan being invoked?
- Are employees comfortable with the extent of training provided and preparation?
- Do they have any reservations or questions regarding the viability of the plan?
Business Impact Analysis
We can say that business continuity plan is the outcome of a business impact analysis (BIA) process.
The purpose of a BIA is to identify the following:
- A organization’s critical business processes or functions
- The threats to the critical functions
- Any risk related to them
- The financial impact of a disaster
Armed with the information, we as business continuity professionals can design strategies to minimize the impact of a major disruption coming their way, and to expedite recovery of the functional tasks. Like a business continuity plan, the typical BIA also suffers from a short shelf life, and must be periodically updated. If the company’s BIA is more than a year old, a new analysis should be done and should be followed by an immediate update of the company’s business continuity plan.
Business Continuity Plan Maintenance and Change Management
To remain viable and fully updated, a business continuity plan must be revised along with major organizational, system, or business changes.
These changes can include the following:
- The opening of a new workshop
- The introduction of servers
- The passage of new laws and regulations
Any change that is going to affect critical/ key business functions or processes should trigger an automatic review and updation of the said BCP.
Frequency of Testing Business Continuity Plan
To remain current and viable, a business continuity plan must be regularly tested. The testing does not have to be extensive. In many cases, full scale tests, especially those involving IT facilities, can be replaced by smaller-scale, tabletop exercises. The mentioned scenario-based tabletop drills are especially useful in establishing an organization’s ability to adapt to a rapidly evolving disaster environment. After all when the real world disaster hits, it may be necessary to rewrite portions of the business continuity plan, literally on the fly.
