Business continuity plan is a logistical plan showing how a firm or business can recover and restore completely or partially after interruptions of its day to day running activities. Business continuity plan (BCP) prepares a business or firms future occurrences that can put at risk the firms mission and the long run objectives. The occurrences could be earthquakes, pandemic illness, fires or even theft.
BCP is an element of organization learning attempts that can reduce the operational risks that result from lax information management’s control. It can further be integrated by the firm’s reputation risks management practices and improving security.
The BS 25999 was introduced in Britain in 2006 December by the British Standards Institute to slightly assist the BCP of organization information’s security compliance and it extended to all firms of all kinds. The 2004 Civil Contingencies Act in UK was required all local authorities to promote BCP in all its area of operation.
BUSINESS CONTINUITY PLAN
BCP is a kind of manual that is referred to after, during and before a disruption have occurred. It basically reduces the impact of the disruption in terms of duration and scope. The quantifiable businesses impacts include the economical, social, natural and technical impacts. Some of the identifiable interruptions in the world include the anticipated Y2K problem and the September 2001 terrorist attacks among others that required business to have BCPs. The methodology of BCP is dependent on the complexity and size of business. Businesses that do not prepare for disasters run out of business immediately a disaster strikes, evidence from the 1993 bomb attack in the World Trade Center shows that 44% of the businesses closed down while after the 2001 terrorist attack, the firms with well developed BCP were in operation within days after the attack.
A business continuity plan should have five major phases. Theses include:
- Solution design
- Testing and Organization Acceptance
Other considerations that could be incorporated include the risk identification matrix, identification of the peak risk, roles and responsibilities and consideration of the resources reallocation
In development of the BCP, this phase includes the analysis of the impacts, threats and the likely scenarios that’s necessitates the development of the business continuity plan.
Impact analysis results from the differentiation between the non critical and critical organization functions. An impact may be designed as critical by law or if the levels of damage to the stakeholders are unacceptable. The acceptability or unacceptability may be in reference the cost of re-establishing the business or the recovery requirements. The recovery requirements may be in form of the time duration in which the critical function must resume after a disaster, business and technical requirements for recovering from the critical function.
Documentation of the possible threats is essential because each specific threat has its own recovery steps. The possible common threats may include, fire, disease, earthquake, Cyber attack, flood, bribery, hurricane, terrorism, utility outage among others. All the above mentioned threats can have impact on the infrastructure of a firm except disease.
It’s always wise to plan for bigger disasters than the small ones though the small impacts are small elements to bigger disasters. The impacts like the loss of a building is very critical since it can result to termination of all the operation of the business. All the scenarios must be documented in the business continuity plan so that al the precautions can be taken in the future.
Recovery Requirement Documentation
After the analysis phase, a technical and business plan needs to be documented so the implementation phase can begin. The resources must be re-allocated through a viable management programme of all the assets. There may be presence of the incase of emergency data for the information technology intensive business. The people responsible for the recovery efforts must use technical details laid down.
The main objective of this phase is identifying the best cost effective recovery solution which must meet the two basic requirements from the impacts analysis phase. In the computer software application the data needs to preserved in a hard copy so that it can be restored in the plant after a disaster. The solution design phase of business continuity plan determines:
- The structure of the crisis management commands
- Where the relocation of the business will be suited
- Data reproduction methods between the secondary and primary site
- The architecture of telecommunication between the secondary and primary site
- The software and application required at the secondary site
- And the secondary site physical data needs.
This phase involves putting in to place the plans laid down in the solution design phase. This is a very crucial stage of the BCP since a business can fail to be restored if this phase fails.
TESTING AND ORGANIZATIONAL ACCEPTANCE
The major function of this phase is to ensure that the firm BCP satisfies the forms recovery requirements. Plans may fail due to inadequacy recovery requirements, implementation errors or even problems in the solution designs. The testing includes:
- Crisis commands teams call out testing.
- Business processes tests
- Application tests
This involves three activities that are carried out periodically. The initial one is confirmation of that all the data is available for all the staff to be informed and if necessary, they can be trained. The verification and testing of the technical solution that are established is the second activity. The last activity involves verification and testing of the documented organizations recovery procedures.
Testing and information updates needs to carried out to test if the data is efficient and accurate since organizations change with time so should the BCP. Some of the data that should be changed with time includes:
- Staffing persona
- Staffing changes
- Changes in the client contact details
Verification and testing of the technical solutions needs to be carried out in the maintenance phase to check their functionality. Some of the checks that can be carried out include:
- Virus distribution
- Service patch distribution and application security
- Data verification
- Hardware operability checks
In a business continuity plan, one has to ensure that there are enough resources to maintain the critical business functions. It has to ensure that:
- There are motivated and experts people with to mange and lead a business.
- There is access to the key records and the IT systems
- The business can procure services or goods
- The business has be able compensates its workers
- There is reliable means of communications with all the workers.
The BCP for small firms many printed and stored in a place far way from the primary place of work and must contain all the back up data that can assist in making the firm live longer. The business continuity plan should outline the secondary work sites, its readiness, technical requirements, means of work or business recovery, ways of reestablishing the physical records and return to the business successfully
Business continuity planning, retrieved on 7th, September 2007, available at www.cpni.gov.uk/SecurityPlanning/businessContinuity.aspx
Business continuity plan development, retrieved on 7th, September 2007, available at www.continuitycentral.com/bcpd.htm
Wikipedia, the free encyclopedia, retrieved on 7th, September 2007, available at http://en.wikipedia.org/wiki/Business_continuity_planning
Wikipedia, the free encyclopedia, retrieved on 7th, September 2007, available at http://en.wikipedia.org/wiki/Business_continuity_planning”