4 Key Steps to Creating an Effective Business Continuity Plan

 

---

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Earlier this month, Anglepoint joined with Reciprocity for a webinar about the top initiatives information security teams should consider when creating an IT Business Continuity Plan (BCP). A well-constructed, strategic BCP will ensure confidence and clarity in times of uncertainty. Read on for 4 key steps to creating a BCP. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

What is a Business Continuity Plan?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A Business Continuity Plan is an emergency management plan. It ensures that, in the event of an emergency/ disaster (fire, flood, earthquake, etc.), operations will continue, personnel will be taken care of, and assets preserved. However, a BCP is not simply protection against natural disasters. IT companies must plan against malicious ransomware attacks, grocery stores must have an IT BCP in place if main suppliers go under. Anything that could majorly affect operations in some way must be planned for in an information technology disaster recovery plan.  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Businesses who work to create BCP strategies and procedures have confidence in adaptability. This confidence is derived from a tried and refined IT Business Continuity Plan, that has been proven to work effectively. Though several external influences may arise (some are foreseeable, others unexpected), businesses will still have the capability to continue critical operations through a proven IT disaster recovery plan. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Why create a Business Continuity Plan?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Having an up-to-date BCP strategy will help mitigate the effects of any negative occurrence which threatens business infrastructure; internally or externally. A well-constructed IT BCP will provide clearly defined steps on how to respond to these disasters. The goal is to have a plan that will ensure operations continue as productive as possible, with some degree of normalcy in times of uncertainty.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4 key steps to creating a Business Continuity Plan.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1. Risk Assessment

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Identify Stake Holders

 

 

 

 

 

 

 

 

 

 

A Business Continuity Plan strategy does not rest solely on one employee, or even one department. To create an effective BCP, companies must identify key stakeholders and seek their valuable input. Work with stake holder to identify key risks that pertain to their success, and how in the event of a disaster, your partnership could be affected. Discuss ways these risks can be mitigated.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Prioritize Risks

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

One of the most common pitfalls when creating an IT Business Continuity Plan is focusing on the wrong risks. To begin prioritizing risks, first identify potential threats that may impact day-to-day functionality. Consider listing your industry risks, target market, rising trends, geographical area, etc. Once listed, begin prioritizing the risks for your BCP strategy. This may be based on the level of impact, likelihood of occurrence, or other defined criteria. Consider some of the following risks: 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

– Natural Disasters (Earthquakes, Floods, Fires) 
– On-premise accidents (power outage, office relocation) 
– IT Security Threats (Malware, Ransomware, Data Breaches) 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once disaster risks have been identified, and an IT disaster recovery plan has been devised, identify gaps in the BCP strategy through careful review. Encourage collaboration to identify where the disaster recovery plan is weak, then make necessary changes. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2. Business Impact Analysis

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Collaboration is key when creating an effective IT Business Continuity Plan. Not only will this allow others to feel a sense of ownership over the plan, thus making execution more effective, but it will give you a greater understanding into how a disaster may impact other business functions. A Business Impact Analysis (BIA) is a breakdown of how a disaster will affect key areas of the business. It acts as a disaster recovery plan template. This will be most effective if feedback from managers and employees is received personally. Consider: 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

– Seeking to understand different team structures and their tools.  
– Meeting with managers and asking their feedback on how these processes will be affected in the event of a disaster. 
– Developing questionnaires. 
– Conducting workshops to instruct business function and process managers how to complete the BIA. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Strategy and Plan Development

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

When finalizing the IT Business Continuity Plan, it is imperative to document the plan and store the document in a secure location. Consider storing the BCP strategy off-site, in the event of the site location, or documents, experiencing damage/ theft.  Consider including the following elements in your IT BCP: 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

– Develop and plan framework 
– Organize recovery teams 
– Develop relocation plans 
– Write business continuity and IT disaster recovery procedures
– Document manual workarounds
– Assemble plan, validate, gain management approval

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4. Test, Implement, and Maintain

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

To have confidence in your IT Business Continuity Plan, test, re-test, then test again. A strong BCP strategy has undergone testing to identify the weak points. Managers should consider maintenance checks to ensure the BCP strategy is up to date, testing every year. This will provide further confidence in the actionable response items in the IT Business Continuity Plan. Managers/ BCP Teams should also:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

– Conduct orientation exercises 
– Document test results 
– Update IT Business Continuity Plan to incorporate lessons learned from testing and exercises

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Common pitfalls for businesses to avoid.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

– Lack of visibility & support (funding, compliance) from senior management
– Focusing on Tech first and business process priorities second (tech is easily replaceable. Some examples of business process priorities include running payroll, for a company that focuses on developing a software- the tools that you use will be your business process priorities)
– Inadequate Documentation of IT Business Continuity Plan (Have a system in place where employees know)
– Failure to test your BCP strategy (Will not know if the Business Continuity Plan is effective or not. When stuff hits the fan, you want to know your IT BCP is tried and proven).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now, more than ever, organizations need to be prepared. Creating or improving an IT Business Continuity Plan will ensure your business operations proceed, even in the event of disaster. For more helpful info, register for our newsletter.