Business Continuity Plan

From Open Risk Manual
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Definition

A Business Continuity Plan (BCP) is a component of Business Continuity Management. It is a comprehensive written plan of action that sets out the procedures and systems necessary to continue or restore the operation of an organisation in the event of a Business Disruption [1]. It documents procedures that guide the organization to respond, recover, resume and restore to a pre-defined level of operation following disruption.

BCP Objectives

Business continuity plans:

  • establish the roles and allocate responsibilities for managing operational disruptions
  • set out the decision-making authority and define the triggers for invoking the organisation’s Business Continuity Plan.
  • provide clear guidance regarding the succession of authority in the event of a disruption that disables key personnel (Human Continuity)
  • provide detailed guidance for implementing the Business Recovery Strategy

BCP Elements

Business Continuity Plans may include any of the following elements[2],[3]:

  • Defined crisis management organization and escalation protocols, and crisis communication strategies.
    • Business continuity management professionals.
  • Business Impact Analysis
    • Description of Business
    • Identification of Critical Processes and Applications
  • Business Continuity Contingency Arrangements
  • Recovery Times Objectives and Recovery Point Objectives
  • Infrastructure and Space Requirements
  • Business Interdependencies
  • Contact Information

BCP Design

A business continuity plan will be defining a number of concepts:

BCP Governance

  • An annual, often independent, review of the BCP.
  • Defined global and regional governance bodies and executive ownership of (responsibility for) business continuity management
  • Accountability to the firm’s board of directors, reporting through the audit committee, risk committee or operating committee.
  • Maintenance and review to respond to changing client requirements, emerging risks and changes to the firm.

Tools and Resources supporting the BCP

  • A training and awareness program for all staff.
  • A 24-hour monitoring system and network.
  • Contingency Backup Sites (dedicated, fully operational etc). Instantaneous replication and off-site storage of data also stored on the in-house network. (Iincluding also periodic backup of critical information, with real-time storage in multiple secure locations for the most critical information)

See Also

References

  1. BCBS, High-level principles for business continuity, August 2006
  2. Business Continuity Planning and Crisis Management, FRBNY, 2015
  3. Market Intermediary Business Continuity and Recovery Planning, IOSCO, 2015
Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Business_Continuity_Plan&oldid=16339"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki