Business Continuity Plan
From Open Risk Manual
Contents
Definition
A Business Continuity Plan (BCP) is a component of Business Continuity Management. It is a comprehensive written plan of action that sets out the procedures and systems necessary to continue or restore the operation of an organisation in the event of a Business Disruption [1]. It documents procedures that guide the organization to respond, recover, resume and restore to a pre-defined level of operation following disruption.
BCP Objectives
Business continuity plans:
- establish the roles and allocate responsibilities for managing operational disruptions
- set out the decision-making authority and define the triggers for invoking the organisation’s Business Continuity Plan.
- provide clear guidance regarding the succession of authority in the event of a disruption that disables key personnel (Human Continuity)
- provide detailed guidance for implementing the Business Recovery Strategy
BCP Elements
Business Continuity Plans may include any of the following elements[2],[3]:
- Defined crisis management organization and escalation protocols, and crisis communication strategies.
- Business continuity management professionals.
- Business Impact Analysis
- Description of Business
- Identification of Critical Processes and Applications
- Business Continuity Contingency Arrangements
- Recovery Times Objectives and Recovery Point Objectives
- Infrastructure and Space Requirements
- Business Interdependencies
- Contact Information
BCP Design
A business continuity plan will be defining a number of concepts:
BCP Governance
- An annual, often independent, review of the BCP.
- Defined global and regional governance bodies and executive ownership of (responsibility for) business continuity management
- Accountability to the firm’s board of directors, reporting through the audit committee, risk committee or operating committee.
- Maintenance and review to respond to changing client requirements, emerging risks and changes to the firm.
Tools and Resources supporting the BCP
- A training and awareness program for all staff.
- A 24-hour monitoring system and network.
- Contingency Backup Sites (dedicated, fully operational etc). Instantaneous replication and off-site storage of data also stored on the in-house network. (Iincluding also periodic backup of critical information, with real-time storage in multiple secure locations for the most critical information)
See Also
- Business Continuity Guidelines, an overall organization of various approaches to Business Continuity
- Business Continuity Glossary, a compilation of terms grouped by Business Continuity topics
- Business Continuity Resources, collection of (external) resources around Business Continuity and Crisis Management