Difference between revisions of "Business Continuity Plan"

From Open Risk Manual
 
(No difference)

Latest revision as of 12:30, 16 October 2020

Definition

A Business Continuity Plan (BCP) is a component of Business Continuity Management. It is a comprehensive written plan of action that sets out the procedures and systems necessary to continue or restore the operation of an organisation in the event of a Business Disruption [1]. It documents procedures that guide the organization to respond, recover, resume and restore to a pre-defined level of operation following disruption.

BCP Objectives

Business continuity plans:

  • establish the roles and allocate responsibilities for managing operational disruptions
  • set out the decision-making authority and define the triggers for invoking the organisation’s Business Continuity Plan.
  • provide clear guidance regarding the succession of authority in the event of a disruption that disables key personnel (Human Continuity)
  • provide detailed guidance for implementing the Business Recovery Strategy

BCP Elements

Business Continuity Plans may include any of the following elements[2],[3]:

  • Defined crisis management organization and escalation protocols, and crisis communication strategies.
    • Business continuity management professionals.
  • Business Impact Analysis
    • Description of Business
    • Identification of Critical Processes and Applications
  • Business Continuity Contingency Arrangements
  • Recovery Times Objectives and Recovery Point Objectives
  • Infrastructure and Space Requirements
  • Business Interdependencies
  • Contact Information

BCP Design

A business continuity plan will be defining a number of concepts:

BCP Governance

  • An annual, often independent, review of the BCP.
  • Defined global and regional governance bodies and executive ownership of (responsibility for) business continuity management
  • Accountability to the firm’s board of directors, reporting through the audit committee, risk committee or operating committee.
  • Maintenance and review to respond to changing client requirements, emerging risks and changes to the firm.

Tools and Resources supporting the BCP

  • A training and awareness program for all staff.
  • A 24-hour monitoring system and network.
  • Contingency Backup Sites (dedicated, fully operational etc). Instantaneous replication and off-site storage of data also stored on the in-house network. (Iincluding also periodic backup of critical information, with real-time storage in multiple secure locations for the most critical information)

See Also

References

  1. BCBS, High-level principles for business continuity, August 2006
  2. Business Continuity Planning and Crisis Management, FRBNY, 2015
  3. Market Intermediary Business Continuity and Recovery Planning, IOSCO, 2015