Business Continuity Plan Writing Tutorial
Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.
Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.
In plain language, BCP is working out how to stay in business in the event of disaster. Incidents include local incidents like building fires, regional incidents like earthquakes, or national incidents like pandemic illnesses.
BCP may be a part of an organizational learning effort that helps reduce operational risk associated with lax information management controls. This process may be integrated with improving information security and corporate reputation risk management practices.
In December 2006, the British Standards Institution (BSI) released a new independent standard for BCP — BS 25999-1. Prior to the introduction of BS 25999, BCP professionals relied on BSI information security standard BS 7799, which only peripherally addressed BCP to improve an organization's information security compliance. BS 25999's applicability extends to organizations of all types, sizes, and missions whether governmental or private, profit or non-profit, large or small, or industry sector.
In 2007, the BSI published the second part, BS 25999-2 "Specification for Business Continuity Management", that specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS).
Contents
- 1 Introduction
- 2 Analysis
- 3 Solution design
- 4 Implementation
- 5 Testing and organizational acceptance
- 6 Maintenance
- 7 See also
- 8 References
- 9 Further reading
- 10 External links
A completed BCP cycle results in a formal printed manual available for reference before, during, and after disruptions. Its purpose is to reduce adverse stakeholder impacts determined by both the disruption's scope (who and what it affects to what extent) and duration (e.g., hours, days, months). Measurable business impact analysis (BIA) "zones" -- areas in which hazards and threats reside -- include civil, economic, natural, technical, secondary and subsequent.
For the purposes of this article, the term disaster will be used to represent natural disaster, human-made disaster, and disruptions.
Threat Analysis
After defining recovery requirements, documenting potential threats is recommended to detail a specific disaster’s unique recovery steps. Some common threats include the following:
- Disease [1]
- Earthquake [2]
- Fire
- Flood [3]
- Cyber attack
- Sabotage
- Hurricane [4]
- Utility outage [5]
- Terrorism [6]
All threats in the examples above share a common impact: the potential of damage to organizational infrastructure - except one (disease). The impact of diseases can be regarded as purely human, and may be alleviated with technical and business solutions.
Testing and verification of technical solutions
As a part of ongoing maintenance, any specialized technical deployments must be checked for functionality. Some checks include:
- Virus definition distribution
- Application security and service patch distribution
- Hardware operability check
- Application operability check
- Data verification
No comments:
Post a Comment