BIAs give you the first indication of vulnerabilities within essential business functions. In addition, they also outline worst-case but acceptable downtime projections, including manageable revenue losses due to operational disruptions and how one downed process affects others downstream.
All this information is vital to begin mapping a relevant business continuity plan checklist. With a business impact analysis in place, your organization can move onto the next BCP step — vetting backup and replacement solutions. Recovery and replacement strategies are the backbone of business continuity. Use the key risk areas and dependencies calculated in your BIA to begin exploring tangible infrastructure and service support most pertinent to your needs.
The coverage you select helps protect your domains, closing or securing the operational gaps most at risk in the event of storms, power outages , disrupted supply chains and more.
At this step, your organization should be prepared to roll out its formal BCP. This means institutionalizing the teams, actions and outsourced services picked during step three, plus familiarizing all employees into the new backup strategies and technologies.
In other words, it makes sure your business continuity plan checklist gets the job done — and that employees know what to do when incidents strike.
Regardless of your business type or industry, your business continuity plan should formally include the following:. Once instated, a business continuity plan should be reviewed a minimum of once a year but sometimes as often as once every quarter.
These are best-practice suggestions, though, not black-and-white rules. Disaster recovery plans center on restoring business-critical IT infrastructure — both hardware and software — after an emergency renders them damaged. In fact, O'Donnell suggests you try to break it. This is the only way to improve. Also, ensure the objectives are measurable and stretching. Doing the minimum and 'getting away with it' just leads to a weak plan and no confidence in a real incident.
Many organizations test a business continuity plan two to four times a year. The schedule depends on your type of organization, the amount of turnover of key personnel and the number of business processes and IT changes that have occurred since the last round of testing. Common tests include table-top exercises, structured walk-throughs and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.
A table-top exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein. In a structured walk-through , each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through.
Any weaknesses should be corrected and an updated plan distributed to all pertinent staff. It's also a good idea to conduct a full emergency evacuation drill at least once a year. This type of test lets you determine if you need to make special arrangements to evacuate staff members who have physical limitations. Lastly, disaster simulation testing can be quite involved and should be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel including business partners and vendors who would be needed.
The purpose of a simulation is to determine if you can carry out critical business functions during the event. During each phase of business continuity plan testing, include some new employees on the test team.
Much effort goes into creating and initially testing a BC plan. Once that job is complete, some organizations let the plan sit while other, more critical tasks get attention. When this happens, plans go stale and are of no use when needed. Technology evolves, and people come and go, so the plan needs to be updated, too. Bring key personnel together at least annually to review the plan and discuss any areas that must be modified. Prior to the review, solicit feedback from staff to incorporate into the plan.
Ask all departments or business units to review the plan, including branch locations or other remote units. If you've had the misfortune of facing a disaster and had to put the plan into action, be sure to incorporate lessons learned. Many organizations conduct a review in tandem with a table-top exercise or structured walk-through. There are several steps many companies must follow to develop a solid Business Continuity Plan.
They include:. The BCP document should include key details such as emergency contact information so that team members can contact each other and make plans for resuming operations, on-site if possible, or at home offices and offsite locations.
This includes use of data backup and disaster recovery plans. The BCP should be tested several times to ensure it can be applied to many different risk scenarios.
0コメント