A Business Continuity Plan (BCP) outlines the approach to be taken if and when the business is hit by adverse conditions (man-made or natural disasters). A BCP is not just a disaster recovery procedure. It is a plan to ensure that the normal day-to-day business transactions continue to function even in the event of failure of one or more systems that are critical to the operation of business.
1. Identify the risks / threats to business
Threats may be from natural elements such as fire, flood, storm or earthquake. Theft, network issues, employees’ strike, issues with the supplier / distributor, economic / political influences in the country and power supply disruption may also disturb the business. When such hazards arise, the business should have a BCP for damage control to ensure that the services provided to customers are not affected.
2. Analyze threats
Study each threat and identify the business functions impacted by it. Some threats such as natural disasters may affect the infrastructure, while other such as disruption in the supply chain may affect the volume of business.
3. List measures to be taken proactively to ward off threats
Some threats can be averted by having a strong security system in place, building a work culture to ensure employee satisfaction and enforcing safety regulations while handling risk-prone equipment.
4. Set up a BCP team
Set up a team, assign responsibilities and train the members to spring into action as soon as disaster occurs. Have a team member to send alerts and notifications to the relevant personnel when the need arises.
5. Backup and recovery options
When there is an application, network or database server failure, there should be back-up servers or mirror servers to ensure continuity of service.
6. Document contacts
The BCP should specify the location of a document containing a list of persons / service providers to be contacted when there is a major problem interrupting the business. The list will include contact information of key vendors, managers, consultants, attorneys, financiers etc.
7. Identify key equipment and documents
Documents and software / hardware systems that are critical for the business to function smoothly should be listed (and constantly updated). The business should have a maintenance program in place to check the health of critical equipment periodically.
8. Communication plan
In the event of a disaster, the business should have a plan to establish communication between the various key entities. For example, if there is a storm, identify which employees may telecommute and arrange for remote login or Virtual Private Network. If the primary location of business is affected and employees need to work from a secondary site, the communication plan will help to pass-on information efficiently.
9. Identify thresholds for time and data loss
Analyze the maximum time that the system can afford to be shut down without impacting business. Analyze and document the critical data without which the business cannot function.
10. Exercise, test and obtain acceptance
The contingency and recovery plans outlined in the BCP should be verified and accepted internally by executing and testing them (like a fire drill). Bring down a critical system and perform the steps outlined in the BCP to test if the solution is effective.
A BCP should be reviewed and revised periodically to keep it up to date. Allocate a budget for business continuity design, planning and training.
To get started, consider using a professional Business Continuity Plan Template as this will highlight the business considerations and processes involved.