BUSINESS CONTINUITY PLAN

Similar documents
How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Business Continuity and Disaster Recovery Planning

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Planning

Table of Contents... 1

Desktop Scenario Self Assessment Exercise Page 1

Business Continuity Planning (800)

Business Continuity Management For Small to Medium-Sized Businesses

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Business Continuity Plan Template

Business Continuity and Disaster Planning

Business Continuity Planning and Disaster Recovery Planning

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

CISM Certified Information Security Manager

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Protecting your Enterprise

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity and Disaster Recovery Planning

Good Security. Good Business

NHS 24 - Business Continuity Strategy

Disaster Recovery and Business Continuity Plan

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Business Continuity Plan

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Business Continuity Business Continuity Management Policy

Business Continuity Planning Guide

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Emergency Response and Business Continuity Management Policy

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Statement of Guidance

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

BUSINESS CONTINUITY POLICY

Intel Business Continuity Practices

BUSINESS CONTINUITY PLANNING GUIDELINES

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

BCP and DR. P K Patel AGM, MoF

Disaster Recovery Planning

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Planning for Risk Reduction

Building a strong business continuity plan

BUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers

PBSi Business Continuity Planning

DISASTER RECOVERY Steps You Need to Take (Before It s Too Late)

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Management

Business continuity plan

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Creating a Business Continuity Plan for your Health Center

Business Continuity (Policy & Procedure)

Business Continuity Planning in IT

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein

An Introduction to. Business Continuity Planning

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

External Supplier Control Requirements BCM

Ohio Conference for Payroll Professionals Disaster Recovery

FORMULATING YOUR BUSINESS CONTINUITY PLAN

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Bus incident management planning: Guidelines

Overview of how to test a. Business Continuity Plan

Business Continuity Planning advice for Businesses with employees

Coping with a major business disruption. Some practical advice

November 2007 Recommendations for Business Continuity Management (BCM)

Disaster Recovery. Hendry Taylor Tayori Limited

Business Unit CONTINGENCY PLAN

The ultimate guide to business continuity and disaster recovery

Business Continuity Plan

Business Continuity Glossary

Business Continuity Plan Guidance and Template to support Small Businesses

JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY

Unit Guide to Business Continuity/Resumption Planning

A Business Continuity Plan for Government. George Bomar Dianne Casey Texas Department of Licensing and Regulation

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Guideline on Business Continuity Management

Planning for Disaster Disaster

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning for Schools, Departments & Support Units

How To Manage A Disruption Event

ASX SETTLEMENT OPERATING RULES Guidance Note 10

BUSINESS CONTINUITY GUIDE FOR SMALL BUSINESSES

BUSINESS CONTINUITY PLAN OVERVIEW

Planning for Disaster. Ramesh Ramani CISM CGEIT 02 June 2010

Transcription:

How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%.

TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER WRITING YOUR BUSINESS CONTINUITY PLAN CHAPTER NEED HELP ENSURING YOUR COMPANY IS PREPARED FOR INTERRUPTIONS AND DISASTERS? CHAPTER WHY YOU SHOULD READ THIS GUIDE numerous scenarios will best aid responders. A disaster or interruption can occur at PLAN, WRITE, AND REVIEW any time without any warning your The first step in drafting a BCP is to company s survival depends on the plan by assessing the status quo. steps you take to prepare for these Some things you will need to think potentially catastrophic events. The about are: most effective preparation takes the form of a written document called a What does your company hope Business Continuity Plan (BCP). to accomplish by creating and adopting a BCP? This document serves as a guide to writing a formal BCP for your What informal mechanisms are company, which will help minimise already in place to minimise losses recovery time and losses in the event during a disaster or interruption? of a disaster or interruption. About the Author FORMAL INSTRUCTIONS ARE Next, you will strengthen current strategies and develop new ones to Stuart Mills, Head of Solutions Marketing for Hosting at Macquarie Telecom has 22 years experience working in customer-facing roles for a range of Service Providers offering Systems Integration, Telecoms, Managed Services, Hosting Services and Cloud. Over that time Stuart has been instrumental in delivering Managed Services solutions to a wide range of major Australian and international online, corporate and government clients. CRUCIAL A BCP is a valuable tool for your company, but its effectiveness is determined by how thorough and clear the document is. A concise, step-by-step guide addressing more effectively mitigate the adverse effects of disasters and interruptions. Use this guide to help you decide how to prioritise efforts and minimise recovery time, then write your plan thoroughly document your strategies SUMMARY P2

and include all necessary additional information. Finally, review the plan. Your company and the environment will change frequently; you will need to test and modify your plan continuously to ensure its effectiveness. YOUR COMPANY AND THE ENVIRONMENT WILL CHANGE FREQUENTLY; YOU WILL NEED TO TEST AND MODIFY YOUR PLAN CONTINUOUSLY TO ENSURE ITS EFFECTIVENESS. SUMMARY P3

CHAPTER WHAT IS A BUSINESS CONTINUITY PLAN? notice, forcing you to respond quickly without time to coordinate your response. Having a BCP in place means your company has a tried and tested plan and responders know exactly what to do. There will be less chaos and a quicker return to normalcy. It is more than likely that you will use a BCP. In 21, 61% of companies with a BCP invoked it [3]. With a BCP in place, your company will: Avoid having to make impulsive decisions under stressful conditions. Weather-related natural disasters seem to be increasingly common Remain competitive. and more severe. Economic losses from earthquakes and cyclonic Retain current customers and wind damage alone are expected increase customer base. A Business Continuity Plan (BCP) DRP, which provide instructions to amount to $180 billion per year keeps your company up and running for IT infrastructure recovery, is a throughout the 21 st century [1]. Be prepared. in the event of an interruption or crucial component of the BCP, which Showing clients and customers crisis, from a day-long loss of encompasses recovering from all that you are prepared to handle You have the ability to decrease power to irreparable building or aspects of adverse events. This can unexpected events with potentially adverse effects of disaster by facility damage. Step-by-step, a include facilities and plant damage, disastrous outcomes gives you the enabling operations to resume BCP explains the procedures for loss of materials and equipment, and kind of competitive edge needed to smoothly and quickly with a BCP. continuing operations without affected personnel as well as data bring you more business. The following section will detail interruption or recovering operations recovery. steps to developing a BCP for your as quickly as possible. WHAT IS THE DIFFERENCE BETWEEN A BUSINESS CONTINUITY PLAN AND A DISASTER RECOVERY PLAN? Disaster Recovery Plans (DRPs) and BCPs are often mistakenly considered to be interchangeable. In fact, the WHY DOES MY COMPANY NEED A BUSINESS CONTINUITY PLAN? Your company needs a BCP in order to remain competitive and profitable in the event of a disaster. Disasters can strike at a moment s Without a BCP, your business as a whole is in danger. In 23, 87% of executives surveyed indicated they had a BCP in place in case of disaster or threat [2]. Without a BCP, your company is drastically under-prepared compared to your competitors, which leaves you at risk of not only losing profits, but also customers. company. WHAT IS A BUSINESS CONTINUITY PLAN? P4

CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN Some possible risks include, but are not limited to: Fire. Explosion. Natural disaster. Pandemic disease. business that must be running in order to deliver your company s key products and services and otherwise meet objectives. STEP 3: ASSESS IMPACTS In the event of the risks considered in Step 1, what would happen to each of these critical process and functions? It is recommended that a BIA survey is distributed to key personnel and Utility outage, prolonged or due to managers, asking them to list the impacts routine maintenance. of an interruption and, importantly, how There is significant preparation that must take place before a CONDUCTING A BUSINESS IMPACT ANALYSIS Mechanical breakdown. long a process must be interrupted in order to be impacted. This is called the Recovery Time Objective (RTO). For comprehensive BCP can be written. Supplier failure. example, an IT network outage may have A Business Impact Analysis (BIA) In the event of an interruption, your an immediate impact, whereas a power is necessary in order to identify company needs to keep critical Cyber attack. outage could take several hours to impact your company s critical business processes and functions running in business depending on availability of processes and functions and order to minimise losses. But which Flood. backup power supplies. Some impacts to potential impacts on these processes critical processes are at risk? And consider are: and functions during a disaster or which should be protected and/or Loss or illness of key personnel. interruption. You are then ready to restored first? A thorough BIA will Loss/delay of sales. consider how these critical processes and functions will be supported and recovered if interrupted and who will be responsible for their recovery. These tasks are complex undertakings, but crucial to developing a sound and effective BCP. answer these questions and set the stage for your BCP. STEP 1: CONSIDER THE RISKS YOUR COMPANY FACES Any number of events could disrupt your company s day-to-day operations. Consider large-scale disasters as well as short-term, routine interruptions. The risks your company is susceptible to will vary depending on the type of business you conduct as well as geographical location. STEP 2: IDENTIFY CRITICAL BUSINESS PROCESSES AND FUNCTIONS Critical business process and functions are the components of Increased expenses, such as overtime or expedited shipping costs. Penalties for failing to comply with regulations or meet contractual obligations. PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN P5

Loss of reputation. Equipment and machinery. STEP 4: PRIORITISE PROCESSES AND FUNCTIONS Critical business processes and functions should be ordered by significance of impact on operation in case of interruption. This way, the continuity and/or recovery of processes whose disruption would cause the highest potential financial or operational impact can be prioritised in the BCP. IDENTIFYING RESOURCES, RECOVERY STRATEGIES, AND RESPONSIBLE PERSONNEL You are now ready to arm yourself with protective resources. What is needed in order to support your company s critical processes and functions if they are interrupted? Consider the following and adjust as necessary. Employees. Office/production space. Access to records and data, both electronic and paper. Materials. Next, think of how these resources will be provided to your company in a time of need; these are your recovery strategies. For example, recovery strategies for a resource such as office space could be having employees work from home, from another branch, or from a third-party provided space. Recovery strategies will depend on your company s unique organisation and needs. It is at this point that you should start to develop a comprehensive DRP in close consultation with your IT department. As a final stage in the planning process, decide who will be responsible for implementing the BCP; this will be your recovery team. It is essential that tasks are assigned based on job positions rather than individual people in order to anticipate likely changes in personnel over time. WHAT IS NEEDED IN ORDER TO SUPPORT YOUR COMPANY S CRITICAL PROCESSES AND FUNCTIONS IF THEY ARE INTERRUPTED? PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN P6

CHAPTER WRITING YOUR BUSINESS CONTINUITY PLAN Specialists who can aid in the recovery. The recovery team themselves. The easier it is to reach key personnel, the sooner your recovery team can begin action. In addition, time can be saved by arranging a calling tree. can also function during short-term interruptions. It is equally as necessary to know who has the power to decide whether a BCP will be carried out under these circumstances. PART 4: RECOVERY PROCEDURES There are three steps involved in enacting recovery procedures: First Response, Recovery Phase, and Post- PART 3: HOW TO USE THE PLAN Recovery Phase. This may seem like a trivial inclusion, but a crucial component of handling FIRST RESPONSE disasters or interruptions is knowing Of course, an organisation s Armed with a thorough first part of the BCP should contain whether to put a continuity plan into employees are its most important understanding of your company s clear objectives to provide a starting effect. If a disaster is unnecessarily assets and the first component of any vulnerabilities and how they can point for your recovery team, motivate declared, this could cost the company response should be to ensure safety be protected, you are now ready them, and keep them on track, greatly valuable time and money. Therefore, of personnel. In addition to ensuring to create your company s lifeline reducing recovery time. Clearly the steps needed to declare a disaster safety, it is recommended that this in the face of adverse events or indicate prioritised business processes must clearly be enumerated. section include a checklist containing interruptions. This section functions and functions along with their RTOs. at least the following: as a template for the BCP. Remember What information needs to be gathered to be clear and concise; instructions PART 2: DIRECTORY OF KEY before a disaster can be declared? Inform senior management, will be easier to understand and PERSONNEL authorities, and clients or follow in stressful conditions if they It is recommended that contact Who should gather this information? customers if necessary. contain the minimum amount of information for key personnel be information necessary. PART 1: OBJECTIVES In the event of a worst case scenario, employees will be faced with an overwhelming task getting an entire company back up and running. The placed in a table at the beginning of the BCP. You will need contact information for: Executives and other personnel who need to be informed that a disaster has been declared. Who has the authority to declare a disaster or set the BCP into action? Remember that a BCP is not only for use during what are traditionally called disasters, such as natural disasters or IT infrastructure failure. A BCP Gather recovery team. Assess damage to critical processes. Prevent further damage to critical processes. WRITING YOUR BUSINESS CONTINUITY PLAN P7

RECOVERY PHASE a new building is constructed or Were the overall goals of the BCP met? instructions as to how often a plan A BCP will be most effective if it attained. A Post-Recovery Phase may should be tested. includes recovery procedures for the include the following: How effective was the BCP in restoration/continuity of all critical meeting RTOs? Some areas to test include: processes and functions. It is possible that a given interruption or disaster Permanent repair of damage. How could the plan be made more Consistency and accuracy of First will only affect a subset of processes, Replacement of damaged materials, efficient? Response. but if exhaustive recovery procedures are included, your company has better equipment, facilities. Could the plan be written more Ability to implement recovery chances of surviving an unexpected Notification of insurance clearly? procedures in a timely manner event of large magnitude. companies. (e.g. relocation of employees, What was the financial toll of the implementation of data recovery It is recommended that information Return of employees to main site. recovery process? procedures). in this section be organised by risk scenario, for example, Loss Notification of suppliers, clients, PART 6: TRAINING AND TESTING Communication between recovery of Building, Loss of Data, Loss of customers, and media of end of No plan will be effective unless your team and managers of impacted Utilities, etc. Instructions should incident and return to normal company is prepared to enact it. critical processes. contain clear indication of magnitude operations. Include a training plan in your BCP of impact (high, medium, or low), and train your current recovery team. Ability of plans to adapt to functions affected, step-by-step PART 5: PLAN EVALUATION It will be necessary to routinely train unexpected scenarios. actions to be taken, resources Some of the most effective business new employees as well as veterans available, and responsible personnel. continuity planning comes from when the plan is updated. Record results of tests in your BCP those who have experienced an and use the results to modify the plan. POST-RECOVERY PHASE interruption or disaster; therefore, Similarly, your plan cannot be a Once the recovery phase has been it is extremely valuable to evaluate trusted source of protection unless it PART 7: MAINTENANCE completed, steps must be taken to your BCP s effectiveness after has been thoroughly tested. Develop As your company changes and return your company to normalcy. This can take significant time and procedures enacted during the recovery stage may stay in place longterm. For example, if a building is lost, employees will need to continue working at alternate locations until use. This evaluation helps adjust a plan, increasing mitigation of future disasters and interruptions. Members of the recovery team and managers of critical processes should be asked follow-up questions such as: testing exercises, such as modular simulations or tabletop walk-throughs and conduct them frequently; develop a comprehensive simulation test and conduct it when the plan is adopted for the first time and less frequently thereafter. Be sure to include adapts to the current market, so will its organisation, processes, and functions. Your BCP needs to be adapted, too, through routine maintenance. Simple elements such as contact information can have a drastic effect if not updated. Include WRITING YOUR BUSINESS CONTINUITY PLAN P8

a maintenance and update schedule detailing how often the plan should be assessed. REVIEWING AND ADOPTING THE BUSINESS CONTINUITY PLAN After the BCP has been written, it must be reviewed and approved by key personnel such as executives and the current recovery team. Once the plan has been officially adopted, it should be distributed digitally and in print to relevant staff. AS YOUR COMPANY CHANGES AND ADAPTS TO THE CURRENT MARKET, SO WILL ITS ORGANISATION, PROCESSES, AND FUNCTIONS. WRITING YOUR BUSINESS CONTINUITY PLAN P9

CHAPTER NEED HELP ENSURING YOUR COMPANY IS PREPARED FOR INTERRUPTIONS AND DISASTERS? Macquarie Telecom s LAUNCH Disaster Recovery and Disaster Avoidance solutions are reliable turnkey solutions that help your company mitigate losses by running smoothly in the face of interruptions and disasters. REFERENCES: [1] Natural Disasters Have Cost the Global Economy $2.5 Trillion Since 2000. http:// www.businessinsider.com/un-naturaldisasters-cost-25-trillion-23-5 Business Insider. 23. [2] AT&T releases results from its 23 WANT TO LEARN MORE ABOUT HOW LAUNCH CAN HELP YOUR COMPANY STAY UP AND RUNNING? WANT TO LEARN MORE ABOUT HOW LAUNCH CAN HELP YOUR COMPANY STAY UP AND RUNNING? Contact Macquarie Telecom on 1800 0 943 or visit www.macquarietelecom.com/products/ launch-hosting Business Continuity Study. http://www. continuitycentral.com/news06811.html Continuity Central. 23. [3] Balaouras, Stephanie. The State of Business Continuity Preparedness. http://www.drj.com/images/surveys_pdf/ forrester/21_forrester_sobc.pdf Disaster Recovery Journal. 22. WANT MORE HELP TO PREPARE TO INERRUPTIONS AND DISASTERS? P10

24 Macquarie Telecom, All Rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information