Business continuity planning involves four distinct phases: project scope and planning, business impact assessment, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.
In the business organization analysis, the individuals responsible for leading the BCP process determine which departments and individuals have a stake in the business continuity plan. This analysis is used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.
The BCP team should contain, at a minimum, representatives from each of the operational and support departments technical experts from the IT department; security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management. Additional team members depend on the structure and nature of the organization.
Business leaders must exercise due diligence to ensure that shareholder’s interests are protected in the event disaster strikes. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that must be met, before and after a disaster.
The five steps of the business impact assessment proecess are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization.
During the strategy development phase, the BCP team determines which risks will be mitigated. In the provisions and the processes phase, mechanisms and procedures that will mitigate the risks are designed. The plan must be approved by senior management and implemented. Personnel must be also receive training on their roles in the BCP process.
Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the “it’s in my head” syndrome and ensures the orderly progress of events in an emergency.
