A Business Continuity Plan (BCP) protects a company during a catastrophic event. Explore what is needed to create one. Click here now.
A business continuity plan (BCP) is a set of actions established by a company to make sure it can protect its personnel and assets and keep its operations going in case of a natural disaster, terrorist attack, or any other catastrophic event.
Business continuity planning is the process of creating a prevention and recovery system for potential threats to a company. Because BCP calls for identifying risks that can affect the company’s operations, it is a major part of the organization’s risk management strategy. As in disaster recovery planning, BCP involves planning for the worst case scenario.
Many different laws either specify or imply requirements for BCPs. Requirements vary according to geography and industry sector, influencing the development and focus of the BCP.
In the US, organizations in industries such as finance, healthcare, utilities, and government, for example, are all subject to various legal requirements for BCPs and how often BCPs must be tested. Across industries, laws expect organizations to exercise due care around the business continuity plan process and strategy, as do shareholders. Business disruptions often lead to lower revenue, higher costs, and reduced profitability. Because of compliance issue, cloud storage is viewed cautiously.
A BCP has the primary purpose of specifying how the business as a whole will survive the catastrophic event. As such, the BCP takes into account questions such as how to safeguard employees, provide physical work space, continue manufacturing processes, and manage shipping and other logistics operations.
Some organizations include a disaster recovery plan (DRP) within the BCP, whereas others manage the BCP and DRP separately. A DRP defines what the organization must do to recover information technology (IT) systems for meeting the company’s technology needs during and after a disaster. A guide to DR services often includes a variety of potential DR as as Service vendors.
Business continuity planning includes many aspects of the traditional business cycle.
Organizations vary in how they manage BCP. Generally speaking, however, business continuity planning – also sometimes referred to as business resiliency planning – consists of four stages.
Organizations typically begin the process of business continuity planning by conducting a business continuity impact analysis (BCIA), which pinpoints specific effects resulting from business disruption and helps the company make decisions around recovery strategies.
The BCIA is either accompanied or followed by a risk assessment (RA), which drills down into the organization’s vulnerabilities and possible responses to specific types of catastrophic events. In the RA, disaster scenarios that could lead to significant injuries should be highlighted to make sure that effective emergency management plans are put in place.
To perform a BIA, a business continuity team consisting of company leaders and/or outside consultants creates a questionnaire which is distributed to the company’s business managers. The questionnaire used in this BCP procedure is designed to identify the operational and financial impacts that would occur from the loss of specific business functions. Impacts might include costs related to cash flow, equipment, and data.
The company also determines the point in time when the loss of a function or process must be recovered before the unacceptable consequences would happen. This point in time is often referred to as the Recovery Time Objective (RTO).
If the BCP includes a DRP, the organization also determines a Recovery Point Objective (RPO) for each function or process. RPO refers to the acceptable latency of data that will not be recovered. For example, is it acceptable for the company to lose 24 hours of data for a particular process?
In the BIA, business functions and processes which would cause the most severe impacts, if lost, receive the highest priority for restoration.
For instance, at a manufacturing firm, the company’s main production operations would likely get higher priority than sales offices in the same building. Without production in progress, the organization would be unable to meet existing sales orders, sooner or later. Also, unlike plant workers, sales employees could work from home temporarily until the crisis is resolved.
Typically, team members suggest allocations of company funding for measures to protect high priority functions and processes.
In starting to formulate a recovery strategy, companies typically identify and document resource requirements based on the BIA. These include:
In this phase of the BC planning life cycle, it’s also common to conduct a gap analysis, aimed at finding gaps between the organization’s current operations and its recovery requirements.
Most importantly at this stage of the game, the organization explores various emergency response and recovery options and selects strategies for formal approval.
For instance, if a fire breaks out, a building is typically evacuated immediately, for example. If a tornado strikes, employee sheltering procedures are put into effect, but if a mass shooting is in progress, the building goes into lock down mode.
Following approval of the recovery strategy, a BCP framework is developed and recovery teams are organized.
The teams help to write procedures for the company’s BCP model and to produce specific recovery plans such as manual workarounds and relocation arrangements.
Manual workarounds come into play when the technology ordinarily used for performing a business function becomes suddenly unavailable.
Let’s say that a customer ordering system goes down when a hurricane strikes the city where the company’s main data center is housed. Until the application is restored at a remote backup center, customer service reps (CSRs) fielding phone calls at satellite locations can resort to a manual workaround. However, the workaround will run more smoothly if the CSRs have already been pre-trained on how to use paper ordering forms during an emergency.r
Strategies can also involve displacing activities elsewhere in a company, contracting with third parties, and forging partnerships for reciprocal agreements.
For instance, if a manufacturing firm owns two production facilities, and only one is damaged by a catastrophic event, manufacturing activities there might be displaced to the second facility, for instance.
The business continuity and recovery teams should also develop plans for crisis communications, including possible interruption of company phone, email, and document management systems during and after a disaster.
The last phase of business continuity management consists of training, testing, exercises, and maintenance.
After employees are trained and a thorough BCP test is completed, the plan should be updated to reflect lessons learned. Organizations should also stay on top of industry regulatory requirements and modify BCPs in accordance with any changes in the laws.
Again, organizations handle business continuity management in various ways. Many, however, create checklists of items that should be included in BCPs. The checklists provide specific information to staff about actions that need to put in place. The following are among the most critical checklists to assemble:
Jacqueline Emigh (pronounced "Amy") is a veteran tech journalist, with literally thousands of published articles to her credit. She is currently a columnist for Internet.com, as well as a frequent writer for a number of other leading magazines and Web sites. She was previously a senior editor at Ziff Davis Media's Sm@rt Partner Magazine. Before that, Jacqueline spent seven years as a bureau chief for Newsbytes News Network, a daily newswire specializing in computer technology. Her work has been translated into dozens of languages.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
