• Search Search Please fill out this field.
  • Business Continuity Plan Basics
  • Understanding BCPs
  • Benefits of BCPs
  • How to Create a BCP
  • BCP & Impact Analysis
  • BCP vs. Disaster Recovery Plan

Frequently Asked Questions

  • Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

business continuity plans must be expanded to include all except

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

  • Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
  • BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
  • BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

  • Determining how those risks will affect operations
  • Implementing safeguards and procedures to mitigate the risks
  • Testing procedures to ensure they work
  • Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's information technology system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How To Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

  • Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
  • Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
  • Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
  • Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

  • The impacts—both financial and operational—that stem from the loss of individual business functions and process
  • Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15 - 17.

Ready. “ IT Disaster Recovery Plan .”

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15-17.

business continuity plans must be expanded to include all except

  • Terms of Service
  • Editorial Policy
  • Privacy Policy
  • Your Privacy Choices

5 Step Guide to Business Continuity Planning (BCP) in 2021

A business continuity plan provides a concrete plan to maintain business cohesion in challenging circumstances. Click here for the key steps that can help you formulate a formidable BCP.

A business continuity plan (BCP) is defined as a protocol of preventing and recovering from potentially large threats to the company’s business continuity. This article explains what a business continuity plan is today, its key benefits, and a step-by-step guide to creating a formidable plan.

Table of Contents

What is a business continuity plan (bcp), key benefits of having a business continuity plan, step-by-step guide to building a formidable business continuity plan (bcp) in 2021.

A business continuity plan (BCP) is a protocol of preventing and recovering from potentially large threats to the company’s business continuity. Such a plan often aims to address the need for updated business norms and operational standards in unpredictable circumstances such as natural disasters, data breach/ exposures, large scale system failures etc. The goal of such a plan is to ensure continuity of business with no or little damage to regular working environments, including job security for its employees.

It covers everything from business processes, human resources details, and more. Essentially a BCP provides a concrete plan to the organization to maintain business continuity even in challenging circumstances. 

Below are key reasons why businesses need to have a BCP today:

  • BCP’s relevance has gone up considerably after the outbreak of the COVID-19 pandemic and was also a major testing time for organizations that did have such a plan in place. The organizations which had a business continuity plan in place were better able to cope during these unprecedented circumstances better than those who did not have any such plans.
  • The recorded number of natural disasters has increased from 375 in 2016 to 409 in 2019 Opens a new window . Globally, the loss because of natural disasters was $232 billion in 2019, according to a study by Aon Opens a new window .
  • The number of cyberattacks has also increased in all geographies and all business verticals. MonsterCloud reported that cyberattacks have skyrocketed during the COVID-19 pandemic. All this means that the organizations have to be better prepared to fight disasters. The importance of BCP can hardly be exaggerated in this context. Preparing a BCP is imperative for any enterprise, big or small, today. 

The end goal of a BCP is to ensure that the essential services continue to run in the event of an incident. For instance, if there is an earthquake where your customer service representatives operate from, your BCP will be able to tell you who will handle customer calls until the original office is restored.

Also Read: What Is Disaster Recovery? Definition, Cloud and On-premise, Benefits and Best Practices

Difference between a business continuity plan (BCP) and disaster recovery plan (DCP)

A BCP is often confused with a disaster recovery (DR) plan. While a DR plan is primarily focused on restoring the IT systems and infrastructure, a BCP is much more than that. It covers all areas and departments of the organization, including HR, marketing and sales, support functions. 

The underlying thought behind BCP is that IT systems can hardly work in silos. Other departments also need to be restored to cater to the client or for meeting the business demands. 

“Many people think a disaster recovery plan (DRP) is the same as a business continuity plan, but a DRP is only a small, yet essential, a portion of a full BCP. A DRP focuses solely on restoring an organization’s IT infrastructure while minimizing data loss. On the other hand, a BCP is a comprehensive guide on how to continue the mission and business-critical operations during a time of an unplanned disruption (natural disasters, pandemics, or malware),” says Caleb Pipkin, a security expert at Logically . 

Whether a business is small, big, or medium-sized, it needs a ‘plan B’ to recover quickly in the event of a natural disaster or a crisis and can survive the disruption. BCP helps you dust yourself and get back to business quickly and easily. It means that the enterprise will be better placed to address their customers’ needs even in the wake of a disaster. 

On the other hand, the lack of a plan means that your organization will take longer to recover from an event or incident. It could also lead to loss of business or clients. Let’s look at some key benefits of BCP.

1. It is a roadmap to act in a disaster

A well-defined business continuity plan is like a roadmap during a disruption. It allows the firms to react swiftly and effectively and maintain business continuity. In turn, this leads to a faster and complete recovery of the enterprise in the shortest possible timeframe. It brings down the business downtime and outlines the steps to be taken before, during, and after a crisis and thus helps maintain its financial viability. 

2. Offers a competitive edge

Fast reaction and business continuity during a disruption allow organizations to gain a competitive edge over its business rivals. It can translate into a significant competitive advantage in the long run. Further, your clients will be more confident in your ability to perform in adverse circumstances allowing you to build a long and sustainable relationship with your business partners.

Developing competence to act and handle any unfavorable event effectively has a positive effect on the company’s reputation and market value. It goes a long way in enhancing customer confidence. 

Also Read: Top 8 Disaster Recovery Software Companies in 2021

3. Cuts down losses

Disasters have a considerable impact on all types of business, whether big or small. Business disruption can lead to financial, legal, and reputational losses. Failure to plan could be disastrous for businesses. You may lose your customers while trying to get your business on track. In the worst circumstances, you may not be able to recover at all. A well-defined business continuity strategy minimizes the damage to an organization and allows you to bring down these losses as much as possible. 

4. Enables employment continuity and protects livelihoods

One of the most significant consequences of a disaster is the loss of employment. The loss of livelihood can be curtailed to an extent if the business continues to function in the event of a disaster. It leads to greater confidence in the workforce that their jobs might not be at risk, and the management is taking steps to protect their jobs. It helps build confidence in senior management’s ability to respond to the business disruption in a planned manner. 

5. Can be life-saving

A regularly tested and updated BCP can potentially help save the lives of the employees and the customers during a disaster. For instance, if the BCP plan for fire is regularly tested, the speed with which the workforce acts can help save lives. 

6. Preserves brand value and develops resilience

Possibly the biggest asset of an organization is its brand. Being able to perform in uncertain times helps build goodwill and maintain its brand value and may even help mitigate financial and reputational loss during a disaster. 

BCP curtails the damage to the company’s brand and finances because of a disaster event. This helps bring down the cost of any incident and thus help the company be more resilient. 

Also Read: 10 Best Practices for Disaster Recovery Planning (DRP)

7. Enables adherence to compliance requirements

Having a BCP allows organizations to have additional benefits of complying with regulatory requirements. It is a legal requirement in several countries.

8. Helps in supply chain security

A precise BCP goes a long way in protecting the supply chain from damage. It ensures continuity in delivering products and services by being able to perform critical activities.

9. Enhances operational efficiency

One of BCP’s lesser-known benefits is that it helps identify areas of operational efficiency in the organization. Developing BCP calls for an in-depth evaluation of the company’s processes. This can potentially reveal the areas of improvement. Essentially, it gathers information that can benefit in enhancing the effectiveness of the processes and operations. 

Also Read: 7 Ways to Build an Effective Disaster Recovery and Business Continuity Plan  

The COVID-19 pandemic has put the spotlight on preparing for a disaster like never before. We make the job easier for you by listing out the key steps in building a formidable business continuity plan: 

How to Build a Business Continuity Plan

How to Build a Business Continuity Plan

Step 1: Risk assessment 

This phase involves asking crucial questions to evaluate the risks faced by the company. What are the likely business threats and disruptions which are most likely to occur? What is the most profitable activity of your organization? It is vital to prioritize key risks and operations, which will help mitigate the damage in the event of a disaster. 

Step 2: Business impact analysis

The second step involves a thorough and in-depth assessment of your business processes to determine the vulnerable areas and the potential losses if those processes are disrupted. This is also known as Business Impact Analysis . 

Essentially, Business impact analysis (BIA) is a process that helps the organization define the impact if critical business operations are interrupted because of a disaster, accident, or emergency. It helps in identifying the most crucial elements of the business processes. For instance, maintaining a supply chain might be more critical during a crisis than public relations.

While there is no formal standard for a BIA, it typically involves the following steps: 

  • Collating information: As a first step, a questionnaire is prepared to find out critical business processes and resources that will help in the proper assessment of the impact of a disruptive event. One-on-one sessions with key management members may be conducted further to gain insights into the organization’s processes and workings.
  • Analysis: This is followed by analyzing the collected information. A manual or computer-assisted analysis is conducted. The analysis is based on an interruption in which crucial activities or resources are not available. Typically it works on the assumption of the worst-case scenario, even when the chances of a risk likelihood are low. This approach is followed to zero in on the systems that, when disrupted or interrupted, threaten the organization’s very survival. This way, these processes are prioritized in the business continuity plan. 

The analysis phase helps identify the minimum staff and resources required for running the organization in the event of a crisis. This also allows the organizations to assess the impact on the revenue if the business is unable to run for a day, a week, or more. There might be contractual penalties, regulatory fines, and workforce-related expenditure which need to be taken into account while finding out the impact on the business. Further, there might be specific vulnerabilities of the firm, and they need to be considered in the BIA. 

  • Preparing a report: The next step is preparing a BIA report, which is assessed by the senior management. The report is a thorough analysis of the gathered information along with findings. It also gives recommendations on the procedure that should be followed in the event of a business disruption. The BIA report also shares the impact on the revenue, supply chain, and customer delivery to the business in a specific time frame. 

The business impact analysis report may also include a checklist of all the resources, such as the names of key personnel, data backup , contact information, emergency responders, and more.

  • Presenting the report: Usually, this report goes through several amendments before being cleared by the senior management. The involvement of senior management is crucial to the success of the business continuity plan. It sends out a strong signal in the organization that it is a serious initiative. 

Also Read: Will Extreme Weather Events Affect Your Business? Lessons From the Texas Winter Storm

Step 3: BCP Testing

Several testing methods are available to test the effectiveness of the BCP. Here are a few common ones: 

  • TableTop test: As the name suggests, the identified executives go through the plan in detail to evaluate whether it will work on not. Different disaster types and the response to them are discussed at length. This type of testing is designed to make all the key personnel aware of their role in the event of a disaster. The response procedure is reviewed, and responsibilities are outlined, so everybody knows their roles.
  • Walk through: In this type of testing, the team members go through their part in the plan with a specific disaster in mind. Drills or a simulated response and disaster role-playing are part of this. This is a more thorough form of testing and likely to reveal the shortcoming in the plan. Any vulnerabilities discovered should be used to update the BCP accordingly.
  • Disaster simulation testing: In this type of testing, an environment that simulates an actual disaster is created. This is the closest to the actual event and gives the best case scenario about the plan’s workability. It will help the team find gaps that might be overlooked in the other types of tests. Document the results of your testing so you can compare the improvement from the previous tests. It will help you in strengthening your business continuity plan. 

Frequency of testing – Typically, organizations test BCP at least twice a year. At the same time, it depends on the size of your organization and the business vertical you operate in.

Step 4: Maintenance

A business continuity plan should not be treated as a one-time exercise. It needs to be maintained , so the organization’s structural and people changes are updated regularly. The key personnel might move on from the firm, and this would need to be updated in the Business Impact Analysis and BCP. The process for regular updating of the documentation should be followed to ensure that the organization is not caught on the wrong foot in case of a business disruption. 

Also Read: Offsite Data Replication: A Great Way To Meet Recovery Time Objectives

Step 5: Communication

Sometimes executives tend to ignore communication while preparing a BCP. It is a crucial aspect, and your BCP should clearly define who will maintain the communication channels with the employees, regulators, business partners, and partners during the crisis. The contact information of the key people should be readily accessible for the BCP to work without any trouble.

In the end, the organizations should accept that despite preparing a formidable business continuity plan, several factors beyond your control may still affect its success or failure. The key executives might not be available in the event of a crisis; both the primary and the alternate data recovery sites might have been affected by the event; the communications network might be damaged, and so on. Such factors are common during a natural disaster and may lead to the limited success of the business continuity plan. 

The success of a business depends on it acting swiftly and efficiently when confronted with an unanticipated crisis. Any failure to do so results in a financial and reputational loss, which takes up a long time to recover. It can be avoided if the organization quickly gathers itself during a disaster. A business continuity plan is then of paramount importance for a business of any size. At the same time, it is crucial to ensure that the BCP is not a one-time exercise. It needs to be continuously evaluated, tested, amended, and maintained so it doesn’t let you down when you need it the most. 

Did you enjoy reading this article? Comment below or let us know on  LinkedIn Opens a new window ,  Twitter Opens a new window , or  Facebook Opens a new window . We’d love to hear from you!

Share This Article:

Take me to Community

Recommended Reads

WiFi Security Vulnerabilities Make Linux and Android Systems Susceptible to Hackers

WiFi Security Vulnerabilities Make Linux and Android Systems Susceptible to Hackers

Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

Over 25,000 Websites Impacted by WordPress Theme Vulnerability

Over 25,000 Websites Impacted by WordPress Theme Vulnerability

Azure and Microsoft Exchange Servers Victim To Active Exploitation by Hackers

Azure and Microsoft Exchange Servers Victim To Active Exploitation by Hackers

The Invisible Pickpocket: When Your Gmail Becomes a Hacker’s Playground

The Invisible Pickpocket: When Your Gmail Becomes a Hacker’s Playground

3 Significant Ways AI Can Impact Cybersecurity This Year

3 Significant Ways AI Can Impact Cybersecurity This Year

Supported by Red Hat

What does a business continuity plan include? 5 key elements

business continuity plan how to build

The COVID-19 crisis has forced businesses to tackle a multitude of challenges over the past few months, but one of the most important involves the business continuity (BC) plan. Many companies learned too late that their plans were inadequate, lacking interoperability with other critical plans for crisis management, disaster recovery, and pandemic readiness.

Many business contnuity plans are either too high-level to offer any real actionable detail or consist of content that is out of date. In other instances, plans place too much emphasis on short-term disturbances and forsake long-lasting disruptions. Many also gloss over pre-event preparations and work acceleration strategies.

The pandemic has reset expectations. While CIOs have a vested interest in the effectiveness of BC plans – after all, they ensure essential activities can withstand a variety of disruptions to keep the business running as IT reinstates services after an incident – resilience should be a company-wide priority.

[ Also read: Digital transformation: Why data leaders must play offense during COVID-19 . ]

1. Build your business continuity plan foundation

As you reimagine your entire business resilience program, here’s what your BC plans should include. Effective BC plans start with the following five essential framework elements:

  • Objectives: What will the plan cover, and how does it fit into a larger organizational response to disruption?
  • Activation procedure: What sets the BC plan in motion? Who is involved, and what resources — i.e., backups, workplace recovery facilities, etc. — are available?
  • Priorities: How will you communicate with staff, vendors, customers, and others? What are the most business-critical applications and systems that you need to focus on reviving?
  • Assumptions and limitations: You can’t foresee every disruption, but you can detail limitations in your plan to allow for effective decision-making. Identify limitations in the extent, duration, and impact of your plan.
  • Standing down procedures: Determine your criteria for saying an incident is closed and how to extract lessons learned from the experience. This section can also include an appendix of relevant resources, from templates like action logs to meeting agendas.

Within this framework, there’s a lot of room to customize for your size, maturity, compliance requirements, and other factors. While every organization’s BC plan approach will be unique, it’s important to consider the following aspects when designing your plan.

2. Develop response strategies if key resources are unavailable

Effective BC plans must include well-defined strategies and actions for responding in the event that key resources become unavailable. These could include:

  • Third-party services
  • IT services

You need to have planned business responses for each of these disruption scenarios, and they must be at the individual resource level. Generic statements that convey the “what’s” without the “how’s” aren’t helpful. For example, if your inventory management system is unavailable, how will you continue your receiving activity? Be specific in your plans.

IT must be aware of the part it plays in enabling disruption response strategies. For example, remote working is one possible business response for workplace unavailability. In that event, IT might be tasked with upgrading your company’s virtual meeting service and expanding the IT help desk staff.

[ Read also: LogMeIn CIO: This is IT's time to shine on business continuity  and  Moving from COVID-19 crisis leadership to strategic leadership . ]

However, in a workforce unavailability scenario, your solution might be to transition work to personnel in another geography. In this case, IT’s response might be to adjust network configuration in anticipation of increased volumes from a network node.

BC planning is also essential within IT, which relies on people, workplaces, equipment, third-party services, supporting systems, and data. Put comprehensive BC plans in place for key IT activities where ongoing service levels are of paramount importance. This includes:

  • Network operations centers
  • Information security operations centers
  • IT help desks
  • Disaster recovery teams

3. Work out timing for each response strategy

Timing is critical.

Determine the anticipated time to implement each of your defined response strategies, as well as how long each strategy can remain effective.

For some strategy options, the goal should be quick implementation times. For others, focus on ensuring the response strategies will be effective for sustained timeframes – ideally three to six months or longer.

Let's look at two more important elements:

business continuity plans must be expanded to include all except

Related content

Harvard Business Review How to Keep Your Top Talent CIO

  • Artificial Intelligence
  • Generative AI
  • Business Operations
  • Cloud Computing
  • Data Center
  • Data Management
  • Emerging Technology
  • Enterprise Applications
  • IT Leadership
  • Digital Transformation
  • IT Strategy
  • IT Management
  • Diversity and Inclusion
  • IT Operations
  • Project Management
  • Software Development
  • Vendors and Providers
  • United States
  • Middle East
  • Italia (Italy)
  • Netherlands
  • United Kingdom
  • New Zealand
  • Data Analytics & AI
  • Newsletters
  • Foundry Careers
  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright Notice
  • Member Preferences
  • About AdChoices
  • Your California Privacy Rights

Our Network

  • Computerworld
  • Network World
  • Enterprise Buyer's Guides

How to create an effective business continuity plan

A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood, or cyberattack. Here’s how to create a plan that gives your business the best chance of surviving such an event.

Professional Meeting: Senior Businesswoman and Colleague in Discussion

The tumultuous events of the past several years have impacted practically every business. And with the number of extreme weather events, cyberattacks, and geopolitical conflicts continuing to rise, business leaders are bracing for the possibility of increasingly more frequent impactful incidents their organizations will need to respond to.

According to PwC’s 2023 Global Crisis and Resilience Survey , 96% of 1,812 business leaders said their organizations had experienced disruption in the past two years and 76% said their most serious disruption had a medium to high impact on operations.

It’s little wonder then that 89% of executives list resilience as one of their most important strategic priorities.

Yet at the same time, only 70% of respondents said they were confident in their organization’s ability to respond to disruptions, with PwC noting that its research shows that too many organizations “are lacking the foundational elements of resilience they need to be successful.”

A solid business continuity plan is one of those foundational elements.

“Every business should have the mindset that they will face a disaster, and every business needs a plan to address the different potential scenarios,” says Goh Ser Yoong, head of compliance at Advance.AI and a member of the Emerging Trends Working Group at the professional governance association ISACA.

A business continuity plan gives the organization the best shot at successfully navigating a disaster by providing ready-made directions on who should do what tasks in what order to keep the business viable.

Without such as a plan, the organization will take longer than necessary to recover from an event or incident — or may never recover at all.

What is a business continuity plan?

A business continuity plan (BCP) is a strategic playbook created to help an organization maintain or quickly resume business functions in the face of disruption, whether that disruption is caused by a natural disaster, civic unrest, cyberattack, or any other threat to business operations.

A business continuity plan outlines the procedures and instructions that the organization must follow during such an event to minimize downtime, covering business processes, assets, human resources, business partners, and more.

A business continuity plan is not the same as a disaster recovery plan , which focuses on restoring IT infrastructure and operations after a crisis. Still, a disaster recovery plan is part of the overall strategy to ensure business continuity, and the business continuity plan should inform the action items detailed in an organization’s disaster recovery plan. The two are tightly coupled, which is why they often are considered together and abbreviated as BCDR.

Why business continuity planning matters

Whether you operate a small business or a large corporation, it’s vital to retain and increase your customer base. There’s no better test of your capability to do so than right after an adverse event.

Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company’s future depends on your people and processes. Being able to handle any incident effectively can have a positive effect on your company’s reputation and market value, and it can increase customer confidence.

Moreover, there are increasing consumer and regulatory expectations for both enterprise security and continuity today. Consequently, organizations must prioritize continuity planning to prevent not only business losses, but financial, legal, reputational, and regulatory consequences.

For example, the risk of having an organization’s “license to operate” withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence.

Building (and updating) a business continuity plan

Whether building the organization’s first business continuity plan or updating an existing one, the process involves multiple essential steps.

Assess business processes for criticality and vulnerability: Business continuity planning “starts with understanding what’s most important to the business,” says Joe Nocera, principle in the cyber risk and regulatory practice at PwC, a professional services firm.

So the first step in building your business continuity plan is assessing your business processes to determine which are the most critical; which are the most vulnerable and to what type of events; and what are the potential losses if those processes go down for a day, a few days, or a week.

“This step essentially determines what you are trying to protect and what you are trying to keep up for systems,” says Todd Renner, senior managing director in the cybersecurity practice at FTI Consulting.

This assessment is more demanding than ever before because of the complexity of today’s hybrid workplace, the modern IT environment, and the reliance on business partners and third-party providers to perform or support critical processes.

Given that complexity, Goh says a thorough assessment requires an inventory of not only key processes but also the supporting components — including the IT systems, networks, people, and outside vendors — as well as the risks to those components.

This is essentially a business impact analysis.

Determine your organization’s RTO and RPO: The next step in building a business continuity plan is determining the organization’s recovery time objective (RTO), which is the target amount of time between point of failure and the resumption of operations, and the recovery point objective (RPO), which is the maximum amount of data loss an organization can withstand.

Each organization has its own RTO and RPO based on the nature of its business, industry, regulatory requirements, and other operational factors. Moreover, different parts of a business can have different RTOs and RPOs, which executives need to establish, Nocera says.

“When you meet with individual aspects of the business, everyone says everything [they do] is important; no one wants to say their part of the business is less critical, but in reality you have to have those challenging conversations and determinations about what is actually critical to the business and to business continuity,” he adds.

Detail the steps, roles, and responsibilities for continuity: Once that is done, business leaders should use the RTO and the RPO, along with the business impact analysis, to determine the specific tasks that need to happen, by whom, and in what order to ensure business continuity.

“It’s taking the key components of your analysis and designing a plan that outlines roles and responsibilities, about who does what. It gets into the nitty-gritty on how you’re going to keep the company up and running,” Renner explains.

One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel, and backup site providers.

Although the list of possible scenarios that could impact business operations can seem extensive, Goh says business leaders don’t have to compile an exhaustive list of potential incidents. Rather, they should compile a list that includes likely incidents as well as representative ones so that they can create responses that have a higher likelihood of ensuring continuity even when faced with an unimagined disaster.

“So even if it’s an unexpected event, they can pull those building blocks from the plan and apply them to the unique crisis they’re facing,” Nocera says.

The importance of testing the business continuity plan

Devising a business continuity plan is not enough to ensure preparedness; testing and practicing are other critical components.

Renner says testing and practicing offer a few important benefits.

First, they show whether or how well a plan will work.

Testing and practicing help prepare all stakeholders for an actual incident, helping them build the muscle memory needed to respond as quickly and as confidently as possible during a crisis.

They also help identify gaps in the devised plan. As Renner says: “Every tabletop exercise that I’ve ever done has been an eye-opener for everyone involved.”

Additionally, they help identify where there may be misalignment of objectives. For example, executives may have deprioritized the importance of restoring certain IT systems only to realize during a drill that those are essential for supporting critical processes.

Types and timing of tests

Many organizations test a business continuity plan two to four times a year. Experts say the frequency of tests, as well as reviews and updates, depends on the organization itself — its industry, its speed of innovation and transformation, the amount of turnover of key personnel, the number of business processes, and so on.

Common tests include tabletop exercises , structured walk-throughs, and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.

A tabletop exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.

In a structured walk-through, each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.

Some experts also advise a full emergency evacuation drill at least once a year.

Meanwhile, disaster simulation testing — which can be quite involved — should still be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel (including business partners and vendors) who would be needed. The purpose of a simulation is to determine whether the organization and its staff can carry out critical business functions during an actual event.

During each phase of business continuity plan testing, include some new employees on the test team. “Fresh eyes” might detect gaps or lapses of information that experienced team members could overlook.

Reviewing and updating the business continuity plan should likewise happen on an ongoing basis.

“It should be a living document. It shouldn’t be shelved. It shouldn’t be just a check-the-box exercise,” Renner says.

Otherwise, plans go stale and are of no use when needed.

Bring key personnel together at least annually to review the plan and discuss any areas that must be modified.

Prior to the review, solicit feedback from staff to incorporate into the plan. Ask all departments or business units to review the plan, including branch locations or other remote units.

Furthermore, a strong business continuity function calls for reviewing the organization’s response in the event of an actual event. This allows executives and their teams to identify what the organization did well and where it needs to improve.

How to ensure business continuity plan support, awareness

One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.

Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts?

Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and punctuate its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.

Related content

5 hot it leadership trends — and 4 going cold, 4 core ai principles that fuel transformation success, capm certification: cost, salary, training, and more, how can businesses prepare their workforce to have the digital skills of tomorrow’s ai-powered workplace, from our editors straight to your inbox, show me more, kyndryl bets on partnerships, consulting arm to redeem itself.

Image

What are the main challenges CISOs are facing in the Middle East?

Image

American Honda IT to fuel innovation with generative AI

Image

CIO Leadership Live India with Sankaranarayanan Raghavan, Chief Technology and Data Officer, IndiaFirst Life

Image

CIO Leadership Live Canada with Parm Sandhu, CIO at Immigrant Services Society of BC

Image

AMB Sports and Entertainment CTO on digitally engaging Atlanta Falcons fans

Image

Building a Foundation for Future GenAI Jobs

Image

Sponsored Links

  • Experience the comprehensive solution that provides end-to-end visibility across applications, infrastructure, and network layers. Plus improve your IT operations and enhance overall business performance. Sign up for a Free Trial and explore the benefits
  • Want to justify your IT investments faster? IDC reports on how to measure business impact.
  • Read this IDC spotlight to learn what commonly prevents value realization – and how to solve it

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

business continuity plans must be expanded to include all except

Business Continuity Planning

world globe

Organize a business continuity team and compile a  business continuity plan  to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

  • Business Continuity Plan Situation Manual
  • Business Continuity Plan Test Exercise Planner Instructions
  • Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

feature_mini img

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans. View on YouTube

Last Updated: 12/21/2023

Return to top

  • Skip to content
  • Skip to search
  • Skip to footer

What Is Business Continuity?

What is business continuity

Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.

  • Watch video (1:14)
  • Business continuity

Contact Cisco

  • Get a call from Sales

Call Sales:

  • 1-800-553-6387
  • US/CAN | 5am-5pm PT
  • Product / Technical Support
  • Training & Certification

Is business continuity the same as business resilience or disaster recovery?

Business continuity, disaster recovery, and business resilience are not the same, but they are related.

  • Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
  • Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
  • Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.

What is a business continuity strategy?

A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.

What does a business continuity plan mitigate?

A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.

  • Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
  • Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
  • Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.

Business continuity planning activities

A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.

Identifying critical business areas and functions

Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.

Analyzing risks, threats, and potential impacts

Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.

Outlining and assigning responsibilities

A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.

Defining and documenting alternatives

A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.

Assessing the need for critical backups

Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.

Testing, training, and communication

Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.

Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.

Related products and solutions

  • Cisco Webex Contact Center
  • Virtual Desktop Infrastructure (VDI)
  • Cisco Intersight Workload Optimizer
  • AppDynamics Application Performance Management
  • ThousandEyes End User Monitoring
  • ThousandEyes Endpoint Agents

You may also like…

  • Cisco’s Business Resiliency Strategy
  • Business Continuity Blogs
  • Business Continuity Planning

business continuity plans must be expanded to include all except

ERM Software Logo

What Does a Business Continuity Plan Typically Include? [Complete Guide]

Last Updated: September 19, 2023

Introduction

A business continuity plan (BCP) is your first line of defense against any challenge that threatens the core functionalities of your organization’s operations. When disaster strikes, your BCP should be there to reduce the time it takes to get things back up and running as usual again – as quickly as possible.

If you’re not able to react quickly to these types of incidents, your company could suffer physical harm, monetary losses, reputational damage, data integrity loss, litigation and much more.

Designing a BCP can feel overwhelming, as it’s such a critical document; where should you start? Who should be involved in the process? How should it be disseminated? These are all questions we’ll answer in this guide, including what is typically included in a BCP.

Bonus Material: Free BCP Checklist

How to Create a Business Continuity Plan

It’s important to actively invest time and energy into preparing for any potential risk before a potential event of a disaster so that if or when it does, your BCP directs you to the necessary resources to return to business as usual. That’s why creating and developing your BCP needs to involve a great deal of strategy and intention.

Taking a risk-based approach is the best way to go about developing your business continuity plan and avoid the need to use implement a disaster recovery plan. Through a risk-based approach, you follow the following steps: identify, assess, mitigate, monitor, connect and report. Here’s how to apply each of these steps during the lifecycle of your BCP:

  • Start by identifying your most critical processes. When a business continuity event occurs, taking a risk-based approach ensures that you understand what the most critical processes to your organization are that need to be prioritized first to get back up and running to minimize any impacts.
  • Next, assess your various risks. By evaluating all of the various types of risks that an incident could bring up – such as financial, reputational, customer, legal or strategic impact – you’re able to adequately determine which steps must be included in your BCP to minimize those impacts.
  • Be sure to implement strategic mitigations as part of your business impact analysis. Building a business continuity plan through a risk-based lens empowers you to design more effective policies and procedures that simultaneously minimize the impact of the disruption at hand.
  • Monitor the effectiveness of your controls over time. Otherwise, your BCP won’t align with your risks, leaving you likely to be caught off guard next time a business continuity event occurs.
  • Your BCP does not exist in isolation, so be sure to connect departmental efforts. This allows you to identify interdependencies that must be known if an event occurs to ensure all steps are taken.
  • Reporting is a key step in the risk-based approach, as it reveals patterns over time so that you can improve your BCP development where needed and keep your organization protected from any future disruption.

What Should my Business Continuity Plan Include?

Your BCP should include:

  • An analysis of all critical functions within your business. This will allow for preparation of resources.
  • A prioritized list of risks that pose a severe or even catastrophic threat to your business. These can be prioritized through risk tolerances and risk appetite so you can visualize which ones fall farthest out of that range.
  • A list of specific strategies (or mitigation activities) that help protect the critical components you identified earlier in the BCP.
  • Evidence that the strategies have been tested across critical business functions, using key metrics, indicators and financial scenarios.
  • Dashboards and reports that uncover challenges and allow you to update the plan and your business processes over time.

Examples of Potential Unforeseen Risks

Naturally, your BCP will include risks that you deem a threat to your business. It can be difficult to begin writing that list when you’re not sure exactly what should be on it. In Risk Management, it’s important to consider potential risks that others may not have ever predicted to become reality (many people today say they never imagined in their lifetime that they would experience a pandemic).

Here is a list of potential unforeseen risks that pose a threat to business continuity:

  • The sudden unavailability of a key vendor-provided service
  • A regional power outage
  • Abandonment in leadership
  • Data protection issue
  • Supply chain issues
  • Privacy policy issues
  • Getting sued
  • An industry strike
  • Pest infestation
  • Natural disasters
  • Winning the lottery
  • Receiving a life-threatening diagnosis
  • Getting in an accident
  • A threat to national security, such as a terrorist attack
  • Collapse of infrastructure
  • And perhaps the most timely example of all, a pandemic (check out our complete guide to building a BCP for COVID-19 here )

BCP Best Practices

Like we mentioned earlier in this guide, it’s important to take a risk-based approach when creating your BCP. This will help you better preserve your business reputation, build up customer confidence and allow you to gain a competitive advantage. It will also ensure that you can avoid situations of disaster recovery. (Read our full guide on Business Continuity vs. Disaster Recovery )

To receive these benefits, it’s best practice to leverage robust business continuity planning software . This enables you to inherently take a risk-based approach and demonstrates to customers and stakeholders that you are prioritizing business continuity planning. This is especially true today amidst our ever-evolving disruptive business environment and the See-Through Economy.

Your business continuity plan will be different from anyone else’s, which is why it’s important to dedicate time and resources to creating one that fits your unique needs and risk factors. Working with a professional risk consultant is just one added benefit that’s included with your partnership with LogicManager. With their help, you’ll be able to better leverage the tools and resources included in our integrated ERM software, as well as our solution package for business continuity development .

BCP Checklist

Complimentary Download: BCP Checklist

Download our free BCP checklist to ensure that you are on the right track with your business continuity planning.

Share This Post

Related content.

business continuity plans must be expanded to include all except

Your Content Goes [...]

COMPLIMENTARY DOWNLOAD: BCP Checklist

business continuity plans must be expanded to include all except

My Favorites List

Submit your Favorites List and our experts will reach out to you with more information. You will also receive this list as an e-mail which you can share with others. Here are the solutions you've added to your list so far:

Home  >  Learning Center  >  Business continuity planning (BCP)  

Article's content

Business continuity planning (bcp), what is business continuity.

In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.

Start with a business continuity plan

Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.

A business continuity plan (BCP) should comprise the following element

1. Threat Analysis

The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:

2. Role assignment

Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.

Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.

3. Communications

A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.

Your strategy should include:

  • Methods of communication (e.g., phone, email, text messages)
  • Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
  • Means of contacting employee family members, media, government regulators, etc.

From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:

  • Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
  • Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
  • Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).

Load balancing business continuity

Load balancing  maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.

In contrast to the reactive measures used in failover and  disaster recovery  (described below) load balancing is a preventative measure.  Health monitoring  tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.

Disaster recovery plan (DCP) – Your second line of defense

Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.

As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and  RPO .

disaster recovery plan

  • Recovery time objective (RTO)  – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
  • Recovery point objective (RPO)  – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.

Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.

See how Imperva Load Balancer can help you with business continuity planning.

Choosing the right failover solutions

Failover  is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.

A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.

When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.

For an IT organization charged with the business continuity of a website or web application, there are three failover options:

  • Hardware solutions  – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
  • DNS services  – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes  TTL-related delays  that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
  • On-edge services  – On-edge failover is a managed solution operating from off-prem (e.g., from the  CDN  layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.

Latest Blogs

Healthcare Needs Risk Based Cybersecurity for Comprehensive Effective Protection

Lynne Murray

, Paul Steen

Feb 26, 2024 5 min read

Connected World

, Shiri Margel

Dec 1, 2023 5 min read

Mobile phone with a stock exchange app displayed and a finger perusing the trend line

Oct 9, 2023 4 min read

sc

Aug 28, 2023 3 min read

Latest Articles

  • Regulation & Compliance

607.1k Views

191.3k Views

41.7k Views

39.1k Views

37.7k Views

35.5k Views

29.3k Views

25.2k Views

Protect Against Business Logic Abuse

Identify key capabilities to prevent attacks targeting your business logic

The 10th Annual Bad Bot Report

The evolution of malicious automation over the last decade

The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

An Imperva security specialist will contact you shortly.

Top 3 US Retailer

  • How to Write a Business Continuity Plan

business continuity plans must be expanded to include all except

Featured in:

business continuity plans must be expanded to include all except

Except for time-bound enterprises, or business ventures that are started with the intention of terminating operations and liquidating the business at the end of a year or two, businesses are established with a long-term outlook.

They would want their business to earn profits, and to continue operating profitably for an indefinite, but long period of time. When drawing up their business plans, they see their business continuing to exist and operate in the many years to come.

How to Write a Business Continuity Plan

© Shutterstock.com | BsWei

Thus, they make every decision with continuity of the business in mind, while taking into account the possible effects of unexpected events that may lead to disruptions and interruptions in business operations.

INTRODUCTION TO BUSINESS CONTINUITY

If we are to take the phrase “business continuity” for its surface value, the most obvious meaning would be the ability of the business or enterprise to continue operating as a going concern for a very long time. But the term actually means more than what the words literally mean.

The International Organization for Standardization, in ISO 22300 , defined “business continuity” as the capability of an organization to continue the delivery of its products or services, at acceptable predefined levels, following a disruptive incident. It implies the responsibility of the business owners and management for the business in ensuring that it stays afloat and “on course” despite any obstacles or stumbling blocks it encounters along the way. This responsibility is incorporated into the greater management process of the business, and what is also referred to as “Business Continuity Management”or BCM.

The Business Continuity Institute hit the nail right on the head when it described business continuity to be about “building and improving resilience in the business”. Organizational resilience means that the business can weather any storm and withstand any hits, and still remain operational, productive and profitable. Being resilient means that the business is still able to recover and grow, bigger and stronger than ever.

BCM is clearly described by the ISO to provide a framework for building organizational resilience, which will allow the organization to respond accordingly, in a way that protects the business, its reputation, and all other stakeholders. As a management process, BCM involves several key activities :

  • Identification and analysis of key products and services of the business
  • Identification and analysis of the most urgent activities and processes of the business
  • Identification of potential threats , and their impacts to business operations
  • Devising of plans and strategies for quick and effective recovery from any disruption, and the continuation of business operations

Business Continuity Planning

In recognition of the reality of the economic and business landscape being unpredictable and volatile, businesses are now taking a lot of precautions to ensure that their operations will still stand a chance against unexpected disruptions. We usually hear of these precautions in the form of disaster recovery planning, which is primarily focused on the restoration of a firm’s IT infrastructure and IT operations. This view is rather limited, when you look at the bigger picture, since a business and its operations are more than just its IT infrastructure.

Thus, more attention is put on business continuity planning (BCP), which puts the company in a proactive position in planning how to ensure that it will still be able to deliver its critical products and services safely and smoothly, while meeting its legal, regulatory, and other obligations.

We can probably enumerate more than a dozen reasons why businesses should create and maintain BCP initiatives but, at the end of the day, there is only one ultimate goal or purpose for it, and that is to help ensure that the organization, business or company has the required resources, information, and capabilities to deal with emergencies and similar unexpected events, particularly their aftermath.

Benefits of Business Continuity Planning

You will probably be able to appreciate BCP even more if you have a clearer idea of what the business can gain from it.

  • BCP improves public perception and acceptance of the company . By displaying a proactive attitude and demonstrating the initiative to be well-prepared, customers and the general public will have a favorable and positive impression of the organization. This will lead to a certain level of trust, which is likely to convert them into loyal, buying , customers.
  • BCP will boost employee’s morale and command their loyalty to the company . Employees are inclined to seek stability in the organization they belong to or the company that employs them, and a solid BCP is one way for management to give them the assurance that they are looking for. It will also give them pride in their work and motivate them to increase their productivity as members of the organization.
  • BCP enhances the relationship of the business with its shareholders and other stakeholders . Shareholders will trust the company enough to encourage them to keep investing in the company, and partners will have no reason to stop working and collaborating with the business if they know that every effort to be prepared for the unexpected is made.
  • BCP improves the overall efficiency of the organization . In the event that a crisis does arise, resulting to a disruption in operations, having a solid BCP will allow the company to respond quickly and appropriately, keeping losses and costs to a minimum because there is already a plan in place.

Threats to Business Continuity

Risks are inherent in businesses, and the risk of being faced with potential disasters and disruptive emergencies is one of them. What are some examples of these potential risks or threats?

  • Natural disasters ( force majeure , or “acts of God”), such as hurricanes or typhoons, storm surges or tsunamis , floods, earthquakes, bushfires, blizzards, sandstorms
  • Man-made disasters with environmental repercussions, such as oil spills, hazardous materials spills, pollution, improper disposal of chemical and other industrial wastes
  • Accidents brought about by fortuitous events, such as factory fires and similar incidents in the workplace
  • Failure of utility and other similar service providers to deliver their services, such as when power and energy providers shut down, water services are interrupted, and communication lines go out of order
  • Results of sabotage and similar crimes (with the intention of putting the business at risk), such as arson,
  • Cybersecurity attacks , with the information system of the business falling prey to hacker and other similar intrusive activities

All these threats must be taken seriously by companies, considering their various effects or impacts when they result in the disruption of business operations. Some of the most likely effects are:

Lost revenues and profits

When a retail store does not open for a week, the potential income that it usually earns in a one-week period is gone. Similarly, when a manufacturing plant is unable to operate even for a couple of days, the company will not be able to produce the average output of finished goods for distribution. Reduced finished goods inventory means reduced number of products to be sold, which will ultimately result to reduced sales and revenues.

What the company is looking at is a profit level that is much lower than their usual level of earnings. Of course, if profitability gets a major hit, this will also have adverse effects on business growth strategies.

Higher costs and expenses

Business disruptions usually lead to the company spending more on incidental expenses in order to do some damage control. For example, if the disruption is caused by a blizzard leading to the closure of manufacturing facilities, there is a high chance that the facilities have been damaged, and will require some major repairs.

Salvaging remaining equipment and machinery will also entail spending on transportation and hauling services. Incidentally, if the factory workers are paid on a monthly basis instead of on an output basis, they will still be paid their regular compensation rates. This, on top of the lost revenue, will further cause a drop in the profits of the business.

In a study of mid-sized companies that suffered a major disaster and had no contingency planning in place, it was revealed that, on average, their downtime cost amounted to $70,000 per hour. For small businesses, this is catastrophic.

Loss of customers

When their usual source of a specific product or service becomes unavailable, or unable to deliver their goods, customers will naturally look elsewhere for other sources. Even the most loyal customers may be swayed out of their loyalties if the business fails to rise to the occasion.

Soon, the business will be unable to do anything except watch helplessly as its customers shift to the competition while it is still in the middle of figuring out how to deal with the fallout of the crisis that caused the interruption of business operations.

Drop in business reputation

The reputation of the business will be on the verge of ruin. The moment it is unable to deliver the products and services that it promised, the trust levels of customers, stakeholders and other industry players for the company will suffer greatly. Lending institutions will think twice before granting any loans. Other businesses will have apprehensions about continuing any partnership they have with the company, and they may even consider severing any ties they have with that business. This will definitely make recovery more difficult for the business, even long after the crisis has passed.

The worst case scenario for businesses without BCP is the permanent end of operations. According to Agility Recovery’s Paul Sullivan, 80% of companies that have no plans whatsoever and were subsequently hit with a crisis or major disaster had to call it a day without having gone past 18 months of operations. 50% of companies that experienced inaccessibility of their business data for at least 10 days filed for bankruptcy right after.

In the BCM lifecycle, the first stage is all about policy and program management, which is essentially the phase for planning the business continuity program of the business. In the succeeding discussion, we will focus on the Business Continuity Plan – what it is, what it is for, and how to write it.

[slideshare id=39582108&doc=businesscontinuityoverviewslideshare-140926170330-phpapp02&w=640&h=330]

THE BUSINESS CONTINUITY PLAN

The Business Continuity Plan, which we will refer to from here on as “The Plan”, is the documentation of the outputs or results of a company’s BCP, presenting the processes and strategies that aim to help the company minimize, if not eliminate, the negative impact of disruptions to its business operations.

The Plan has two components:

  • Plans: These plans refer to the arrangements, measures, tactics and policies designed to ensure continuity of business operations, so that critical products and services are still delivered to customers.
  • Resources: The second component refers to the resources or assets that are necessary for recovery measures, thereby supporting business continuity. These resources often include manpower or personnel, information, facilities, machinery and equipment, physical security tools, legal support, and funding.

STEPS IN DEVELOPING A BUSINESS CONTINUITY PLAN

Before you can get down to writing The Plan, there are several steps that must be performed.

Step 1: Identify the scope of The Plan.

As in most business planning processes, the first thing that must be done is to define the scope and objectives of the plan being made. In this case, it is the Business Continuity Plan.

In addition, there is also a need to define the assumptions that will prevail in the conduct of BCP. It is also during this phase that budgeting is conducted, with the initial program budget taking into consideration the expenses that may be incurred in the process of developing the plan. These include costs of research, trainings and seminars, and other services sought in the process of moving the plan along.

Step 2: Form your business continuity team.

There is a need to establish a governance structure within the BCP in order for management to have order and control in its conduct. This implies care and prudence in choosing the people who will be assigned the task of planning for the continuity of the business.

This involves identification of the key roles in the team, and their functions or roles and responsibilities . In addition, the qualifications for each role should also be identified, in order to justify the choice of personnel to fill the roles within the team. Lines of authority and accountability, as well as management succession, should also be defined clearly.

The usual composition of a typical BCP team includes:

  • BCP senior or executive manager – He is the overall leader of the committee, and the major link between top management and the BCP team.
  • Program Coordinator – His responsibility includes BCP budgeting and budget implementation and monitoring, development of BCP policies, and coordination of BCP activities, such as the conduct of BIA, quality assurance, staffing, and training of BCP team members. In short, he is the team leader.
  • Information officer – He will be responsible in ensuring the smooth and steady flow, as well as access to and retrieval of data to be used in BCP.
  • Representatives from the various business units or divisions of the company – They are excellent sources of input and relevant information, and will also aid in the analysis of BCP data. Usually, there is a representative for every critical process or function, as well as support processes or functions.

There is no limit to how many people should comprise the business continuity team or committee. A team could have only five people on board, or it could have as much as 20 or even 30 members. The number of people and the size of the team will largely depend on the nature of the business and the size and scale of its operations.

Step 3: Conduct a Business Impact Analysis (BIA)

Conducting a BIA is crucial since its results will be the major input in business continuity planning. Through BIA, the team will be able to predict or forecast the potential impacts or consequences of business operations. It will also aid the team in gathering information that will be helpful when it comes to developing strategies that can be adopted by the company for its recovery from the crisis.

Briefly, let us take a look at the core concerns of BIA:

  • Key business areas , or the core operations of the business;
  • Functions and processes of the business that are considered critical and/or time-sensitive;
  • The resources required to ensure the continuity of these key business areas and critical processes and functions;
  • The dependencies (and interdependencies) between and among the business areas and functions or processes;
  • The acceptable or tolerable downtimes for each critical process or function

The BIA will facilitate the prioritization of critical processes and functions (or critical products and services) of the company, so management will have a clearer idea on which areas need more resource allocation in case of an emergency. Usually, estimates and approximations are made with respect to financial variables, such as lost revenues, additional costs, and other possible losses.

Step 4: Strategizing and Planning

Based on the results of BIA, the team will then identify response and recovery strategies and plans to address the effects of the disruption, and present them in detail. It is in this phase where the team will provide details on the arrangements and measures that the company will undertake in order to mitigate threats and risks.

For every critical function, process, service, or product, there should be corresponding continuity responses, measures or plans. Cost estimates should also be included. That is how detailed this phase should be.

It should also talk about the readiness procedures that must be implemented, and how they will be implemented.

Step 5: Compilation and Documentation

This involves the writing of the Business Continuity Plan. Usually, there will be a first draft, since the succeeding steps involve testing the recovery plans and strategies, making adjustments and re-testing until such time that The Plan can be finalized.

Also, it is important to note that BCP is an ongoing process. That means that The Plan must be tested frequently, and updated when necessary. Thus, The Plan is subject to changes, as applicable.

Step 6: Implementation and Testing

The prevention and mitigation strategies formulated in Step 4 will now be implemented. This involves communication of the plan to all members of the organization, making them aware of their part in it. This involves training them on their roles if the event does happen. External stakeholders should also be made aware of the plan.

The emergency response and recovery strategies will undergo testing, mostly through drills and scenario exercises that will require the participation of the concerned employees or members of the organization. Through testing, the business continuity team will be able to assess whether the plan will be effective or not. This is their opportunity to make the necessary adjustments and corrections.

Testing and evaluation must be done periodically in order to take into account the ever-changing nature of businesses.

Step 7: Adjustments and Improvements

The program may need to be adjusted due to the following:

  • Evaluation and testing of the strategies may reveal that they are ineffective or inefficient
  • There may be deficiencies in the strategies
  • Some roles and responsibilities are vague and need clarification
  • Change in the roles and members of the business continuity team
  • Introduction or occurrence of new or additional factors or circumstances, such as new equipment, opening of a new branch, relocation of operations, and new technology or system that modified critical processes.

Since testing and evaluations are done periodically, there is an equal chance that the program has to be adjusted several times. It follows that the Business Continuity Plan will have to be rewritten to accommodate or reflect these adjustments.

WRITING THE BUSINESS CONTINUITY PLAN

After performing the first three steps mentioned above, you are now ready to compile and document your business continuity planning activities in the Business Continuity Plan, modifying it for finalization purposes after testing and audit. Basically, everything that you performed in BCM will be documented in The Plan.

Depending on the nature of the business, The Plan may have special features or additional parts. But generally, a Business Continuity Plan has the following sections:

1. Program Administration

Usually, this comes in the form of a Mission Statement which contains the following:

  • The purpose of the plan, stated to benefit and involve the organization as a whole and not in parts
  • The scope, goals and objectives of the company’s BCP
  • The methods of evaluation that will be employed
  • The budget, specifically the anticipated and estimated costs that will be required
  • Other resource requirements
  • Anticipated timeline of the conduct of BCP
  • Compliance with any relevant legal and/or regulatory requirements

2. Governance

This will detail the formation of the business continuity team. Emphasis must be placed on the following information:

  • The team members , their titles or designations, as well as their roles and responsibilities as members of the BCP team. Include their contact details.
  • The lines of authority and succession of management, clearly demonstrating the delegation of authority and accountabilities.
  • External entities or organizations that the business will interact with in the conduct of BCP. They include vendors, distributors, contractors, suppliers, and the like.

Presentation of this section is reinforced by including an organizational or functional chart showing the lines and interconnections among the members of the team and external parties.

3. Business Impact Analysis

Document all the results of the BIA conducted by the team. Again, be as detailed as you possibly can.

Results of any prior risk assessment procedures undertaken by the company should be included, as these will figure greatly in the conduct of BIA. By identifying the vulnerabilities of the company and their potential impact on its operations, the company will be able to determine its state of readiness and responsiveness in the event a disaster does happen that may cause disruptions.

Other points that must be highlighted in this section are:

  • Recovery Time Objectives (RTO) for business processes and functions , in case of disruption. This is basically the estimate of the maximum duration or length of time that disrupted processes and functions must be recovered or restored, before the continuity of the business is seriously threatened.
  • Recovery Point Objective (RPO) for data restoration. This is the maximum length of time in which data in a company’s IT infrastructure or database might be lost or inaccessible because of an emergency or disaster. When system designers and analysts are called in to work on recovery or restoration of data, they will know how much time they are given to accomplish that.

4. Business continuity strategies and requirements

All the plans, measures, procedures and arrangements, as well as the resources and other requirements to implement them, must be documented in this section, in great detail .

Take note that BCM is an ongoing process, which means planning strategies that will be employed before, during, and after a disruptive event.

Examples are detailed strategies and resource requirements for:

  • Installing physical protection facilities, systems and measures, such as emergency generators and storm shutters.
  • Diversification of resource providers and expanding the supply chain, maybe by looking for other alternative suppliers and vendors so as to not be entirely dependent on a single source.
  • Setting up off-site facilities as backups or alternates for servers, storage and warehousing, among other things
  • Set up of an incident response command center
  • Evacuation procedures
  • Information dissemination to the media and the general public
  • Delivery of notifications and status updates to suppliers, vendors, distributors and customers
  • Relocation or transfer of operations to another geographical area
  • Alternative methods or processes, such as manual workarounds , or temporary methods employed or used by the company to facilitate the continuation of critical processes and functions in the absence of normal systems and personnel
  • Data restoration, especially when the company’s information technology units received the brunt of the disruption

5. Training, Testing and Evaluation

With respect to Training, the Plan should include details of the following:

  • Training program or curriculum that will be followed by the members of the business continuity team and the other members of the organization.
  • Timeline or training schedule of the team members and other personnel

When evaluating the planned strategies, the following should be in The Plan as well:

  • Testing procedures for the recovery and response strategies
  • Testing schedule or timeline for the conduct of the procedures
  • Forms and documents that will be used in the testing and evaluation
  • Description and the finer details on the exercises that will be conducted

6. Program Maintenance

The Plan will also serve as a historical record or reference to trace how the business continuity management process went about. Thus, when writing about updates or adjustments made, there should be a reference on the deficiencies or issues that were addressed by the adjustments or corrective actions.

The Business Continuity Plan is essentially the Bible of the company during times of crisis or when it has to deal with the fallout of a disaster. Usually, people have trouble thinking straight during such major events and upheavals, and The Plan will serve as the guide that will steer the company in the right direction.

When writing a Business Continuity Plan, accuracy is of high importance, from the personal information of all individuals and entities involved to their roles and responsibilities. It should also remain relevant at all times, and that can be achieved by making sure that it is kept up to date. Finally, when writing The Plan, do it in such a way that it can be easily understood by everyone who reads it, from senior management to the lowliest employee in the organization. It won’t be of any use if trying to make sense of what it written on it becomes a hardship.

Comments are closed.

Related posts

7 Major Obstacles when Running a Franchise Business

Running a franchise can be cumbersome, especially if you are unfamiliar with the possible …

How to Measure the Effectiveness of Marketing Campaigns

It goes without saying that marketing is one of the biggest and most important expenditures that any …

Big Data: How to Manage Hadoop

In the era of Big Data, IT managers need robust and scalable solutions that allow them to process, …

408,000 + job opportunities

business continuity plans must be expanded to include all except

Not yet a member? Sign Up

join cleverism

Find your dream job. Get on promotion fasstrack and increase tour lifetime salary.

Post your jobs & get access to millions of ambitious, well-educated talents that are going the extra mile.

First name*

Company name*

Company Website*

E-mail (work)*

Login or Register

Password reset instructions will be sent to your E-mail.

IMAGES

  1. Planning for the Unthinkable: The 5 Phases of a Business Continuity

    business continuity plans must be expanded to include all except

  2. Business Continuity Plan in Times of Crisis

    business continuity plans must be expanded to include all except

  3. Business Continuity Planning a Must

    business continuity plans must be expanded to include all except

  4. 6+ Business Continuity Plan Templates

    business continuity plans must be expanded to include all except

  5. 7 Free Business Continuity Plan Templates

    business continuity plans must be expanded to include all except

  6. What Is A Business Continuity Plan?

    business continuity plans must be expanded to include all except

COMMENTS

  1. exam 3 part 1 Flashcards

    exam 3 part 1 Get a hint d.environment Click the card to flip 👆 Business continuity plans must be expanded to include all, except: a.business continuity b.communications c.technology d.environment Click the card to flip 👆 1 / 30 Flashcards Learn Test Match Q-Chat Created by Camree_Bartholomew Students also viewed Chapter 6 Global Bus 50 terms

  2. Business Continuity Planning (BCP)

    What to Include in a Business Continuity Plan. FINRA Rule 4370 gives a firm flexibility in designing a BCP. It may be tailored to the size and needs of the firm, but at a minimum it must include the following elements: Data backup and recovery (hard copy and electronic); All mission critical systems; Financial and operational assessments;

  3. What Is a Business Continuity Plan (BCP), and How Does It Work?

    A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to...

  4. 5 Step Guide to Business Continuity Planning (BCP) in 2021

    A business continuity plan (BCP) is defined as a protocol of preventing and recovering from potentially large threats to the company's business continuity. This article explains what a business continuity plan is today, its key benefits, and a step-by-step guide to creating a formidable plan. Table of Contents

  5. Working Toward a Managed, Mature Business Continuity Plan

    This basic model can be expanded to fit the specific needs of an organization in the context of business continuity planning. Corporate Hierarchy. Before creating a business continuity plan, it is important to understand that there are different hierarchical levels within an organization's structure (figure 2). People at each level are trying ...

  6. What does a business continuity plan include? 5 key elements

    1. Build your business continuity plan foundation As you reimagine your entire business resilience program, here's what your BC plans should include. Effective BC plans start with the following five essential framework elements: Objectives: What will the plan cover, and how does it fit into a larger organizational response to disruption?

  7. Business continuity plan (BCP) in 8 steps, with templates

    Develop a business continuity plan (BCP), and include or add an IT disaster recovery plan (DRP) and incident response plan (IRP). These plans should include information on what situations trigger the plan's activation. For example, the DRP is typically activated if IT infrastructure (hardware or software) is affected.

  8. How to create an effective business continuity plan

    A business continuity plan outlines the procedures and instructions that the organization must follow during such an event to minimize downtime, covering business processes, assets, human ...

  9. Business Continuity Planning

    Business Continuity Training Part 3: Planning Process Step 6. The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should "test" their business continuity plans. Organize a business continuity team and compile a business ...

  10. What Is Business Continuity?

    A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the ...

  11. Business Continuity Planning FAQ

    FINRA Rule 4370 (e) states: Each member must disclose to its customers how its business continuity plan addresses the possibility of a future significant business disruption and how the member plans to respond to events of varying scope. At a minimum, such disclosure must be made in writing to customers at account opening, posted on the member ...

  12. PDF BUSINESS CONTINUITY PLANNING GUIDELINES

    program interests are essential. The policy should include a definition of a ''crisis.'' Business Continuity Planning Team (BCPT) Based on the Risk assessment and Business Impact Analysis (BIA), a Business Continuity Planning Team with responsibility for BCP development that includes senior managers from all major

  13. Business Continuity Plans (BCPs)

    Next: Fixed Income Mark-up Disclosure. Download as PDF. The Business Continuity Plans (BCPs) section of the 2019 Report on Exam Findings informs member firms' compliance programs by describing recent findings and observations from FINRA's examinations, and, in certain cases, also providing a summary of effective practices.

  14. What Does a Business Continuity Plan Typically Include? [Complete Guide]

    A business continuity plan (BCP) is your first line of defense against any challenge that threatens the core functionalities of your organization's operations. When disaster strikes, your BCP should be there to reduce the time it takes to get things back up and running as usual again - as quickly as possible.

  15. 11 Critical Aspects Of An Effective Business Continuity Strategy

    Photos courtesy of the individual members. 1. Testing And Validation. Many companies fail to test their plans. A plan may look good on paper, but it must be validated and tested to make sure it ...

  16. Business Continuity & Disaster Recovery Planning (BCP & DRP ...

    In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures. The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization ...

  17. Business Continuity Planning Flashcards

    Business Continuity Planning 5.0 (1 review) Get a hint What does Business Continuity Planning address? Click the card to flip 👆 The preservation and recovery of the business in the event of outages to normal business operations. Click the card to flip 👆 1 / 44 Flashcards Learn Test Match Q-Chat Created by tmh0016 Students also viewed

  18. FINA 4311 CH 25-28 Flashcards

    All FINRA firms must have business continuity plans. Those plans must include all of the following except A) alternate methods of communicating with employees. B) alternate physical locations at least 100 miles apart in case of a disaster. C) methods of communicating with regulators. D) alternate methods of communicating with customers.

  19. How to Write a Business Continuity Plan

    Step 5: Compilation and Documentation. This involves the writing of the Business Continuity Plan. Usually, there will be a first draft, since the succeeding steps involve testing the recovery plans and strategies, making adjustments and re-testing until such time that The Plan can be finalized.

  20. 90q 5/31 Flashcards

    All FINRA firms must have business continuity plans. Those plans must include all of the following except A) data backup and recovery capability. B) prompt customer access to funds and securities if the firm is unable to continue business. C) the name of two emergency contact persons who are principals and members of senior management. D)

  21. Solved Business continuity plans must be expanded to include

    Answer to Solved Business continuity plans must be expanded to include | Chegg.com. Skip to main content. Books. Rent/Buy; Read; Return; Sell; Study. Tasks. Homework help; Understand a topic; Writing & citations; Tools. Expert Q&A; ... Business continuity plans must be expanded to include all, except:technologyenvironmentbusiness ...

  22. SIE CH. 15 Flashcards

    FINRA's requirement for maintaining a written business continuity plan includes all of the following, EXCEPT: The plan must be filed with FINRA. The plan must cover regulatory reporting in an emergency. A description of the plan must be available to customers. The plan must cover backing up and restoring data in an emergency.

  23. Chapter 27 (Quiz 1) Flashcards

    All FINRA firms must have business continuity plans. Those plans must include all of the following except A) alternate methods of communicating with customers. B) alternate methods of communicating with employees. C) alternate physical locations at least 100 miles apart in case of a disaster. D) methods of communicating with regulators.