Medium exercises - Several departments, teams or disciplines concentrate on multiple BCP aspects; the scope can range from a few teams from one building to multiple teams operating across dispersed locations.
Pre-scripted "surprises" are added. Complex exercises - All aspects of a medium exercise remain, but for maximum realism no-notice activation, actual evacuation and actual invocation of a disaster recovery site is added. While start and stop times are pre-agreed, the actual duration might be unknown if events are allowed to run their course.
Maintenance[ edit ] Biannual or annual maintenance cycle maintenance of a BCP manual  is broken down into three periodic activities. The more frequently you back up your system the more expensive it becomes — would it matter if you lost a week of data?
Do you need your systems to be replicated in real-time? Disaster recovery: Establish a way to recover a data center at a different site if a disaster destroys the primary site or otherwise renders it inoperable.
Evolution of business continuity plans Business continuity planning emerged from disaster recovery planning in the early s. Financial organizations, such as banks and insurance companies, invested in alternative sites. Backup tapes were stored at protected sites away from computers. Recovery efforts were almost always triggered by a fire, flood, storm or other physical devastation. The s saw the growth of commercial recovery sites offering computer services on a shared basis, but the emphasis was still only on IT recovery.
The s brought a sharp increase in corporate globalization and the pervasiveness of data access. The Business Continuity Plan will outline the steps needed to achieve this goal. Readiness to implement the IT Business Continuity Plan - when critical services have been identified, steps as per Business Continuity Plan should be taken to ensure that these critical services keep functioning in the face of a disaster, or at the very least, are restarted in the least possible time.
Testing and training - every Business Continuity Plan will look impressive on paper. It is only by testing the plans will the shortcomings be detected and fine tuning done. Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios. This will help identify any weaknesses in the plan which can then be identified and corrected.
In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.
Key Takeaways Business continuity planning BCP is the process a company undergoes to create a prevention and recovery system from potential threats such as natural disasters or cyber attacks. This involves six general steps: Identify the scope of the plan. Identify key business areas. Identify dependencies between various business areas and functions.
Determine acceptable downtime for each critical function. Create a plan to maintain operations. One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel and backup site providers.
Remember that the disaster recovery plan is part of the business continuity plan, so developing a DR plan if you don't already have one should be part of your process. And if you do already have a DR plan, don't assume that all requirements have been factored in,O'Donnell warns. You need to be sure that restoration time is defined and "make sure it aligns with business expectations. People generally like to share "war stories" and the steps and techniques or clever ideas that saved the day.
Their insights could prove incredibly valuable in helping you to craft a solid plan. The importance of testing your business continuity plan Testing a plan is the only way to truly know it will work, says O'Donnell. However, a controlled testing strategy is much more comfortable and provides an opportunity to identify gaps and improve.
How much will it cost to shift production from one product to another? In an always-on, 24x7 world, global companies can gain a competitive advantage — or lose market share — depending on how reliably IT resources serve core business needs. Another example would be a company that uses paper forms to keep track of inventory until computers or servers are repaired, or electrical service is restored. Prioritize critical services or products Once the critical services or products are identified, they must be prioritized based on minimum acceptable delivery levels and the maximum period of time the service can be down before severe damage to the organization results. The plans typically include ways to defend against those risks, protect critical applications and data and recover from breach or failure in a controlled, measurable way. Readiness to implement the IT Business Continuity Plan - when critical services have been identified, steps as per Business Continuity Plan should be taken to ensure that these critical services keep functioning in the face of a disaster, or at the very least, are restarted in the least possible time.
For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel including business partners and vendors who would be needed. The purpose of a simulation is to determine if you can carry out critical business functions during the event. Fiber can get cut. Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Loss of supply chain Loss of reputation You should consider who would be the best people in your organization to respond to a crisis, record their details as the Response Team and give them the appropriate training and plans to succeed. Would fines or penalties from breaches of legal responsibilities, agreements, or governmental regulations be an issue, and if so, what are the penalties?
Impact scenarios are identified and documented: need for medical supplies  need for transportion options  civilian impact of nuclear disasters  need for business and data processing supplies  These should reflect the widest possible damage. Are there any regulations that would restrict shifting production?
Proper equipment and furnishings must be installed before operations can begin, and a substantial time and effort is required to make a cold site fully operational. The risk of having an organization's "license to operate" withdrawn by a regulator or having conditions applied retrospectively or prospectively can adversely affect market value and consumer confidence.