Business Continuity The Basics Emergency Planning and Business Continuity Team Where Business Continuity Fits Disaster Recovery Focussed on ICT Business Continuity Focussed on Service Delivery Disaster Recovery ensures you have back up plans for your organisation’s computer and telephony systems. Business Continuity ensures you have plans for your organisation that ensure you can continue to offer a level of service to your customers during an emergency and return to full service as quickly as possible. Emergency Planning Focussed on Community Response Emergency Planning is undertaken by local and central government alongside the emergency services to ensure the local community are assisted and supported during an emergency. The Business Continuity Lifecycle Source: The BCI Good Practice Guidelines • Understand your organisation. • • • • Write your plan. Share your plan. Test your plan. Maintain your plan. Key Steps to a BCP Business Impact Analysis Risk Assessment Resource Requirements Key Information Incident Management Completing a Business Impact Analysis To complete a Business Impact Analysis: • Step 1 – identify the business activities of your organisation. These may include: - internal activities such as payroll and purchasing. - external activities such as providing a service or selling a product to a customer. • This should be done at a level relevant to the structure and complexity of your organisation. Completing a Business Impact Analysis To complete a Business Impact Analysis: • Step 2 – assess for each activity what the realistic timescale is before there would be an impact if that activity could not be performed. • Assess the impact against prescribed timescales: - within 24 hours - between 1 and 3 days - between 4 and 7 days - more than 7 days • Use timescales that are relevant to your organisation. Completing a Business Impact Analysis To complete a Business Impact Analysis: • Step 3 – assess for each activity what the realistic impact is against prescribed factors if that activity could not be performed. • Consider the following factors: - Reputation - Internal - External - Financial - Legal/Regulatory Next Steps To understand your organisation: • Risks – what are the main threats that are likely to cause disruption to you? • Resources – if the worst happens what resources will be needed to enable a short term response and full recovery? • Key Information – if you have to respond who are the key people you may need? • Incident Management – if you have to respond who will do what? Next Steps To consider for your plan: • • • • • • Format – small is good, use K.I.S.S approach. Roles – if you have to respond who does what? Invocation – who makes the decision? Distribution – who has copies and where are they kept? Testing – how do you make sure things work? Maintenance – who is responsible for upkeep of the plan?