Business Continuity
The Basics
Emergency Planning and Business Continuity Team
Where Business Continuity Fits
Disaster
Recovery
Focussed
on ICT
Business
Continuity
Focussed on
Service
Delivery
Disaster Recovery
ensures you have back
up plans for your
organisation’s computer
and telephony systems.
Business Continuity ensures you have plans
for your organisation that ensure you can
continue to offer a level of service to your
customers during an emergency and return to
full service as quickly as possible.
Emergency
Planning
Focussed on
Community
Response
Emergency Planning is
undertaken by local and
central government
alongside the
emergency services to
ensure the local
community are assisted
and supported during
an emergency.
The Business Continuity Lifecycle
Source: The BCI Good Practice Guidelines
•
Understand your
organisation.
•
•
•
•
Write your plan.
Share your plan.
Test your plan.
Maintain your plan.
Key Steps to a BCP
Business
Impact
Analysis
Risk
Assessment
Resource
Requirements
Key
Information
Incident
Management
Completing a Business Impact
Analysis
To complete a Business Impact Analysis:
•
Step 1 – identify the business activities of your
organisation. These may include:
- internal activities such as payroll and purchasing.
- external activities such as providing a service or selling
a product to a customer.
•
This should be done at a level relevant to the structure
and complexity of your organisation.
Completing a Business Impact
Analysis
To complete a Business Impact Analysis:
•
Step 2 – assess for each activity what the realistic
timescale is before there would be an impact if that
activity could not be performed.
•
Assess the impact against prescribed timescales:
- within 24 hours
- between 1 and 3 days
- between 4 and 7 days
- more than 7 days
•
Use timescales that are relevant to your organisation.
Completing a Business Impact
Analysis
To complete a Business Impact Analysis:
•
Step 3 – assess for each activity what the realistic impact
is against prescribed factors if that activity could not be
performed.
•
Consider the following factors:
- Reputation
- Internal
- External
- Financial
- Legal/Regulatory
Next Steps
To understand your organisation:
•
Risks – what are the main threats that are likely to cause
disruption to you?
•
Resources – if the worst happens what resources will be
needed to enable a short term response and full recovery?
•
Key Information – if you have to respond who are the key
people you may need?
•
Incident Management – if you have to respond who will do
what?
Next Steps
To consider for your plan:
•
•
•
•
•
•
Format – small is good, use K.I.S.S approach.
Roles – if you have to respond who does what?
Invocation – who makes the decision?
Distribution – who has copies and where are they kept?
Testing – how do you make sure things work?
Maintenance – who is responsible for upkeep of the plan?