What is a business continuity plan? Why make a business continuity plan? Having a BCP for your company has several benefits. One of the most obvious is that your business can continue its everyday operations, thus allowing you to keep making sales. In the event that your office can’t be used because of disaster, you’ll know how to keep key business functions running by why do we have a business continuity plan ahead about how employees or key personnel can continue working from remote locations. You may also have a certain place ready to be used as your temporary office if needed. When disaster strikes it can stop your business operations immediately.
Without a business continuity plan, you have to figure out what to do next the moment it happens. However, if you have an existing plan in place, you can immediately start to execute what needs to be done so that you get your business up and running in no time. Time means money in every business and that’s why it’s important not to waste any time unnecessarily. If your business operations stop, your customers may start trying out other products or services from other companies. They may forget about you if they don’t feel your presence.
Factors to consider when creating a BCP Since every business is unique, there’s no single BCP that works for all. However, there are common factors that must be considered by every company when devising one. As with any project or program, there should be a committee to take over the management of the business continuity process. This is unlikely to be achieved by a single person. It is best being a collaborative effort, where people have specific roles such as appointing an executive sponsor that takes care of funds and coordinators who oversee the overall process. You need to determine which products and services are the most important to your business operations. Ranking your products according to how critical their impact to your business is will help you determine which products to prioritize during the recovery phase. With this in mind, you can prevent bigger losses and maximize the efficiency of your recovery process.
Plan creation After determining which products, services, and functions are most vital to your business, you can start creating a plan on what to do in the event of a disaster. It should clearly tell the process that must be followed, as well as the specific roles of individuals. There are existing sample plans that you can find on the Web and you can follow the format of a business in the same industry and customize the plan to suit your individual company. Plan review Your BCP plan must be studied carefully for quality. Every area should be reviewed properly to ensure the plan is a success. Since the needs and processes of the company may change, it’s also important to review the plan once or twice a year to ensure that it’s still appropriate for your business. If you are truly serious about establishing business security, a BCP isn’t a process that you can easily neglect. Remember, you never know when a disaster can strike!
The sooner you get a plan of action, the better. Contact us today to see how we can help you develop a plan that will work for your business. Both comments and trackbacks are currently closed. Learn more about our small business online marketing services. Permission required to use any content or RSS feeds from this website. Pronto Marketing and part of Pronto’s complete IT services marketing program. Learn more how you can take advantage of this original content within a suite of marketing services at one low monthly price.
As we all know, when analysing threats to an organisation we need to calculate the risk each threat poses. Based on the risk score the organisation then usually agrees the course of action to manage the threat i. The problem is that the scoring of probability is inherently flawed. How high would you rate the probability of your home being broken into? Now what if I say to you that a professional burglar has just rented the house next door to you and add that he has taken a liking to the expensive home entertainment system he has caught sight of through your window? I would guess that the probability rating has just moved up a notch or two. I would never have believed that Fred could have stolen money from the firm. He always seemed such a nice chap.
Basically the problem with probability is that it is based on subjective judgement and an analysis of the facts as we know them at that time. If we are not aware of all of the facts then it follows that our risk assessment is flawed. Also the majority of people are optimists and hence don’t believe that bad things will happen to them. This view transfers to the organisational setting as well. So what am I getting at? Well the way I see it, we always need to assume the worst case scenario i.
To withstand and thrive during these many threats, it does not matter if I rate risk A at a probability of 4 on a scale of 1 to 5 and rate risk B as a 2. Ups are the same, but the emphasis was still only on IT recovery. When writing about updates or adjustments made, except in the use of staff time. This involves communication of the plan to all members of the organization; bCP improves the overall efficiency of the organization. Even from friends and family, less detail is fine if you aren’t raising money or taking on much risk.
Business continuity plans should not just cover the traditional fire, flood, explosion type threats. In a world where information is power, and technology and automated systems are critical business enablers, we must also cover the response to serious information security related threats. If your organisation has a business continuity plan, including the requisite response teams and escalation process underpinning it, is the plan flexible enough to cover an information security threat materialising? One way to check this is to test it through a straightforward tabletop exercise. Such an exercise will help to understand whether or not the business continuity plan is appropriate to handle information security related threats materialising.
The plan should also test that an escalation process exists and is appropriate to serious information security breaches. If it isn’t then can I be so bold as to suggest that you update it as a priority? Combining an exhibition, free seminars and a paid for high level conference, the event will be held at London’s Excel, Docklands from 28th-29th March 2007. I agree totally with Brian’s article although he could have gone further. I am an information security manager and have always found that all sorts of Risk functions are so disconnected as for their efforts to be wasted. Given the risk factors, probability and impact it is the general role of Business Continuity to deal with everything that occurs when the probability has been passed and the impact has occurred. I feel that it is time for all operational risk areas to merge as the relationships between them mean that they can no longer act as separate entities. In looking at probabilities we are guessing at the future based partly on our experience and partly on observable factors. However, to say that the best course is to say that the probability is always the worst case, in other words 100 percent certain, is not only unprofessional, but would not be believed by management. The goal is not to accurately guess the exact probability.