Business Continuity Plans (BCP)
Paul D. Singleton Jr.
March 11, 2015
ISSC481: IT Security: Planning and Policy
Karen Paullet
American Public University
Business Continuity Plans (BCP) The Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP) are twin resources derived to preserve vital organization operations when facing an unsuspecting disaster. A disaster can be either natural or man-made. Natural disasters include floods, fires, earthquakes, and lightning strikes. Some of the more common man-made disasters are acts of terrorism, thefts, office violence, and sabotage. However, for business any action that stops or reduces productivity, it is conceived as being a disaster. For example if you are an
…show more content…
They established the Interagency Paper on Sound Practices on September 5, 2002 “to Strengthen the Resilience of the U.S. Financial System…and described a series of sound practices that were identified by industry participants during a series of interviews and meetings with the agencies” (“Interagency Paper,” 2003). BCP has evolved to where it’s used for regaining normal operations in a timely manner and meeting compliance requirements. Business Continuity Planning Management may have differing guidelines for building a plan, depending on the business sector. However, many are using the National Commission on Terrorist Attacks (NFPA) 1600 as the bases for building a BCP plan. The guideline includes ten essential elements that include: Program Initiation & Management, Risk Evaluation & Control, Business Impact Analysis, Business Continuity Strategies, Emergency Response & Operations, Business Continuity Plan, Awareness & Training, Business Continuity Plan Exercise, Audit & Maintenance, Crisis Communications, and Coordinate with External Agencies. According to Clas (2008), “Going through the emergency preparedness and business continuity planning process is an extensive undertaking for most business. When done correctly, it is a quantifiable, sound investment” (para, 22). Business Continuity Plan falls in middle of these elements and is an integral key to emergency preparedness
The first step towards creating a serious BCP is to identify the potential disasters one by one and determining what the potential impact might be on your business. In order to generate a professional and sound BCP, you have to understand the degree of the potential loss, which could occur. Some of the factors you
Business Continuity and Disaster Recovery (BCDR or BC/DR) are closely related practices that describe an organization's preparation for unforeseen risks to continued operations. The trend of combining business continuity and disaster recovery into a single term has resulted from a growing recognition that both business executives and technology executives need to be collaborating closely instead of developing plans in isolation.
Good Business Continuity Planning starts with being proactive. That means taking concrete steps to plan for an incident much before it actually strikes. There is no one single approach that fits for all types of incidents as no two emergencies are identical. Much of business continuity planning varies based on the size of the company, company’s line of business, and the locations of the company, customers and suppliers.
Business Continuity Planning is a method, which is supported and funded by management, designed to assist businesses with identifying potential risks, threats, and losses. Business Continuity Planning primary purpose is to identify/develop security measures to reduce and safeguard from the risks and threats.
Continuity planning is very important because it will help ensure that our Constitution is maintained during all types of disasters or incidents (Bush, 2007). That is why the Federal Government has established eight National Essential Functions (NEFs) that must be maintained at all times and the purpose of the NEFs is to allow the Government to be able to function under the Constitution at all times, no matter what circumstances or emergencies are occurring (Homeland Security Council, 2007). The first one of the eight NEFs is to ensure that the Government is able to maintain and ready to activate effective Continuity of Operations Plans (COOPs) whenever an incident or emergency occurs (Homeland Security Council, 2007).
Sweaters are a comfortable, cozy option that's easy to wear. Amazon has sweaters in a variety of styles including oversized sweaters for women. Our sweaters come in colors, patterns, and designs to appeal to almost everyone. Take advantage of our low prices to build up a your sweater collection.
Senior management concern in the development of plan helps in creating a more robust plan where every need is met in a more effective way. In case of any disaster recovery or business continuity plan, main focus is always to find a way through which business operations keep on the track. For this purpose, plan should include methods through which workers would interact with each other and carry out their routine
First, Incident Response (IR) plan “is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.” (Whitman, 2013, p. 85). Consequently, Incident response planning (IRP) is the planning for an incident, which occurs when an attack affects information systems causing disruptions. On the other hand, Disaster Recovery (DR) plan “entails the preparation for and recovery from a disaster, whether natural or human-made.” (Whitman, 2013, p. 97). For instance, events categorized as disasters include fire, flood, storm or earthquake. Thus, the differences between an Incident Response (IR) plan and a Disaster Recovery (DR)
In this study, the fields of emergency management, business continuity, strategic planning and scenario futuring were critically analyzed with a goal of developing an integrated strategic contingency planning model. This model will assist organizations in bringing their contingency planning program to a strategic level. Contingency planning can be fully integrated with day-to-day business processes if a new mindset is promulgated in the organization. Contingency planning no longer needs to be an isolated, specialized
Disasters have become an inevitable part of businesses and organizations as well. They not only have a major effect on business and organizational continuity; they also result to an overhaul in organizational operational mechanisms (Awasthy, 2009). It is for this reason that many organizations and business resort to preparing business continuity plans and disaster recovery plans that will facilitate better disaster management in future. Effective disaster recovery plans are important to every business and organization (Thejendra, 2008).
Disaster recovery plan (DRP) is a clearly defined and documented plan of action for use at the time of a crisis. Typically a plan will cover all the key personnel, resources, services and actions required to implement and manage the DR process (comission, 2014).
Every business and organization can experience a serious incident which can prevent it from continuing normal operations. This can happen any day at any time. The potential causes are many and varied: flood, explosion, computer malfunction, accident, grievous act... the list is endless.
As a consultant brought into an organization concerned about business continuity I would recommend to first perform a Risk Assessment Analysis and/or Business Impact Analysis (BIA). Conducting a business impact analysis will allow an organization to know the system or application’s downtime tolerance. The analysis will identify all systems and applications that can experience little to no downtime. Conducting risk assessment analysis will allow the organization to identify all the risks at the beginning and during the life of the organization, and grade the risks in terms of likelihood of occurring and seriousness of impact on the organization. Either analysis is an excellent tool and will result in the beginning creations of disaster recovery and business continuity planning. If using the BIA method a good first step is identifying the business’ most crucial systems and processes to assess what effect the outages will have on the business. All systems or applications should have a back-up location offsite to ensure business continuity. The higher the impact the more money a company should spend in order to quickly gain restoration of their business.
Owning a business can have many stressors day to day. When starting a business there is a lot of planning and preparation involved. Many small businesses are owners who have put their own money into the business and look at it as an investment. Unfortunately with all the planning that goes into starting a business, one thing is often over looked. Most of the time the “what ifs”, are not part of the planning stage. One reason for this is that people do not like to think of the bad things that could or may happen. So with all the time and planning put into starting a business why not put some extra thought into a plan B if a disaster strikes? This plan B could be a business continuity plan or a disaster recovery plan. Business continuity plans are an essential part of the modern day business. There are so many potential disasters for small businesses that could seize the production or even close the business down for good. A recent study from Gartner Inc., found that “90% of companies that experience data loss go out of business within two years. It also found that 80% of company owners have not thought about how they would keep their businesses up and running if a data disaster occurs.” According to the Association of Records Managers and Administrators, “about 60 percent of businesses that experience a major disaster such as a fire close
Unfortunately, DRP for businesses still lacks a methodological direction [5]. For years, many organizations have ignored the significance of disaster management and continuity planning [55]. Based on reports,43 percent of Organizations influenced by severe disasters never reopened, and about 30 percent of them failed within 2 years [24]. Such statistics emphasize the need for proactive approach by organizations equipped with a decision support framework to effectively protect their processes against disruptions and reduce their negative impacts. According to the disaster management’s life-cycle, two main phases are commonly distinguished as pre-disaster phase and post-disaster phase [133]. In pre-disaster phase, emergency managers have moved their focus beyond the immediate response and short – term recovery and are now re-focusing their efforts more on the continuity of organizations. In this phase, professionals are placing greater emphasis on the resilience of organizations [73].