Creating a Business Continuity Planning can take long time and money which may never payback. It’s also important to understand that once Business Continuity Planning was developed, there may be no specific end; it is a continuous process that includes testing, maintaining, and updating as needed. There are many paradigms for developing the Business Continuity Planning that focus on the client/server and enterprise environments, the traditional phase’s remains essential in all paradigms.
The traditional phase’s involved in Business Continuity Planning:
I. Project Management and Initiation: Upper level management like Chief Executive Officer (CEO), the Chief Operating Officer (CFO), and the Chief Information Officer (CIO), and the Chief Financial officer (CFO) should involve in creating Business Continuity Planning. “Business Continuity Planning is worthless without upper-level management team” (Eric, Seth, & Joshua, 2010). The upper-level management should establish a project team and support project management approach to develop the plan. Upper-level management should involve in developing plan as they have enough power and authority to speak for the entire organization when dealing with media during a disruption events.
II. Business Impact Analysis (BIA): This phase is very important as all the critical business processes are identified, and determines their maximum tolerable downtime. Business Impact Analysis doesn’t worry about what can cause the disruption, “it is concerned only with identifying consequences in terms of financial loss, additional expenses, and embarrassment due to expected duration of the interruption” (Harold, 2009).
III. Recovering Strategies: This is another important stage in Business Continuity Planning. Based on Business Impact Analysis, various alternatives are identified and selected for appropriate situation that meet the recovery time requirements as per Business Impact Analysis.
IV. Plan Design and Development: In this phase all the findings of Business Impact Analysis and results of Recovery Strategies are well documented, in a way such that a capable person can understand them easily to implement.
V. Testing, Maintenance, Awareness, and Training: This is a continuous phase though out the organization. There should be a timely manner testing on Business Continuity Planning which will help in updating and maintain it properly. There should be some kind of program to bring awareness among employees about Business Continuity Planning and which should also involve training in recovery strategies.
References: Harold F. Tipton (2009). OFFICIAL (ISC)2 GUIDE TO THE CISSP CBK. 2e, CRC Press.