Creating Business Continuity Planning

Creating a Business Continuity Planning can take long time and money which may never payback. It’s also important to understand that once Business Continuity Planning was developed, there may be no specific end; it is a continuous process that includes testing, maintaining, and updating as needed. There are many paradigms for developing the Business Continuity Planning that focus on the client/server and enterprise environments, the traditional phase’s remains essential in all paradigms.

The traditional phase’s involved in Business Continuity Planning:

I. Project Management and Initiation: Upper level management like Chief Executive Officer (CEO), the Chief Operating Officer (CFO), and the Chief Information Officer (CIO), and the Chief Financial officer (CFO) should involve in creating Business Continuity Planning. “Business Continuity Planning is worthless without upper-level management team” (Eric, Seth, & Joshua, 2010). The upper-level management should establish a project team and support project management approach to develop the plan. Upper-level management should involve in developing plan as they have enough power and authority to speak for the entire organization when dealing with media during a disruption events.

II. Business Impact Analysis (BIA): This phase is very important as all the critical business processes are identified, and determines their maximum tolerable downtime. Business Impact Analysis doesn’t worry about what can cause the disruption, “it is concerned only with identifying consequences in terms of financial loss, additional expenses, and embarrassment due to expected duration of the interruption” (Harold, 2009).

III. Recovering Strategies: This is another important stage in Business Continuity Planning. Based on Business Impact Analysis, various alternatives are identified and selected for appropriate situation that meet the recovery time requirements as per Business Impact Analysis.

IV. Plan Design and Development: In this phase all the findings of Business Impact Analysis and results of Recovery Strategies are well documented, in a way such that a capable person can understand them easily to implement.

V. Testing, Maintenance, Awareness, and Training: This is a continuous phase though out the organization. There should be a timely manner testing on Business Continuity Planning which will help in updating and maintain it properly. There should be some kind of program to bring awareness among employees about Business Continuity Planning and which should also involve training in recovery strategies.

References: Harold F. Tipton (2009). OFFICIAL (ISC)2 GUIDE TO THE CISSP CBK. 2e, CRC Press.

Business Continuity Planning: Introduction & Definition

Today’s businesses are not willing to take any risk of losing their business. But businesses are facing risk in the form of natural disaster, human error, terrorist attacks, and in many forms. Natural catastrophes like flooding, hurricanes or earthquakes can occur at any time; an anger employee may break into information system and steel some significant information, which may cause loss to business. In this type of situations companies must resume their business to normal operations as quickly as possible to continue their business. To do so many businesses started developing Business Continuity Planning. According to the Business Continuity Institute a business continuity plan is

“A document containing the recovery timeline methodology, tested- validated documentation, procedures, and action instructions developed specifically for use in restoring organization operations in the event of a declared disaster. To be effective, most Business Continuity Plans also require testing, skilled personnel, access to vital records, and alternate recovery resources including facilities”.

In other words Business Continuity Planning is a properly written document with procedures and information, which will help a business to continue after unexpected events of an emergency or disaster.

Objectives of Business Continuity Planning:

  • To minimize the amount of loss
  • Provide an immediate, accurate, and measured response to emergency situations
  • Facilitate to resume the critical business functions within a predetermined period of time
  • Procedures and resources to restore critical business functions and IT applications
  • Procedures must be documented in a clear way so that a knowledgeable person can execute them
  • Describe the alternatives to restore critical operations.