Business continuity has always been important within Britain, however, historically, it was more a case that only large global companies would prepare for such disasters. In more recent times, there has been a shift from only large companies preparing for the worst scenario to smaller companies preparing themselves for many eventualities. With the increase in business standards, insurance policies and compliance policies requiring a business continuity plan to be in place; there has been a rapid growth in companies preparing themselves with a business continuity plan.
Think of a business continuity plan as an inexpensive form of insurance against disaster for your company. Even so, very few companies put forth the effort of drawing one up. In their defence, the task can seem daunting to those who have never done it before.
Analyzing the Five Different Steps of the Business Continuity Planning Cycle
The business continuity planning cycle consists of 5 primary steps:
- Solution Design
- Testing & Organization Acceptance
While there are still other steps that a business may wish to include, these are the 5 that are included in every BCP plan.
The analysis stage of the business continuity planning cycle is perhaps the largest. It usually consists of impact analysis, threat analysis, and impact scenarios as well. Business impact analysis, or BIA, is done in order to differentiate between urgent and non-urgent functions and activities of the organization. Threat analysis includes the documenting of any potential disasters that could befall the company including disease, earthquakes, fires, floods, hurricanes, utility outage, and even terrorism.
After the threats have been listed, it is recommended that you create impact scenarios that take into consideration the worst possible outcomes associated with these threats. Once the analysis phase has been completed, you will want to make sure everything is documented.
During the solution design phase of the business continuity planning cycle, you will want to identify the most cost-effective way to deal with each disaster recovery plan that you have developed during the analysis stage. The following things should be taken into consideration:
- The command structure
- The location of the work site where you will relocate to if necessary
- The telecommunications options between primary and secondary work sites
- Data replication methodology
- The application and software required
- The physical data requirements
The implementation phase of the business continuity planning cycle is quite simple. It involves the execution of each of the design elements you listed in the solution design phase. When the solutions are being implemented you may then take part in work package testing.
Testing and Organizational Acceptance
During this phase, you will want to make sure that the solutions developed during the previous stages are sufficient to address the company’s recovery requirements. This is accomplished by testing which may include
- Crisis command team testing
- Technical swing tests
- Application tests
- Business process tests
The testing should be conducted either once or twice a year at least. During this phase you may find that certain plans fail to produce the required results due to insufficient recovery requirements, design flaws, or implementation errors. Regardless of what went wrong, any problems will be addressed during the next stage.
The maintenance phase of your BCP manual includes three different periodic activities. You will want to confirm the information in the manual by providing training to each of your staff members whose roles are critical in your plan. Second, you will test and verify the technical solution involved in your recovery plan. Third, you will test and verify the organization recovery procedures.
As you can see, the entire process of creating a BCP manual is lengthy and never truly ends. Once you have finished with the maintenance stage you’ll then continue on by repeating the entire process beginning with the analysis.