by Doug Cassell, Seattle Business Preparedness Examiner
A complete Business Continuity (BC) plan requires certain basic components. Some of them should be created in order, because the build on the information collected in previous steps. The following are some basic minimum components every plan should have:
- Risk/Threat Assessment – This contains both physical risks (I’m located in the path of Mt. Rainier for example), as well as business risks including financial exposures, employee issues, legal, etc.
- Business Impact Assessment – This should be approached from the business side of any company. What would be the impact (on company finances, employees, customers, vendors, legal issues, etc.) of losing business functions. This also helps align company business goals with IT priorities. Because this allows financial impact to be measured, this analysis is often used to justify investment in BC related costs, IT upgrades, hiring of personnel, etc.
- Business Continuity Plan – If an event of any kind prevents your company from doing business as usual, how do we plan to continue business. This is often scenario based, but if your scenarios are carefully designed you can prepare for most likely events. This plan usually contains recovery steps and checklists, etc.
- IT Continuity Plan – Because IT can be essential to operating all parts of a business, and because its recovery is usually very high in priority and complex in nature, many companies choose to create a separate IT Continuity plan. This plan contains detailed recovery instructions and order of recovery for critical applications, and plans to mitigate data loss and/or loss of computer processing for critical systems and information.
- Emergency Response Plan – This plan is the first plan invoked when the event affects facilities or people. It is concerned with protecting people and property and insuring safety. Once these things are under control, the BC and IT continuity plans can be invoked, and recovery of the business processes can begin.
For more information: There are many standards and resources available to assist with creating plans, which I will discuss in a future article. For now, I will recommend one of the most commonly used guidelines which is NFPA 1600, created by the National Fire Protection Association. A copy of the most recent revision is located here.
