Policies and Guidelines

Developing a Business Continuity Plan

Last Updated: April 15, 2011
Reviewed: January 11, 2010

Purpose

To achieve optimal efficiency and effective use of the technology in the workplace, a department must have a detailed Business Continuity Plan (BCP) to reestablish essential business functions in the event of a disaster. Thorough planning can potentially minimize:

Scope

Departmental management, technology staff, and users.

Process Overview

A Business Continuity Plan (BCP) is a detailed manual with procedures, responsibilities, and critical information needed to execute a recovery from the loss of facilities and information resources due to a disaster.

Developing a BCP is a complex process involving detailed, comprehensive analysis that can essentially be broken down into three phases:

PHASE I - Developing a Risk & Business Impact Analysis

  1. Complete a Risk Assessment
  2. Complete a Business Impact Analysis (BIA) Questionnaire
    1. Answer questions
    2. Format report
    3. Identify priorities
    4. Determine resource dependencies
    5. Organize, tabulate and summarize data
    6. Read and understand the elements of the recovery strategy

PHASE II - Developing a Recovery Plan

  1. Consider the elements of a Recovery Plan
  2. Document incident response procedures
  3. Identify support function procedures
  4. Build appendices (attachments, activity, reports and logs, etc.)
  5. Build a glossary and footnotes

PHASE III - Developing Strategies for Testing and Maintaining the Business Continuity and Recovery Plans

  1. Identify applications/business functions or other aspects of the BCP that require testing and maintenance
    1. Define the goals and objectives of the test
    2. Select testing method(s)
    3. Conduct exercises
    4. Evaluate exercises
  2. Develop a strategy for maintaining the Recovery Plan
    1. Create schedules and budgets for update and maintenance activities
    2. Consider using a software to assist in the maintenance process
    3. Establish review criteria
    4. Define program status, reporting, and audits
    5. Define plan distribution and security
    6. Establish a tentative date for the next exercise
    7. Develop an annual schedule for updating the BCP

References

Procedures