Business Continuity Plan (BCP)
And
Business Continuity Management System (BCMS)
Today we are going to discuss very critical business function and is very much responsible for any business operation.
Every business is prone to a disaster and threats. No system is 100% secure now a days. These disruptions can come in many forms such as natural disasters, fire, long power outage, losing key employees, delayed deliveries, cyber-attacks, etc.
The capability of an organization to continue the delivery of products and services, within acceptable timeframes, at predefined capacity, during a disruption is known as business continuity. Means no disruption during incidents or recover the system within allowable time.
Business Continuity Planning (BCP) is a process of creating information systems environment in such a way that it could help in preventing and recovery from business disruptions from disasters or major incidents or threats.
Benefits
The goal of a BCP is to minimize operational risk in the face of a natural or man-made disruption/ disaster.
Business Continuity Policy
- A Business Continuity Policy provides framework for setting business continuity objectives. It is a Commitment to satisfy applicable requirements whether it is regulatory or legal or contractual. It is a commitment to continual improvement.
- It should be documented, reviewed, approved and signed by a top management.
- It should be communicated inside the organization and the interested parties.
Business Continuity Plan
Business Continuity Plan is defining steps that required to restore business processes following a disruption within an agreed time. The plan will also trigger for invocation, people to be involved, communications etc.
The business continuity plans are the tests/ plans/ strategy for testing the continuity of the system to deal the treats/risks to the organization. Any event that could negatively impact the operation need to be included in the BCP plan.
To completely define BCP one has to think two aspects;
- It should be ensured that an organization could continue business as normal, or on an acceptable level in the wake of disaster.
- IT should be restored/recovered to a state like that before the disaster.
Therefore, an organization should develop Business Continuity Plan (BCP) by below steps:-
- Conduct a Business impact analysis (BIA) to identify sensitive and critical functions, processes and resources that support them.
- Identify, document and implement to recover critical business functions.
- Organize or form a business continuity team and compile a business continuity plan.
- Conduct training and awareness for a business continuity team and testing the plans in regular interval.
Procedure for documenting BCP
- Identify and document a plan or test or drill to schedule for BCP. In case of of you are running one Data Centre or large network and server infrastructure, you need to identify the possible failures such as ups power failure, Fire at Data Centre, Internet failure, Switch/ Router failure Server failure, Storage Failure, PAC failure, Firewall failure, antivirus failure, etc. each test in a year.
- Document a Back-up and restore policy for each component or a service before the BCP test or drill.
- Identify and document emergency contact numbers during any emergency such as difficulties in recovery in case of incident.
- Before planning for BCP test communicate to stakeholders about the BCP schedule.
- Form or constitute BCP team such as BCP coordinator, emergency response team, BCP test team, data back-up and restore team.
- Invoke BCP plan as per the schedule and approved plans.
- All BCP plan should be approved earlier to the test by the management representative.
- Keep back up for the assets/ devices configurations, configuration documents hard copy, policy hard copy, testing method, recovery plans, emergency contact numbers.
- Keep observations on fail over and load test.
- Check the restoration after reboot or restart for its normal behavior.
- Analysis the risks identified during the tests/plans.
- Document the test results whether fail or success, total time taken for recovery, key personnel involved during the process.
- Approve the test result.
- If the test is not successful, always keep your roll back plan updated and handy.
- Conduct awareness and trainings on the improvement if any.
Business Continuity Management System (BCMS)
The international standard that defines the requirements for a BCMS (Business Continuity Management System) is ISO 22301: 2019 standard. It was first introduced at year 2012. It contains:
- Business continuity objectives and planning to achieve them
- Planning changes to the business continuity management system
- Business impact analysis and risk assessment
- Business continuity plans and procedures
So, this is just a fundamental knowledge on BCP and its procedure. Hope it may have helped in the understanding.
Please feel free to comment or provide your suggestions.