Unfortunately, experience has shown that a great many organizations do not have a Business Contnuity Plan (BCP) and/or a Desaster Recovery Plan (DRP). What follows from this? Organizations are not prepared to maintain business continuity in situations that disrupt normal functioning (incidents, breakdowns, crises, etc.).
What is a Business Continuity Plan?
A Business Continuity Plan is a document or set of documents that allows an organization to respond to disruptions (incidents) and to resume, recover and restore the provision of products and services in line with its business continuity objectives. That is, the result of creating a BCP is to achieve such a level that there is no interruption in the functioning of the organization (in particular its critical processes) in the event of an event that may or may lead to a disruption, loss, emergency or crisis situation.
What are the main goals of the Business Continuity Plan?
We can define goals for creating a business continuity plan(-s):
- meeting the requirements for continuing and restoring priority actions within the specified timeframe and agreed capacity;
- maintaining the organization’s ability to meet obligations towards customers and partners, preventing and counteracting possible violations of the normal functioning of the organization;
- maintaining the level of management of the organization, which allows to provide conditions for making rational and optimal management decisions, their timely and full implementation;
- ensuring favorable working conditions and the safety of employees, the safety of guests on the premises of the organization;
- reducing the severity of the consequences of violating the daily functioning of the organization (including the amount of material losses, loss of information, loss of business reputation);
- ensuring that business continuity arrangements are consistent with national and / or regional policies, procedures and plans, legal, regulatory and organizational requirements.
Business continuity plans should provide guidance and information to help teams respond to disruptions and assist the organization in responding and recovering.
What should the Business Continuity Plan/Plans contain?
In total, business continuity plans should include:
1) details of the actions that the teams will take in order to:
- continue or recover prioritized activities within predetermined time frames;
- monitor the impact of the disruption and the organization’s response to it;
2) reference to predefined thresholds and process for activating the response;
3) procedures to enable the delivery of products and services at agreed capacity;
4) details to manage the immediate consequences of a disruption giving due regard to:
- welfare of individuals;
- preventing of further loss or unavailability of prioritized activities;
- impact on the environment.
Business continuity and ISO standards
The international standard ISO 22301 Business Continuity Management Systems enables organizations to support their functioning and maintain business continuity, offers valuable information useful in strategic planning, risk management, supply chain management, business transformation and resource management.
Do you want to implement a Business Continuity Management System based on the ISO 22301 standard or its elements?
We encourage you to follow our news, where we will publish practical tips in the field of business continuity management and the creation of Business Continuity Plans (BCP), as well as contact our experts.
Sources used:
ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements
