Infrastructure Operations icon

Develop a Business Continuity Plan

Streamline the traditional approach to make BCP development manageable and repeatable.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

View Storyboard

Solution Set Storyboard thumbnail

Contributors

  • Dr. Bernard A. Jones, MBCI, CBCP, Berkeley College
  • Kris Roberson, Disaster Recovery Analyst, Veterans United Home Loans
  • Trevor Butler, General Manager of Information Technology, City of Lethbridge
  • Robert Miller, Information Services Director, Witt/Kieffer

Your Challenge

  • Natural disasters such as Hurricane Sandy have increased executive awareness and internal pressure to create a business continuity plan (BCP).
  • Similarly, industry and government-driven regulations are placing more focus on business continuity capabilities.
  • Customers are also demanding that organizations provide evidence that they have a workable BCP before agreeing to do business.

Our Advice

Critical Insight

  • BCP requires input from multiple departments with different and sometimes conflicting objectives. There are typically few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.
  • As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes, and therefore, their requirements to resume business operations better than anyone else.
  • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.

Impact and Result

  • Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP becoming an overwhelming project.
  • Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
  • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a business continuity plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Define BCP scope, objectives, and stakeholders

Assess current maturity, establish a team, and choose a pilot business unit. Identify business processes, dependencies, and alternatives.

2. Define RTOs and RPOs based on your BIA

Define an objective impact scoring scale, estimate the impact of downtime, and set recovery targets.

3. Create a recovery workflow

Build a workflow of the current steps for business recovery. Identify gaps and risks to recovery. Brainstorm and prioritize solutions to address gaps and mitigate risks.

Guided Implementations

This guided implementation is a ten call advisory process.

Guided Implementation #1 - Define BCP scope, objectives, and stakeholders

Call #1 - Scope your requirements. Assess current maturity. Identify fit-for-need and a pilot project.
Call #2 - Create business process workflows.

Guided Implementation #2 - Define RTOs and RPOs based on your BIA

Call #1 - Identify process dependencies, alternates and workarounds.
Call #2 - Create an impact scoring scale and conduct a BIA.
Call #3 - Identify target RTO and RPO.

Guided Implementation #3 - Create a recovery workflow

Call #1 - Conduct a tabletop planning exercise and document the recovery workflow.
Call #2 - Identify gaps in recovery capabilities and alternate site requirements.

Guided Implementation #4 - Establish a BCMS to govern and improve your BCP

Call #1 - Summarize the pilot results and plan next steps, including additional documentation.
Call #2 - Define BCMS roles and responsibilities.
Call #3 - Make the case for a wider BCMS program.

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world-class IT team.

New to Info-Tech Academy? Learn more here

Business Continuity Course

Streamline the traditional approach to make BCP development manageable and repeatable.
This course makes up part of the Security & Risk Certificate.

Course information:

  • Title: Business Continuity Course
  • Number of Course Modules: 6
  • Estimated Time to Complete: 2-2.5 hours
  • Featured Analysts:
  • Frank Trovato, Research Director, Infrastructure Practice
  • Eric Wright, SVP of Research and Advisory
  • Now Playing: Executive Brief

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define BCP Scope, Objectives, and Stakeholders

The Purpose

Define BCP scope, objectives, and stakeholders.

Key Benefits Achieved

Prioritize BCP efforts and level-set scope with key stakeholders.

Activities

Outputs

1.1

Assess current BCP maturity.

  • BCP Maturity Scorecard: measure progress and identify gaps.
1.2

Identify key business processes to include in scope.

1.3

Flowchart key business processes to identify business processes, dependencies, and alternatives.

  • Business process flowcharts: review, optimize, and allow for knowledge transfer of processes.
  • Identify workarounds for common disruptions to day-to-day continuity.

Module 2: Define RTOs and RPOs Based on Your BIA

The Purpose

Define RTOs and RPOs based on your BIA.

Key Benefits Achieved

Set recovery targets based business impact, and illustrate the importance of BCP efforts via the impact of downtime.

Activities

Outputs

2.1

Define an objective scoring scale to indicate different levels of impact.

  • BCP Business Impact Analysis: objective scoring scale to assess cost, goodwill, compliance, and safety impacts.
2.2

Estimate the impact of downtime.

  • Apply the scoring scale to estimate the impact of downtime on business processes.
2.3

Determine acceptable RTO/RPO targets for business processes based on business impact.

  • Acceptable RTOs/RPOs to dictate recovery strategy.

Module 3: Create a Recovery Workflow

The Purpose

Create a recovery workflow.

Key Benefits Achieved

Build an actionable, high-level, recovery workflow that can be adapted to a variety of different scenarios.

Activities

Outputs

3.1

Conduct a tabletop exercise to determine current recovery procedures.

  • Recovery flow diagram – current and future state
  • Identify gaps and recovery risks.
3.2

Identify and prioritize projects to close gaps and mitigate recovery risks.

  • Create a project roadmap to close gaps.
3.3

Evaluate options for command centers and alternate business locations (i.e. BC site).

  • Evaluate requirements for alternate business sites.

Module 4: Establish a BCMS to Govern and Improve Your BCP

The Purpose

Establish a BCMS to govern and improve your BCP.

Key Benefits Achieved

Outline the actions required for the rest of your BCMS, and the required effort to complete those actions, based on the results of the pilot.

Activities

Outputs

4.1

Summarize the accomplishments and required next steps.

  • Pilot BCP Executive Presentation
4.2

Identify required BCM roles.

  • BCP Reference Workbook: teams, roles, and action items
4.3

Review the documentation strategy to create and maintain your overall BCP.

  • BCP templates to complete the relevant documentation (BC Policy, BCP Action Items, Recovery Workflow, etc.)

Member Testimonials

Schedule Analyst Call

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

$ Saved

Days Saved

Testimonial

City of Lethbridge

N/A

N/A

On behalf of the City of Lethbridge participants, many thanks for the awesome Business Continuity Planning (BCP) workshop and for having Frank and David as our Info-Tech Consultants. I really appreciated their attention to content details, for having a keen understanding of the BCP material, and ensuring that our business audience understood the BCP process requirements as part of their deliverables. I would recommend Info-Tech without hesitation.

Rend Lake College

$6,562

15

Best - gaining additional understanding of department operations. Worst - cumbersome process of printing copies of deliverables.

TRAC Intermodal

N/A

N/A

Too soon to tell.

Client

Facilitator(s) effectiveness

INFO & materials effectiveness

Overall experience

Understanding of next steps

Testimonial

Cahill Gordon & Reindel LLP

9.0

8.0

9.0

8.0

Cheshire Medical Center

9.0

8.0

9.0

8.0