Develop a Business Continuity Plan

Streamline the traditional approach to make BCP development manageable and repeatable.

Do not fill in this field

Enter no text in this field

Do not enter text

Get Instant Access
to this Blueprint

Full Name

Company

Phone

Job Title

Unlock This Blueprint

View Storyboard

Contributors

Dr. Bernard A. Jones, MBCI, CBCP, Berkeley College
Kris Roberson, Disaster Recovery Analyst, Veterans United Home Loans
Trevor Butler, General Manager of Information Technology, City of Lethbridge
Robert Miller, Information Services Director, Witt/Kieffer

Your Challenge

Recent crises have increased executive awareness and internal pressure to create a business continuity plan (BCP).
Industry and government-driven regulations require evidence of sound business continuity practices.
Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.
IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

Our Advice

Critical Insight

BCP requires input from multiple departments with different and sometimes conflicting objectives. There are typically few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.
As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes, and therefore, their requirements to resume business operations better than anyone else.
The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.

Impact and Result

Implement a structured and repeatable process that you apply to one business unit at a time to keep BCP planning efforts manageable.
Use the results of the pilot to identify gaps in your recovery plans and reduce overall continuity risk while continuing to assess specific risks as you repeat the process with additional business units.
Enable business leaders to own the BCP going forward. Develop a template that the rest of the organization can use.
Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a business continuity plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Develop a Business Continuity Plan – Executive Brief

1. Identify BCP maturity and document process dependencies

Assess current maturity, establish a team, and choose a pilot business unit. Identify business processes, dependencies, and alternatives.

2. Conduct a BIA to determine acceptable RTOs and RPOs

Define an objective impact scoring scale, estimate the impact of downtime, and set recovery targets.

3. Document the recovery workflow and projects to close gaps

Build a workflow of the current steps for business recovery. Identify gaps and risks to recovery. Brainstorm and prioritize solutions to address gaps and mitigate risks.

4. Extend the results of the pilot BCP and implement governance

Present pilot project results and next steps. Create BCMS teams. Update and maintain BCMS documentation.

5. Appendix: Additional BCP tools and templates

Use these tools and templates to assist in the creation of your BCP.

Guided Implementations

This guided implementation is a five call advisory process.

Guided Implementation #1 - Scoping

Call #1 - Scope requirements, objectives, and stakeholders. Identify a pilot BCP project.

Guided Implementation #2 - Business Processes and Dependencies

Call #1 - Assess current BCP maturity. Create business process workflows, dependencies, alternates, and workarounds.

Guided Implementation #3 - Conduct a BIA

Call #1 - Create an impact scoring scale and conduct a BIA. Identify acceptable RTO and RPO.

Guided Implementation #4 - Recovery Workflow

Call #1 - Create a recovery workflow based on tabletop planning.

Guided Implementation #5 - Documentation & BCP Framework

Call #1 - Summarize the pilot results and plan next steps. Define roles and responsibilities. Make the case for a wider BCP program.

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world-class IT team.

An active membership is required to access Info-Tech Academy

New to Info-Tech Academy? Learn more here

Business Continuity

Streamline the traditional approach to make BCP development manageable and repeatable.
This course makes up part of the Security & Risk Certificate.

Course information:

Title: Business Continuity
Number of Course Modules: 5
Estimated Time to Complete: 2-2.5 hours
Featured Analysts:
Frank Trovato, Research Director, Infrastructure Practice
Eric Wright, SVP of Research and Advisory
Now Playing: Academy: Business Continuity | Executive Brief

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define BCP Scope, Objectives, and Stakeholders

The Purpose

Define BCP scope, objectives, and stakeholders.

Key Benefits Achieved

Prioritize BCP efforts and level-set scope with key stakeholders.

Activities

Outputs

1.1

Assess current BCP maturity.

BCP Maturity Scorecard: measure progress and identify gaps.

1.2

Identify key business processes to include in scope.

1.3

Flowchart key business processes to identify business processes, dependencies, and alternatives.

Business process flowcharts: review, optimize, and allow for knowledge transfer of processes.
Identify workarounds for common disruptions to day-to-day continuity.

Module 2: Define RTOs and RPOs Based on Your BIA

The Purpose

Define RTOs and RPOs based on your BIA.

Key Benefits Achieved

Set recovery targets based business impact, and illustrate the importance of BCP efforts via the impact of downtime.

Activities

Outputs

2.1

Define an objective scoring scale to indicate different levels of impact.

BCP Business Impact Analysis: objective scoring scale to assess cost, goodwill, compliance, and safety impacts.

2.2

Estimate the impact of downtime.

Apply the scoring scale to estimate the impact of downtime on business processes.

2.3

Determine acceptable RTO/RPO targets for business processes based on business impact.

Acceptable RTOs/RPOs to dictate recovery strategy.

Module 3: Create a Recovery Workflow

The Purpose

Create a recovery workflow.

Key Benefits Achieved

Build an actionable, high-level, recovery workflow that can be adapted to a variety of different scenarios.

Activities

Outputs

3.1

Conduct a tabletop exercise to determine current recovery procedures.

Recovery flow diagram – current and future state
Identify gaps and recovery risks.

3.2

Identify and prioritize projects to close gaps and mitigate recovery risks.

Create a project roadmap to close gaps.

3.3

Evaluate options for command centers and alternate business locations (i.e. BC site).

Evaluate requirements for alternate business sites.

Module 4: Extend the Results of the Pilot BCP and Implement Governance

The Purpose

Extend the results of the pilot BCP and implement governance.

Key Benefits Achieved

Outline the actions required for the rest of your BCMS, and the required effort to complete those actions, based on the results of the pilot.

Activities

Outputs

4.1

Summarize the accomplishments and required next steps to create an overall BCP.

Pilot BCP Executive Presentation

4.2

Identify required BCM roles.

Business Continuity Team Roles & Responsibilities

4.3

Create a plan to update and maintain your overall BCP.

3. Maintenance plan and BCP templates to complete the relevant documentation (BC Policy, BCP Action Items, Recovery Workflow, etc.)

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Town Of Marana

Guided Implementation

10/10

N/A

120

Frank makes the process so simple and easy to follow -- especially for such a complex and detailed process. I'm confident we are on the path towards a comprehensive BCP that will allow us to truly succeed during a DR situation.

XGen Pharmaceuticals DJB, Inc.

Workshop

10/10

$26,103

Best Part-were able to easily handle all the participants remotely. Worse Part-the fact that we have action items since we always have a difficult time creating them. The reason that I'm making this confidential is that while I can fill this out, I cannot speak on behalf of XGen. Jan should do that.

Wade Trim Associates, Inc.

Guided Implementation

10/10

$63,667

All good experiences here. Frank was very knowledgeable and helpful in guiding us to a useful way to set up our BC plan. Would recommend his help to anyone.

City of Leduc

Workshop

7/10

N/A

Having a structured process to follow was very good. With the diverse group of participants we had attending, it would have been good to work through a few processes for each, rather than focusing on one business area. Also, when talking about "alternatives", it would also be good to add a component to identify how long that alternative can be in place for to get people thinking about recovery times.

Grinnell College

Guided Implementation

10/10

$7,640

Best - very knowledgeable and professional research analyst - Andrew Sharp. Andrew is great to work with and is very competent and helpful. Templates and processes are really useful - don't have to re-invent the wheel. I am very pleased with the work we are doing. Not really a worst experience. The only issues I have run into would be terminology differences - for example the term - Goodwill - when measuring BC and DR impact scenarios is not widely used in the US. Also, I come from a NIST background, not so much ISO, so finding compliance comparison can be challenging. Neither of these issues are a big deal, just thought I would mention.

Wisconsin Compensation Rating Bureau

Guided Implementation

8/10

$12,733

We like the open conversation format. More of a discussion and idea exchange rather than a strict agenda

Werner Co.

Guided Implementation

7/10

$12,733

Old Republic National Title Insurance Company

Guided Implementation

9/10

$31,833

Good summary notes at the end of the meeting as follow-up items and a strong reference library of materials including the maturity survey which we have used in other disciplines.

MSI online

Guided Implementation

9/10

$2,000

Ken was very knowledgeable and professional is his explanation of the BCP process and actions to create a BCP formal document.

City of Leduc

Guided Implementation

10/10

N/A

Analyst was able to make time for us on short notice.

Symptai Consulting Ltd.

Guided Implementation

9/10

$7,640

Momenta Pharmaceuticals

Guided Implementation

10/10

$63,667

I really don't know the cost. Hard to quantify. I am hopeful that we save enormous time and money based upon the workshop and knowledge transfer

County of San Luis Obispo

Workshop

5/10

N/A

County of San Luis Obispo

Workshop

10/10

$127K

The best part: InfoTech came in and not only explained their templates but also modeled a successful approach for interviewing business process owners. We ended the week with several critical business processes well-documented, a list of gaps to address within those processes, and a roadmap to guide us through the rest of our process analysis. It was amazing that we accomplished so much in such a short time. The worst part: It was a very intensive week. It would have been nice to have more time in between to digest both the process and the content. (Of course that kind of break doesn?t work well for an on-site consulting engagement; thus we end up with a few very intensive days.)

Bay Cove Human Services Inc.

Workshop

6/10

$18,463

Best: We loved working with Sumit. Worst: The workshop slowed down about the 3rd day, folks seemed to disengage.

Blessing Hospital

Guided Implementation

10/10

$127K

Montana Department of Revenue

Guided Implementation

9/10

$6,366

It was both high-level strategy as well as thorough and structured. For me, one of the main stumbling blocks in a very large project is just figuring out what to do first, or next. InfoTech's suggestions for the next steps were clear and made a lot of sense. I am confident this will get the project moving along. Worst seems like a harsh word. There was nothing bad about the experience let alone worst. All good!

City Of Kawartha Lakes

Workshop

10/10

$25,000

XGen Pharmaceuticals DJB, Inc.

Guided Implementation

9/10

$22,283

The documents provided. The advice during the call. The follow-up notes with action items. Flexibility to reschedule meetings/calls when business required it. We have no negative comments.

Cree Board of Health & Social Services of James Bay

Workshop

10/10

$50,000

The best parts was the knowledge and experience of your resources. The worst part is the time constraint that we suffer on our side.

Kentucky Housing Corporation

Guided Implementation

10/10

$31,833

Frank is the man. He is a great sounding board to bounce things off of. He understands any obstacle that I am going through. When you are taking on a task in your corporation that nobody else is doing with you, it can get pretty quiet. And, you start overthinking things because they are just YOUR idea. It's nice to speak with Frank and hear that I am still sane. I appreciate his knowledge and desire to help me succeed.

University of Exeter

Guided Implementation

10/10

N/A

Very early stages but some really good pointers as to where to start and focus priorities, will have a better understanding of the savings as the project progresses.

Mott MacDonald LLC

Guided Implementation

7/10

$10,440

excellent documentation and knowledge from templates and call

UGI Utilities, Inc

Guided Implementation

8/10

N/A

Witt Kieffer

Guided Implementation

10/10

N/A

As Frank and I discussed today this BRP project does not have a specific timeline. If it were not for Franks guidance and the scheduling of the meetings this project would be at risk of being sidelined and not completed. The scheduled calls have been able to keep me moving this effort forward. The value is not just the technical expertise or the dollar savings but successfully completing the project.

Westoba Credit Union Limited

Workshop

10/10

$65,000

105

Best part: the facilitation by Frank and Teo! Worst part: the amount of work ahead of us! :^)

WVU Foundation

Guided Implementation

10/10

N/A

The regular calls helped us keep this on track, Thanks Frank!!

Blessing Hospital