Develop a Business Continuity Plan

Streamline the traditional approach to make BCP development manageable and repeatable.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
  • BCP requires input from multiple departments with different and sometimes conflicting objectives.
  • Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time resource-intensive project.

Our Advice

Critical Insight

  • As an IT leader, you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP. They know their processes and, therefore, their requirements to resume business operations better than anyone else.
  • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.
  • Leverage the BCP methodology to not only identify current processes, but also review and optimize those processes.

Impact and Result

  • Position IT as the consultant for BCP, not the owner. Ultimately, the business needs to own the BCP to make it sustainable.
  • Execute a pilot BCP process to establish a methodology that can be repeated by the rest of the organization.
  • Achieve alignment between your IT DRP and overall BCP.



Develop a Business Continuity Plan

2

Identify processes and dependencies

Determine what would be required to recover from an incident and resume operations.

3

Determine the desired recovery timeline

Set appropriate recovery timeline targets based on business impact and business requirements.

4

Determine the current achievable recovery timeline

Identify the gap between achievable and desired recovery capability.

5

Identify projects to close gaps and mitigate risks

Create a business continuity project roadmap to achieve the desired recovery timeline.

6

Document and validate the desired-state incident response plan

Define a procedure to resume business unit processes after an incident, within the desired recovery timeline.

7

Complete the BCP process

Create a plan to develop a BCP for remaining business units and initiate ongoing BCM.

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world class IT team.

New to Info-Tech Academy? Learn more here

Business Continuity Course

Streamline the traditional approach to make BCP development manageable and repeatable.
This course makes up part of the Security & Risk Certificate.

Now Playing: Executive Brief

Course information:

Title: Business Continuity Course
Number of Course Modules: 6
Estimated Time to Complete: 2-2.5 hours

Featured:
Frank Trovato, Research Director, Infrastructure Practice
Eric Wright, SVP of Research and Advisory

Onsite Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: (Pre-Workshop) Prepare for the BCP Workshop

The Purpose

  • Prioritize business units for BCP development.
  • Create a BCP pilot team.
  • Define BCP metrics.

Key Benefits Achieved

  • Select the pilot business unit and workshop participants.
  • Establish metrics to measure the benefits of completing the BCP pilot.

Activities:
Outputs

1.1

Determine the business units that are most in need of a BCP.

  • Prioritized list of business units for BCP.

1.2

Select the pilot business unit to follow the BCP methodology.

  • Seed success by identifying a good candidate for initiating BCP development.

1.3

Define roles for the BCP pilot.

  • BCP pilot team identified.

Module 2: Identify Business Processes and Dependencies

The Purpose

  • Determine process workflows.
  • Identify existing alternatives/interim processes.
  • Assess existing business continuity plans.

Key Benefits Achieved

  • Document your core business processes and dependencies.
  • Document existing alternatives/interim processes.
  • Determine your current BCP status (to enable the team to measure progress).

Activities:
Outputs

2.1

Identify business process workflows and dependencies.

  • Documented list of core business processes and dependencies.

2.2

Determine existing contingency planning.

  • Documented list of existing alternatives/interim processes.

2.3

Assess existing business continuity plans.

  • Baseline BCP status.

Module 3: Determine the Desired/Target Recovery Timeline

The Purpose

  • Define a scoring scale to measure impact.
  • Estimate the impact of downtime for each business process.
  • Determine the desired RTOs/RPOs.

Key Benefits Achieved

  • Define a scoring scale to estimate business impact.
  • Conduct a business impact analysis.
  • Define recovery time and recovery point objectives (RTO/RPO).

Activities:
Outputs

3.1

Simplify estimating business impact.

  • Business impact analysis (BIA) scoring criteria defined.

3.2

Determine business process criticality to prioritize BCP efforts.

  • Business impact analysis.

3.3

Determine an appropriate recovery timeline based on business impact.

  • Desired recovery timeline identified.

Module 4: Determine the Current Achievable Recovery Timeline

The Purpose

  • Determine your baseline business continuity capability (your current state). 

Key Benefits Achieved

  • Identify the gaps between current and desired business continuity capability. 

Activities:
Outputs

4.1

Identify current capabilities via tabletop planning.

  • Current state incident response plan defined.

4.2

Compare current to desired RTOs/RPOs.

  • RTO/RPO gaps defined.

4.3

Estimate likelihood and impact of failure of individual dependencies.

  • Additional vulnerabilities identified.

Module 5: Identify Projects to Close Gaps and Mitigate Risks

The Purpose

  • Determine what projects or initiatives are required to close the gap between current and desired business continuity capability.

Key Benefits Achieved

  • BCP project roadmap defined.

Activities:
Outputs

5.1

Identify projects that close recovery gaps.

  • Potential list of business continuity projects identified.

5.2

Prioritize projects based on cost and benefits.

  • Order of project implementation identified.

5.3

Create a project implementation timeline.

  • Project schedule identified.

Module 6: Document and Validate the Desired-State Incident Response Plan

The Purpose

  • Define and validate the desired incident response plan.
  • Document your incident response plans for the current and desired state.
  • Conclude the onsite workshop.

Key Benefits Achieved

  • Document your incident response plans for your current state (i.e. based on current capabilities) as well as your desired state (i.e. after BC projects are implemented that would enable you to meet desired RTOs/RPOs).
  • Ensure the BC project roadmap will achieve the desired goals (meet desired RTOs/RPOs).
  • Create a pilot summary presentation deck to communicate results to your executive team.

Activities:
Outputs

6.1

Determine what the incident response plan would be after the BC project roadmap is completed and ensure it achieves the desired RTOs/RPOs.

  • Desired-state incident response plan defined.
  • Updated BC project roadmap, if the desired-state planning process uncovers additional gaps.

6.2

Enable incident response coordinators to monitor and report status during an incident.

  • Incident response plan for the current and desired state.

6.3

Summarize pilot outcomes including BC metrics improvements.

  • Pilot results presentation PowerPoint deck.

Module 7: (Post-Workshop) Create a Plan for BCP Completion and BCP/DRP Alignment

The Purpose

  • Create a BC policy and BC management teams.
  • Define a workflow to develop a BCP for remaining business units.
  • Define a workflow for incorporating BCP outcomes into your IT DRP process.

Key Benefits Achieved

  • Create a BC policy to drive ongoing business continuity management.
  • Define a workflow to develop a BCP for remaining business units.
  • Define a workflow for incorporating BCP outcomes into your IT DRP process.

Activities:
Outputs

7.1

Establish corporate goals for ongoing business continuity management.

  • BC policy.

7.2

Enable the organization to repeat the BCP methodology for remaining business units, summarize results, and resolve discrepancies.

  • Documented workflow for completing BCP for remaining business units.

7.3

Update your IT DRP to meet new technology requirements defined by the BCP process.

  • Documented workflow for incorporating BCP outcomes into your IT DRP process.

7.4

Ensure ongoing alignment between your IT DRP and BCP.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

$ Saved

Days Saved

Testimonial

City of Lethbridge

N/A

N/A

On behalf of the City of Lethbridge participants, many thanks for the awesome Business Continuity Planning (BCP) workshop and for having Frank and David as our Info-Tech Consultants. I really appreciated their attention to content details, for having a keen understanding of the BCP material, and ensuring that our business audience understood the BCP process requirements as part of their deliverables. I would recommend Info-Tech without hesitation.

Rend Lake College

$6,562

15

Best - gaining additional understanding of department operations. Worst - cumbersome process of printing copies of deliverables.

TRAC Intermodal

N/A

N/A

Too soon to tell.

Client

Facilitator(s) effectiveness

INFO & materials effectiveness

Overall experience

Understanding of next steps

Testimonial

Cahill Gordon & Reindel LLP

9.0

8.0

9.0

8.0

Cheshire Medical Center

9.0

8.0

9.0

8.0