Business continuity plan (BCP) is the process of planning for unexpected events. An efficient BCP includes procedures designed to mitigate unexpected events that can interrupt business processes; the plan is also needed in order to allow the business’ rapid recovery, and minimize the effects of downtime in daily activities.
The importance of developing and implementing a business continuity strategy for an IT department
Business Continuity planning is a process designed as a solution to the deterioration, damage or malfunction of a critical business infrastructure. If an IT infrastructure critical node is broken, there will be a significant impact on the entire business. Therefore, it is very important for any company to be prepared and have a BCP in place for its IT infrastructure.
A Business Continuity Plan has to cover all the services and infrastructure parts necessary for business operations and provide all applications and resources to support the business recovery in case of damage, downtime or disaster.
Does your company have an efficient BCP?
Business continuity plan format and update
The structure of a business continuity plan must be clear, brief and easy to understand, not only for those directly involved in the business continuity management process; the rest of the staff must be briefed in order to be prepared to react in a correct manner and support the possible process of fast recovery.
In order to develop a Business Continuity Plan, the company needs to understand that implementation is an ongoing process and a long term commitment. Business processes evolve constantly, which is why recovery strategies must evolve with the business. The plan has to be updated with the technological advances of IT infrastructure and the evolution of human resources within the organization.
What should the business continuity plan include?
Steps in developing a business continuity plan
- Assessment of risk factors;
- Identification of potential threats to business continuity;
- Determination of the circumstances leading to the materialization of threats;
- Estimation of the frequency and severity of risk factors.
For each risk within the business continuity plan, there must be a way to reduce the probability of its occurrence. For situations when the threat is materialized, there should be procedures put in place to restrict the impact on internal business processes, as well as procedures of return and recovery.
What risk factors can affect your business?
Main business continuity risk factors
- Environmental and geopolitical disasters: floods, fire, hurricanes, explosions, earthquakes, military conflicts, terrorism;
- Infrastructure threats: total and temporary interruptions of electricity, telecommunications and internet problems;
- Physical threats: server misuse of access (incorrect or not allowed) or defects, active network equipment problems, storage equipment defects, computer malfunctions;
- Technical threats: single points of failure, a single, non-redundant hard disk, a single, non-redundant energy source, single location data storing;
- Security, integrity and accessibility of information threats: external access to information must be protected from hackers, viruses and internal accessibility of critical applications must be managed in order to keep a high functioning business;
- Human error threats: permissive access rights to the company’s informational resources and lack of user security, can generate serious human errors, most often unintentional, and can generate huge losses for a company.
Preventive actions to stop the occurrence of risk factors for an IT infrastructure
- Creating an internal backup strategy and an external (off-site) storage;
- Developing an informational infrastructure with redundancy in case of key components failure, for instance: having a mirror (mirror – a server with the same capabilities) for the central server in another location;
- Eliminating single points of failure such as: a single power source, a single ISP;
- Developing and implementing a security system to protect the company’s information against external (hackers, viruses) and internal (employees, industrial and commercial espionage, etc.) attacks.
The Business Continuity Plan must also include prevention and recovery methods for situations where risk factors occur, meaning a Disaster Recovery Plan.