The recent major fire at ProPortion’s Food Processing Plant in downtown Los Angeles is a great reason why you need a Business Continuity Plan (BCP) and IT Disaster Recovery Plan (DRP). Numerous companies have no BCP or DRP. There are numerous reasons for this that include:
- The process is too expensive or time consuming
- BCP and DRP provide no positive impact to a companies top or bottom line
- BCP and DRP are too complex
- Executives believe that BCP and DRP are only an IT issue
As a CEO you are under the gun to control corporate financial activities and can be held legally responsible for neglecting obligations of risk management that include business continuity. ProPortions disaster is just one of many potential disasters that do occur and you need to have a plan to be prepared for it.
http://losangeles.cbslocal.com/2017/04/03/heavy-flames-engulf-compton-factory
BCP and DRP Planning Approach
Fortunately, improving an organization’s management of risk exposures across the business, and strengthening its responses to threats and real attacks, does not have to be overwhelming. As part of my CIO roles or general IT management consulting I have followed a formal, structured and best practices approach to Business Continuity planning and IT Disaster Recovery planning based upon:
- ISO 22301 – ″Societal Security — Business continuity management systems — Requirements″
- ISO 22313 – ″Societal Security — Business continuity management systems — Guidance″
There are five stages of Business Continuity Planning and IT Disaster Recovery planning that include:
- Business Impact Analysis (BIA)
- Strategy Selection
- Detailed Plan
- Plan Testing
- Plan Maintenance
The Business Impact Analysis Planning includes:
- Data collection and fact finding
- Critical functions and recovery timescales
- Resource identification for critical functions
- Threat assessment and risk reduction measures
- Identification of possible disaster scenarios
Strategy Selection Phase of Planning BCP and DRP Includes:
- Minimum recovery resources
- Recovery locations
- Vital records identification
- Backup strategies
- Recovery strategies with costs
Planning a BCP and DRP Includes:
- Plan development
- Identification of a command center
- Business recovery team organization
- Assignment of team personnel
- Team procedures
- Preparation & documentation of the plan
The Plan Testing Includes:
- Selection of a formal testing methodology
- Communication with company personnel or third parties, and a walkthrough and execution of a test
The Plan Maintenance Stage Includes:
- Tasking and individual with oversight of BCP
- Continual monitoring of business and IT strategy
- Periodical review of operational risks
- Updating and reviewing all documentation and changes
- Review of third-party contracts and SLAs
- Review insurance coverage
- Creation of a document repository and physical distribution of copies as needed
- Perform regular walk throughs and emergency drills
- Documenting any issues with the walk through and taking corrective action
Summary
A properly developed business continuity program should provide an organization a flexible and adaptable framework for addressing potential disaster risks that involves all critical business functions in designing and executing the plan. The resulting approach will promote cooperation across all significant functions in the corporation, which is vital but a difficult management challenge for most companies.
In approaching companies that I work for and my consulting assignments, my objective is to partner with you in understanding your business and implementing actionable Business Continuity and Disaster Recovery Plans.