BUSINESS CONTINUITY PLANNING:
GETTING IT RIGHT?
The need for good business continuity planning and a sound business continuity plan (BCP) is now almost universally accepted.
Does Your Business Continuity Plan (or Disaster Recovery Plan) Really Match Your Requirements?
However, prior to creation of a business continuity plan (or disaster recovery plan) it is important to understand the actual continuity needs of the business or organization. This may sound common sense, but all too often plans are developed without due or proper consideration of actual needs.
The definition of continuity requirements should sensibly be driven by business impact analysis and risk assessment..... STOP RIGHT THERE! It is well worth thinking about this statement.
Surely, without understanding what the potential impacts of unavailability actually are for your organization, and without establishing how great the risks of these scenarios occurring actually are, you are hardly placed to create an appropriate business continuity plan or disaster recovery plan!
The bottom line is that business impact analysis and risk assessment are fundamental to adequate business continuity planning and disaster recovery planning.
Business Impact Analysis
But what is business impact analysis? At a basic level it is a means of systematically assessing the potential impacts resulting from various (unavailability) events or incidents
Commonly, impacts resulting from other types of incident (such as breach of confidentiality or loss of data integrity) are simultaneously explored, but this need not be the case when only considering business continuity planning or disaster recovery. However, there are certainly advantages to undertaking a comprehensive and wider focused exercise.
The business impact analysis, or 'BIA', is intended to help you understand the degree of potential loss (and other undesirable effects) which could occur. This will cover not just direct financial loss, but many other issues, such as loss of customer confidence, reputational damage, regulatory effects, and so on.
Following on from this stage, the actual events which could create these impacts should be explored... the basis of risk analysis. This again is pure logic: in deciding how sophisticated (or expensive!) your business continuity plan and disaster recovery options should be, surely both the severity of the impact and the likelihood of the potential disaster are pertinent issues.
Risk assessment itself is a sophisticated science, embracing a number of elements - threats, vulnerabilities, controls, etc. There are, however, a number of methods and tools available to help!
HOW TO PERFORM THESE PRE-REQUISITE TASKS
COBRA is a knowledge based PC product designed to guide you through this preliminary but essential exercise. It will guide you through the business impact analysis and then carefully measure your risks, making specific recommendations where appropriate.
Specifically, it will:
- Perform a full business impact analysis
- Measure the degree of actual risk for each area or aspect of a system, and directly link this to the potential business impact.
- Offer detailed solutions and recommendations to reduce the risks.
- Provide business as well as technical reports.... vital information for your business continuity plan or disaster recovery plan
The COBRA approach offers a number of distinct and essential advantages over traditional review tools. It is the ideal support tool for business continuity planning and disaster recovery planning, and is used by many major organizations worldwide.
Through an optional Module Manager component, the facility is also provided to tailor the system to unique individual requirements or company culture. The questions, reports, underlying profiles and recommendations can all be readily and easily changed using this system.
For more information on the COBRA system, please do not hesitate to contact us.
You can also download a trial version of COBRA from our download area:
File Download Area
The quality of your business continuity plan or disaster recovery plan could be critical to your organization. However, if you haven't based this upon a recognized business impact analysis or risk assessment method, how do you know if you have got it right.... and how do you justify its contents?
FINALLY.... BUILDING THE PLAN
Having established the method to make your plan effective, and having acquired the tools to ensure this, you may well require a template with which to build it. We recommend the Business Continuity Plan Generator for this task. It is simple to use (always recommended) yet extremely effective.
Links to COBRA related information on the Web.
Copyright © 2002 C & A Systems Security Ltd
Business Continuity Plan News