What is a Business Continuity Plan (BCP)?

We couldn't find a match for given <KEYWORD>, please try again.

ABusiness Continuity Plan(BCP)isa detailed strategy and set of systems for ensuring an organization’s ability toprevent or rapidly recover from a significant disruption to its operations. The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario or otherwise abnormal conditions.

Examples of such disruptionsincludeafire, a major earthquake or othera natural disaster,a disease outbreak, a cyberattackand many other scenarios that could upend“business as usual.”When such events significantly disrupt an organization’s normal routines, it turns to its business continuityplan forinstructions, processes and toolsit needs tocontinuetooperate ortoquickly recover from downtime.

What is a Business Continuity Plan (BCP)? | VMware Glossary (1)

The Virtual Floorplan: New Rules for a New Era of Work

Hindsight is 2020 - The Pandemic Provides a Wakeup Call

DOWNLOAD NOW

Why is a Business Continuity Plan important?

Riskscan be managed, buttheycan’tbeeliminated.Business continuity planning is critical because without it, an organizationfacesdowntime and other problems that could damage its financial health. In major disasters, a lack of a business continuity plan could cause irreparable financial harm thatmightultimately force a company to permanently close.

How to create a Business Continuity Plan?

There are many frameworks for creating an effective business continuity plan. Most of them cover threeoverlappingphases:

Analysis:In this phase, you identify and evaluate the various functions of your business and its operations. Then, you determine how those different functions will be affected by a disaster. This phase usually entails prioritizing different areas or departments in terms of how important they are to youroperation, so that your plan ultimately ensuresthe continuity of your most critical functions first.
Business continuityprofessionals often conduct aBusiness Impact Analysis(BIA) at the outset ofdeveloping a new plan. A BIA estimates the consequences of different disaster scenarios in terms of lost revenue and other business-specific metrics.
Planning:Once an initial analysis is complete, the next phase entailsall facets of developing an actual plan for continuing to operate in a disaster, or rapidly recovering from a disruption to normal operations.During the planning phase,organizations:
Developprotocols for potential needs such as a rapid relocation or shift toremote work.
Strategizetemporary staffing changes or needs.
ImplementITdisaster recoverytools to ensure continuity of critical systems.

A key part of this phase is to name a continuity or crisis management team, comprised of executives and stakeholders who will lead the plan’simplementationif necessary.

TrainingandTesting:Even the most robust BCP must be put through regular testing to ensure it will work if needed. This includes educating employees on their roles and responsibilities in these scenarios, as well as conducting trials of various elements of the plan. An example would include a short-term rollout of a remote work scenario to identify issues and opportunities for optimization.

Key features of a business continuity plan

Somefeaturesof a BCP will be industry or business-specific, but there are components that are common to almost any plan:

People:ABCP will clearly define roles and responsibilities, not just for the crisis management leadership team, but also for any units responsible for implementingdifferentpieces of the plan in a disaster scenario. Some BCPs will also define “essential personnel”—for example, people whose job requires them to report to work even in periods of heightened risk.

Technology:Almostallmodern business continuity planswill also clearly outline the role that information technology will play inensuring critical data, applications and servicesremainavailable or arequicklyrestored after an interruption. These include:

Data backup and recovery tools
Cloud computing infrastructureand services
Remote work platforms

Service Delivery:A BCP should also describe which services are most critical and how they will continue to be delivered to customers, employees, partners, the public and other stakeholders.

Health &Safety:Finally, a strongbusiness continuity program will include criteria and guidelines for ensuring the health and safety of all people involved—employees, customers, partners—as the plan is implemented and managed.

Business Continuity Plan checklist

Many organizations create a checklist as part of their business continuity planning. This is a list of all of the key steps in the BCP. It can be used in two ways:

Conception:First, it can be used as part of the initial creation of the plan. In this context, the BCP checklist would describe in detail the steps necessary to develop the plan, from analysis through testing.
Implementation:Second, a BCP checklist can be used for testing and/or actually implementing the plan. In this context, the BCP or crisis management team would use the checklist to ensurethatit addressesall of the plan’s tools and processes and communicatesthem effectively throughout the organization.

Business Continuity and Disaster Recovery Planning

Business continuity planning and disaster recovery planning are often mentioned in similar contexts, but theyare not interchangeable terms. A business continuity plan isanoverarching strategy for operating in disaster scenarios or recovering from a major disruption.

A disaster recovery (DR) plan refers more specifically to the IT processes and tools youcanrely on to retain or restore access to mission-critical data, applications, and services in these scenarios. A DR plan would detail, for example, how youcouldrestore access to a revenue-generating web application in the event of a flood inthe datacenter that powers that service.

How often should a Business Continuity Plan be reviewed?

Most experts recommend that business continuity plans be reviewed regularly and updated as needed. This helps ensurethatthe plan will still meet the organization’s needsin the face of evolving risks and threats.

The frequency with which you review a business continuity plan depends on many factors, including the nature of the organization, its industry and its particular risks. As ageneral rule of thumb,such plans should be reviewed annually or at least every other year. However, there are multiple scenarios where an organization may want to consider more frequent reviews, including:

Significant changes to the business or its operations
Locationin a region at greater risk for natural disasters or other potentially disruptive events
Any organization or agency that provides essential services to the public

Recommended for You

Business Continuity
Business Mobility

Disaster Recovery
Business Continuity Application

What is a Business Continuity Plan (BCP)? | VMware Glossary (2024)