The purpose of a Business Continuity Plan (BCP) is to enable the sustained execution of mission critical processes and information technology systems for your business, or your clients business, in the event of an extraordinary event that causes these systems to fail minimum production requirements. Your BCP should prepare you and your team to respond to the event in order to efficiently regain operation of the systems that are made inoperable from the event.
Who needs to be at the table to ensure you have thought through various scenarios and gotchas?
Start with the end in mind! What are the possibilities and probabilities you need to consider for your geography, type of operation, customer? Complete a THREAT RISK ANALYSIS.
The purpose of the Threat Risk Analysis (TRA) is to identify which threats your organization should be prepared to respond. The impact of a disruption can be severe enough to threaten the very survival of an organization. Such disruptions cannot always be predicted or prevented, but effective planning can dramatically reduce the damage they cause.
Threats may range from those with a high probability of occurrence and low impact to the organization, such as brief power interruptions, to those with a low probability of occurrence and high impact to the institution, such as hurricanes or terrorist attacks. The most difficult threats to address are those that have a high impact on the institution but a low probability of occurrence.
Examples of the potential impact of various threats include the following:
Threats can be categorized into three sets:
The Threat Risk Analysis Tool is used to gather information about potential threats including applicability, level of impact, the likelihood of the threat occurring and the amount of forewarning.
Use this complimentary Threat Risk Analysis Tool to help you.