What is a business continuity plan (BCP)? (2022)

What is a business continuity plan?

A business continuity plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. It’s more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human resources and business partners – every aspect of the business that might be affected.

Plans typically contain a checklist that includes supplies and equipment, data backups and backup site locations. Plans can also identify plan administrators and include contact information for emergency responders, key personnel and backup site providers. Plans may provide detailed strategies on how business operations can be maintained for both short-term and long-term outages.

A key component of a business continuity plan (BCP) is a disaster recovery plan that contains strategies for handling IT disruptions to networks, servers, personal computers and mobile devices. The plan should cover how to reestablish office productivity and enterprise software so that key business needs can be met. Manual workarounds should be outlined in the plan, so operations can continue until computer systems can be restored.

There are three primary aspects to a business continuity plan for key applications and processes:

  • High availability: Provide for the capability and processes so that a business has access to applications regardless of local failures. These failures might be in the business processes, in the physical facilities or in the IT hardware or software.
  • Continuous operations: Safeguard the ability to keep things running during a disruption, as well as during planned outages such as scheduled backups or planned maintenance.
  • Disaster recovery: Establish a way to recover a data center at a different site if a disaster destroys the primary site or otherwise renders it inoperable.

Evolution of business continuity plans

(Video) What is Business Continuity Planning (BCP)?

Business continuity planning emerged from disaster recovery planning in the early 1970s. Financial organizations, such as banks and insurance companies, invested in alternative sites. Backup tapes were stored at protected sites away from computers. Recovery efforts were almost always triggered by a fire, flood, storm or other physical devastation. The 1980s saw the growth of commercial recovery sites offering computer services on a shared basis, but the emphasis was still only on IT recovery.

The 1990s brought a sharp increase in corporate globalization and the pervasiveness of data access. Businesses thought beyond disaster recovery and more holistically about the entire business continuity process. Companies realized that without a thorough business continuity plan they might lose customers and their competitive advantage. At the same time, business continuity planning was becoming more complex because it had to consider application architectures such as distributed applications, distributed processing, distributed data and hybrid computing environments.

Organizations today are increasingly aware of their vulnerability to cyber attacks that can cripple a business or permanently destroy its IT systems. Also, digital transformation and hyper-convergence creates unintended gateways to risks, vulnerabilities, attacks and failures. Business continuity plans are having to include a cyber resilience strategy that can help a business withstand disruptive cyber incidents. The plans typically include ways to defend against those risks, protect critical applications and data and recover from breach or failure in a controlled, measurable way.

There’s also the issue of exponentially increasing data volumes. Applications such as decision support, data warehousing, data mining and customer resource management can require petabyte-size investments in online storage.

Data recovery no longer lends itself to a one-dimensional approach. The complex IT infrastructure of most installations has exceeded the ability of most shops to respond in the way they did just a few years ago. Research studies have shown that without proper planning, businesses that somehow recovered from an immediate disaster event frequently didn’t survive in the medium term.

(Video) What is a Business Continuity Plan? PM in Under 5

Why is a business continuity plan important?

It’s important to have a business continuity plan in place to identify and address resiliency synchronization between business processes, applications and IT infrastructure. According to IDC, on average, an infrastructure failure can cost USD $100,000 an hour and a critical application failure can cost USD $500,000 to USD $1 million per hour.

To withstand and thrive during these many threats, businesses have realized that they need to do more than create a reliable infrastructure that supports growth and protects data. Companies are now developing holistic business continuity plans that can keep your business up and running, protect data, safeguard the brand, retain customers – and ultimately help reduce total operating costs over the long term. Having a business continuity plan in place can minimize downtime and achieve sustainable improvements in business continuity, IT disaster recovery, corporate crisis management capabilities and regulatory compliance.

Yet developing a comprehensive business continuity plan has become more difficult because systems are increasingly integrated and distributed across hybrid IT environments – creating potential vulnerabilities. Linking more critical systems together to manage higher expectations complicates business continuity planning – along with disaster recovery, resiliency, regulatory compliance and security. When one link in the chain breaks or comes under attack, the impact can ripple throughout the business. An organization can face revenue loss and eroded customer trust if it fails to maintain business resiliency while rapidly adapting and responding to risks and opportunities.

Using consulting, software and cloud-based solutions for a business continuity plan

(Video) 27. Business Continuity Planning BCP

Many companies struggle to evolve their resiliency strategies quickly enough to address today’s hybrid IT environments and changing business demands. In an always-on, 24x7 world, global companies can gain a competitive advantage – or lose market share – depending on how reliably IT resources serve core business needs.

Some organizations use external business continuity management consulting services to help identify and address resiliency synchronization between business processes, applications and IT infrastructure. Consultants can provide flexible business continuity and disaster recovery consulting to address a company’s needs – including assessments, planning and design, implementation, testing and full business continuity management.

There are proactive services, such as IBM IT Infrastructure Recovery Services to help businesses identify risks and ensure they are prepared to detect, react and recover from a disruption.

With the growth of cyber attacks, companies are moving from a traditional/manual recovery approach to an automated and software-defined resiliency approach. The IBM Cyber Resilience Services approach uses advanced technologies and best practices to help assess risks, prioritize and protect business-critical applications and data. These services can also help business rapidly recover IT during and after a cyber attack.

Other companies turn to cloud-based backup services, such as IBM Disaster Recovery as a Service (DRaaS) to provide continuous replication of critical applications, infrastructure, data and systems for rapid recovery after an IT outage. There are also virtual server options, such as IBM Cloud Virtualized Server Recovery to protect critical servers in real-time. This enables rapid recovery of your applications at an IBM Resiliency Center to keep businesses operational during periods of maintenance or unexpected downtime.

(Video) Business continuity planning

For a growing number of organizations, the answer is with resiliency orchestration, a cloud-based approach that uses disaster recovery automation and a suite of business continuity management tools designed specifically for hybrid-IT environments. For instance, IBM Resiliency Orchestration helps protect business process dependencies across applications, data and infrastructure components. It increases the availability of business applications so that companies can access necessary high-level or in-depth intelligence regarding Recovery Point Objective (RPO), Recovery Time Objective (RTO) and the overall health of IT continuity from a centralized dashboard.

Key features of an effective business continuity plan (BCP)

The components of business continuity are:

  • Strategy: Objects that are related to the strategies used by the business to complete day-to day activities while ensuring continuous operations
  • Organization: Objects that are related to the structure, skills, communications and responsibilities of its employees
  • Applications and data: Objects that are related to the software necessary to enable business operations, as well as the method to provide high availability that is used to implement that software
  • Processes: Objects that are related to the critical business process necessary to run the business, as well as the IT processes used to ensure smooth operations
  • Technology: Objects that are related to the systems, network and industry-specific technology necessary to enable continuous operations and backups for applications and data
  • Facilities: Objects that are related to providing a disaster recovery site if the primary site is destroyed

The business continuity plan becomes a source reference at the time of a business continuity event or crisis and the blueprint for strategy and tactics to deal with the event or crisis.

The following figure illustrates a business continuity planning process used by IBM Global Technology Services. It’s a closed loop that supports continuing iteration and improvement as the objective. There are three major sections to the planning process:

(Video) Steps for developing a Business Continuity Plan (BCP)

  • Business prioritization: Identify various risks, threats and vulnerabilities, and establish priorities.
  • Integration into IT: Take the input from business prioritization and perform an overall business continuity program design.
  • Manage: Administer what has been assessed and designed.

What is a business continuity plan (BCP)? (1)

FAQs

What is business continuity plan? ›

A business continuity plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service.

What is a business continuity plan BCP and why is IT important? ›

A key component of a business continuity plan (BCP) is a disaster recovery plan that contains strategies for handling IT disruptions to networks, servers, personal computers and mobile devices. The plan should cover how to reestablish office productivity and enterprise software so that key business needs can be met.

What does a business continuity plan BCP typically include? ›

It will typically include the following sections: executive summary, introduction, distribution list, objectives and glossary. risk management plan with business impact analysis. incident response plan, with plan activation, incident response team, communications and contact list.

What is the purpose of the BCP? ›

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

What is a business continuity plan quizlet? ›

What is a business continuity plan? An approved set of advanced arrangements and procedures that enable an organization to facilitate the recovery of business operations to reduce the overall impact of an event, while at the same time resuming the critical business functions within a predetermined period of time.

Why do we have a business continuity plan Mcq? ›

An Organization requires a Business Continuity Plan (BCP) to ensure the uninterrupted availability of all key business resources required to support essential business functions.

What is the first step of a business continuity plan BCP? ›

Step 1: Risk Assessment

This phase includes: Evaluation of the company's risks and exposures. Assessment of the potential impact of various business disruption scenarios. Determination of the most likely threat scenarios.

What is the most critical factor in the development of business continuity plan BCP )? ›

C: Personnel safety is the most important factor for business continuity and disaster recovery planning. However, it is not a factor or goal of a business impact assessment.

What are the 3 main areas of business continuity management? ›

Companies must separate business continuity planning into three phases: planning and prevention (resolve phase), disaster response (respond phase) and, return to normal (rebuild phase).

What are the 5 components of business continuity plan? ›

In order to achieve this, every business continuity plan needs to incorporate five key elements.
  • Risks and potential business impact. ...
  • Planning an effective response. ...
  • Roles and responsibilities. ...
  • Communication. ...
  • Testing and training.
6 Jul 2020

Who is responsible for BCP? ›

Business unit leaders (i.e. payroll, corporate travel, physical security, information security, HR) are responsible for creating their respective unit's business continuity plan under the guidance of the program manager.

What is an example of a business continuity plan? ›

A key component of a business continuity plan (BCP) is a disaster recovery plan that contains strategies for handling IT disruptions to networks, servers, personal computers and mobile devices. The plan should cover how to reestablish office productivity and enterprise software so that key business needs can be met.

What is the purpose of a business continuity plan BCP )? Quizlet? ›

What is the primary goal of business continuity planning? Maintaining business operations with reduced or restricted infrastructure capabilities or resources.

What is the goal of the BCP process quizlet? ›

The most common goal of the BCP is quite simple: to ensure the continuous operation of the business in the face of an emergency situation.

For what is business continuity planning used quizlet? ›

BCP is used to maintain the continuous operation of a business in the event of an emergency situation.

What are the objectives of business continuity management system Mcq? ›

The goal of BCM is to provide the organization with the ability to effectively respond to threats such as natural disasters or data breaches and protect the business interests of the organization.

What is the first step in business continuity planning Mcq? ›

Explanation: The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort.

How does BCP benefit an Organisation compliance? ›

The use of a business continuity plan or BCP, provides companies with a roadmap and processes that support the company and its strategy in times of the unexpected. An effective plan enables any organisation to react quickly and efficiently in the event of unpredictable events.

What is the most important step in business continuity planning? ›

Identify objectives and goals of the plan.

At the highest level, the objective of creating a business continuity plan is to keep essential business processes running or minimize disruption. But every business is different — so you'll need to identify the goals and objectives most important to the way you operate.

How do you prepare for BCP? ›

Implementing a Business Continuity Plan
  1. Assemble Your Team. The first step when preparing a BCP is identifying who needs to lead, create, and execute it. ...
  2. Conduct a Business Impact Analysis. ...
  3. Identify Recovery Strategies. ...
  4. Develop a Plan. ...
  5. Regularly Test of Your Business Continuity Plan.

What is another word for business continuity? ›

Contingency and/or contingency planning is basically a synonym for BCM.

What is business continuity risk? ›

Dec 4, 2020. Business continuity risk refers to threats that disrupt the functioning of a business. These threats maybe any untoward incidents or disasters that negatively impact an organization.

How often should a business continuity plan be tested? ›

Two times a year, conduct a high-level check that objectives are still being met by the current BCP. If you find gaps, correct the plan and recirculate to all stakeholders.

How does a BCP help mitigate risk? ›

A BCP helps to mitigate risk by making sure the organization is ready for any possible disruption to everyday operations.

What are the 5 components of a business continuity plan? ›

In order to achieve this, every business continuity plan needs to incorporate five key elements.
  • Risks and potential business impact. ...
  • Planning an effective response. ...
  • Roles and responsibilities. ...
  • Communication. ...
  • Testing and training.
6 Jul 2020

What is an example of a business continuity plan? ›

A key component of a business continuity plan (BCP) is a disaster recovery plan that contains strategies for handling IT disruptions to networks, servers, personal computers and mobile devices. The plan should cover how to reestablish office productivity and enterprise software so that key business needs can be met.

What are the 3 elements of business continuity? ›

A business continuity plan has three key elements: Resilience, recovery and contingency. An organization can increase resilience by designing critical functions and infrastructures with various disaster possibilities in mind; this can include staffing rotations, data redundancy and maintaining a surplus of capacity.

What are the four P's of business continuity planning? ›

When devising a business continuity strategy, you should consider the 4 P's: people (staff and customers), processes (the technology and processes required), premises and providers, suppliers and partners.

What is the first step of business continuity planning? ›

Step 1: Risk Assessment

Assessment of the potential impact of various business disruption scenarios. Determination of the most likely threat scenarios. Assessment of telecommunication recovery options and communication plans. Prioritization of findings and development of a roadmap.

What must be in a business continuity plan? ›

A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event. The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them.

Who is responsible for BCP? ›

Business unit leaders (i.e. payroll, corporate travel, physical security, information security, HR) are responsible for creating their respective unit's business continuity plan under the guidance of the program manager.

How do you write a brief business continuity plan? ›

This involves six general steps:
  1. Identify the scope of the plan.
  2. Identify key business areas.
  3. Identify critical functions.
  4. Identify dependencies between various business areas and functions.
  5. Determine acceptable downtime for each critical function.
  6. Create a plan to maintain operations.
18 Jul 2017

What is the most critical factor in the development of business continuity plan BCP )? ›

C: Personnel safety is the most important factor for business continuity and disaster recovery planning. However, it is not a factor or goal of a business impact assessment.

Videos

1. Introduction to BCP | Business Continuity Planning | DR - Disaster Recovery
(ERPstuff)
2. ABCs of BCP Business Continuity Planning
(Armanino)
3. Business Continuity Planning Basics
(Ottawa Board of Trade )
4. Business Continuity Planning (BCP) (FREE CISSP Training)
(Jon Good)
5. Business Continuity Planning
(GraVoc)
6. Business Continuity Planning
(Gabriel Marzonie)

Top Articles

You might also like

Latest Posts

Article information

Author: Edwin Metz

Last Updated: 12/05/2022

Views: 6178

Rating: 4.8 / 5 (58 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Edwin Metz

Birthday: 1997-04-16

Address: 51593 Leanne Light, Kuphalmouth, DE 50012-5183

Phone: +639107620957

Job: Corporate Banking Technician

Hobby: Reading, scrapbook, role-playing games, Fishing, Fishing, Scuba diving, Beekeeping

Introduction: My name is Edwin Metz, I am a fair, energetic, helpful, brave, outstanding, nice, helpful person who loves writing and wants to share my knowledge and understanding with you.