Business continuity plan
From Wikipedia, the free encyclopedia
A business continuity plan (BCP) is a management process to ensure the continuity of businesses. Not to be confused with continuity of operations (COOP) where the focus is primarily a plan to ensure operations continuity after a disastrous event has already occurred. While continuity of operations is part of business continuity planning tasks, there are other issues outside of the operations that businesses will need to plan for (i.e.; brand protection, company reputation protection, the company's market share, stockholders' confidence, supply-chain protection, customer and employee protection that may not be included in the continuity of operations plan).
The basic components of a good business continuity plan include planning and implementing the activities of prevention and protection of all of the risks anticipated before an event occurs, planning for the activities to be implemented or executed during an emergency or disastrous event, including the emergency response plan, evacuation plan, crisis management and communications plan, work-around or contingency plan, and then, strategic and tactical planning with resources & vital information and documentation of the activities for resumption, recovery, and restoration of businesses - both physical and logical, exercises/update and plan management.
One other type of plan that often confuses people outside the planning community is the disaster recovery plan. Under current and accepted standards, the disaster recovery plan (DRP) is the plan to recover data, technology and tools that support applications and data and infrastructure including the network, hardware and operating systems. The disaster recovery plan is a part of and should be integrated into the business continuity plan.
In a nutshell, business continuity plan is an umbrella for all activities planned and implemented before, during and after the event. These include plans for human needs, technologies and businesses.
The process of planning includes: risk identification and quantification, vulnerability assessment, protection & mitigation, risk transfer, business impact analysis - both for business interruption impact and individual business unit impact, a plan to mitigate or minimize these risk-based impacts (financial and operational), emergency response to these impacts, and plan to resume, recover and restore the businesses and technological infrastructure to support these businesses. It is recommended that all the risks with high impact and high probability should have proper response plans and resumption, recovery and restoration plans should be based on the worse case scenario.