Business Continuity Plan
Adapt and respond to risks with a business continuity plan
A business continuity plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. It’s more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human resources and business partners – every aspect of the business that might be affected.
Plans typically contain a checklist that includes supplies and equipment, data backups and backup site locations. Plans can also identify plan administrators and include contact information for emergency responders, key personnel and backup site providers. Plans may provide detailed strategies on how business operations can be maintained for both short-term and long-term outages.
A key component of a business continuity plan (BCP) is a disaster recovery plan that contains strategies for handling IT disruptions to networks, servers, personal computers and mobile devices. The plan should cover how to reestablish office productivity and enterprise software so that key business needs can be met. Manual workarounds should be outlined in the plan, so operations can continue until computer systems can be restored.
There are three primary aspects to a business continuity plan for key applications and processes:
- High availability: Provide for the capability and processes so that a business has access to applications regardless of local failures. These failures might be in the business processes, in the physical facilities or in the IT hardware or software.
- Continuous operations: Safeguard the ability to keep things running during a disruption, as well as during planned outages such as scheduled backups or planned maintenance.
- Disaster recovery: Establish a way to recover a data center at a different site if a disaster destroys the primary site or otherwise renders it inoperable.
Business continuity planning emerged from disaster recovery planning in the early 1970s. Financial organizations, such as banks and insurance companies, invested in alternative sites. Backup tapes were stored at protected sites away from computers. Recovery efforts were almost always triggered by a fire, flood, storm or other physical devastation. The 1980s saw the growth of commercial recovery sites offering computer services on a shared basis, but the emphasis was still only on IT recovery.
The 1990s brought a sharp increase in corporate globalization and the pervasiveness of data access. Businesses thought beyond disaster recovery and more holistically about the entire business continuity process. Companies realized that without a thorough business continuity plan they might lose customers and their competitive advantage. At the same time, business continuity planning was becoming more complex because it had to consider application architectures such as distributed applications, distributed processing, distributed data and hybrid computing environments.