Back to the Basics – BCP 101

Michael Herrera

Developing a BCP program requires a sound methodology to ensure consistency of application and level of results.  Using the Disaster Recovery Institute International (DRII) model as our baseline, we break a typical BCP program into the following areas:

 

Oversight and Governance 

  • Develop a sound management oversight group to oversee the program and its plan of action. 
  • Determine the budgeting process and how it will be administered on a regular basis.
  • Create reporting mechanisms to show progress, successes and action items on a regular basis.
  • Document and approve policies and standards for implementation of the program.

 

Functional Requirements

  • Identify what is critical to your organization using a Business Impact Analysis (BIA) study.  Determine how soon after a disruption your business processes must be recovered, how much data loss is acceptable and the associated technology to support the processes.
  • Using a Threat and Risk Assessment (TRA), determine relevant threats (man-made, natural, technological) to your organization and the level of mitigation you have in place today.  Document findings and recommendations for improvement.

 

Recovery Strategy

  • Based on the findings of your BIA and TRA, identify the recovery strategies (e.g., internal, external, hybrid) you will need to recover your critical staff, business processes and computer technology in a timely manner.  Can we do this internally using another company location, use a third party recovery provider and/or use internal sites along with an external provider? 
  • Document options, costs and present for review and approval by the Oversight group.
  • Budget and implement the solutions.

 

Plan Development

  • Create a corporate level crisis management team to strategically lead the organization in a disruption.
  • Train recovery planners and teams in the development and use of recovery plans for business processes and computer technology.
  • Document and develop recovery plans and teams for your critical business processes and computer technology identified in your BIA.
  • Hold a mock disaster exercise for the crisis management team and walkthroughs of your recovery plans.

 

Plan Testing, Maintenance

  • Hold recovery exercises at your alternate locations for your business processes and computer technology.
  • Update the recovery plans on a regularly scheduled business.
  • Update your alternate site configurations based on the changes in your business processes and technology.

 

Continuous Improvement

  • Look for continued ways to improve the BCP program and measure its capability. 
  • Document a roadmap for continued improvement. 

 

This is a highly simplified view of a BCP program but provides you with the basic components of what is required to be implemented in any recovery program.

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations. Every day, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business. For more information on MHA, contact Michael Herrera at herrera at mha-it dot com.