Once a company has defined mitigation strategies, there are a number of tasks and resources that need to be assigned to implement, as well as developing the rest of the Business Continuity Plan.
First, it is necessary to ensure the risk mitigation strategies will be properly implemented which may require creating project plans to address any new initiatives needed to undertake in order to meet risk mitigation requirements. A company will want to develop a work breakdown structure, tasks, resources, and timelines.
Other tasks will have to do with defining your Business Continuity/Disaster Recovery teams, roles, and responsibilities, defining plan phase triggers, and gathering additional data.
The following is a list of tasks related to major activities including alternate sites and contracting for outside Business Continuity/Disaster Recovery services.
1) Identify high-level tasks (i.e. “test security settings”)
2) Break large tasks into smaller tasks until the work unit is manageable
3) Define duration or deadlines
4) Identify milestones
5) Assign task owners
6) Define task resources and other task requirements
7) Identify technical and functional requirements for task, if any
8) Define completion criteria for each task
9) Identify internal and external dependencies
There may be other tasks and resources necessary, but this is a solid starting list for developing tasks, budgets, timelines, dependencies, and constraints for Business Continuity/Disaster Recovery activities in the plan.