Business Continuity Plan Development

Business Continuity Plan (BCP) allows you to prepare for the worst situation that would keep your business from being operational and to minimise service disruption as well as financial loss. The plan only needs to include the business activities that are most critical to keep your company up and running.

Based on the results from the analysis made on critical business activities and possible risks, you can start developing business continuity and recovery strategies. The selection of strategy may depend upon the criticality of business activities, cost, time for recovery and security.

Listed below are the typical items included in a BCP:

• Individual roles and responsibilities;
• Conditions for its activation;
• Processes to be followed;
• Escalation plan;
• Emergency procedure to handle incident;
• Temporary operational procedure;
• Resumption procedure;
• Fallback procedure; and
• Maintenance schedule and process for testing the plan.

For a small company, a BCP may be simply a printed manual stored safely away from main working location, with emergency contact information, location of offsite data backup storage media, copies of insurance contracts, and other critical material necessary for survival of the business.

The purchase of suitable insurance may be considered as part of the overall business continuity process to recoup losses from risks that cannot be completely prevented or controlled. The decision to obtain insurance should be based on the likelihood and degree of loss identified. Please note that insurance should not be treated as a substitute for an effective BCP since it does not deal with the recovery of business.

Before the plan is put into practice, testing should be conducted to ensure it is effective. Testing may include simulations, business process test, technical recovery and resumption testing, recovery processes testing at alternate site, supplier facilities and services testing etc.