Why do I need a Business Continuity Plan?

Written By Todd Mitchell

Business continuity plans (BCP) describe processes and procedures that an organization activates for any threat or issue that may prevent the organization from carrying on normal business. Examples include cybersecurity attacks, fire, flood, and other business disruption causes. This is very important for your business to have a documented plan to get back to work after any disaster.

The most effective parts of a Business Continuity Plan start with identifying critical functions. These must be evaluated for likelihood of occurrence versus consequence to the mission. The risks must then be addressed and mitigated appropriately. Next the plan must be put in place to respond to the incident after it occurs. Research shows that responses from organizations lack any consideration of the impacts of societal and personal disruption. Plans dealt with physical resources and included very little consideration of human resources. Plans assumed that all staff would turn up to work after a disaster and that the rest of society would continue to run as normal.

Next communicate the plan, train the plan, and create awareness in the organization and practice. The actual response to different scenarios should be practiced so that any gaps can be addressed. In most organizations the only one aware of the BCP is the team that authored it.

References

Hatton, T., Grimshaw, E., Vargo, J., & Seville, E. (2016). Lessons from disaster: Creating a business continuity plan that really works. Journal Of Business Continuity & Emergency Planning, 10(1), 84-92.

Todd Mitchell
Previous

What are Advanced Persistent Threats (APTs)?
Next

Why are management actions Prior to Cyber Attack important?