Business Continuity Planning (BCP) and Disaster Recovery are essential tools for organizations of any size and maturity level; but what may not be apparent is the appropriate amount of resources required to ensure organizations are prepared with an effective BCP. All too often, the task of constructing and maintaining the organizations Business Continuity Plan falls to a select few or even a single team member. This is due to many reasons but will likely lead to a sub-par solution or ineffective reaction in the event of a BCP incident without proper thought and planning from senior leadership. The inability to react to an incident effectively could lead to possible loss of business functions, revenue opportunities, or even the loss of life and sustainability of the organization. An appropriate level of organizational resource commitment to the BCP effort should be a priority.
What is Business Continuity Planning?
BCP is the process of planning for the continuous operation of an organization, prior to an event, with the intended purpose of ensuring that business services and functions remain operable during and after an incident.
For many years Business Continuity was viewed as an extension of the Information Technology department due to the cross-departmental nature of the systems in which IT were historically responsible. The IT department also garnered their image as those holding the keys to the Disaster Recovery program because the ability to backup data at an alternate site and restore a semblance of critical systems was all some believe is required for an effective DR program.
At a high-level this may make sense, as technology recovery has become essential for the operations of organizations of any size, especially those spanning multiple geographic locations. But for those working at an operational level, Business Continuity requires much more than the ability to recover data and systems – after all, what good are those data backups if the organization is unable to recover personnel, critical infrastructure, and organizational governance?
Maintaining an Effective BCP Team
Developing, implementing, and maintaining an effective Business Continuity Plan requires buy-in and coordination from across the organization. As such, this is not a task that can be delegated to a single individual such as a compliance coordinator or IT manager without a committed team and organizational focus. Nor is it a task that, once complete, can be packaged up and placed on a shelf, never to be seen again until an incident occurs. An effective BCP is an organic and fluid program that should accurately represent the organization at the current moment in time and which requires regularly scheduled updates and revisions.
The scope and size of the teams discussed below may feel excessive at first glance, depending on the organization’s current maturity, but the requirement should become clear after understanding the roles and responsibilities each member fulfills.
Business Continuity Steering Committee
The organization should maintain a Business Continuity Plan that is able to address a wide variety of possible incidents which may pose a danger to operations, continuity of governance, and business survivability. Constructing a comprehensive plan to safeguard against these dangers requires representatives from critical departments to speak to department specific risk and recovery efforts. These personnel should be brought together to form the Business Continuity Steering Committee and will likely be comprised of the following departments: