No one argues with the value of having a continuity plan. Considered a core discipline of business resiliency, the Continuity Plan (CP) deals with the actions organizations take before, during and after a crisis to insure minimal disruption and loss.
The studies are in, the facts are verified, and the arguments are compelling! In the event of a catastrophe, having a comprehensive CP reduces business losses by up to 90% and helps maintain stakeholder confidence in the organization. However, despite universal acceptance of the value of planning, surprisingly few organizations have an ongoing program that promotes business continuity through planning, testing, and other forms of continual improvement. While some organizations shy away from developing a plan because they are intimidated by what may seem to be a significant commitment of time and resources to such a project, others just are not sure of how to proceed.
Below is a sample outline of a business contingency plan.
|Cover Memorandum from Management
Signature Page of Program Team
Table of Contents
Memorandum to the Reader
Program Mission Statement & Glossary
Section 1 – General Policies
Command and Control Center(s)
Emergency Teams & Key Personnel
Coordination with Public Agencies
Risk Analysis Results
Disaster Scenarios Defined
Business Impact Assessment
Security and Disaster Prevention
Awareness and Training Activities
Alternative Sites & Infrastructure
Essential Services and Finance
Inventory of Critical Assets
IT & Telecom Recovery Considerations
Timetables, Strategies and Exhibits
Introduction and Expectation
Emergency Team(s) Activation and Role
Initial Response & Recovery Actions
|Emergency Declaration Guidelines Detailed Life Safety Plans
Detailed Employee Assistance Plans
Detailed Facility & Security Plans
Detailed IT & Telecom Plans
Crisis Communication Strategies
Management Update Strategy
Value Chain Communications
Alternative Sourcing & Services
Other Stakeholder Communications
“All Clear” Declaration
Disaster Assessment Guidelines
Vital Function Recovery Timeframes
RTO and RPO Guidelines
Priority Restoration Plans
Human Resource Policy Issues
Facility and Security Considerations
Legal and Regulatory Concerns
Financial Management Issues
Supply Chain and Logistics
Resumption of Normal Operations
Future Plan Testing Schedule
Post Event Analysis
Plans come in many sizes and formats and the plan’s organization reflects its purpose. Various industry and governmental groups have agreed on a common format, which has gained international acceptance. In the United States, this format finds expression in the publication NFPA 1600, while internationally; a nearly identical structure is promoted by British Standard 25999. These methodologies form the core of the business continuity training and credentialing offered by the three most widely recognized organizations in this field: the Disaster Recovery Institute International (DRII), the Business Continuity Institute (BCI) and the International Consortium for Operational Resiliency (ICOR).
Openly discussing your business continuity plan with employees, vendors, and clients promotes development of a culture of safety and resiliency in the community.
Regardless of how well designed your plan is, it has little value if it is untested and unused. The best way to insure its relevancy is through regularly scheduled exercise and reviews. While some may view quarterly or semi-annual testing as an unnecessary expense, when a disaster strikes, these experiences can mean the difference between life and death. Several professional associations provide information and conduct research on the topic of business continuity planning.
We recommend that interested parties should join one or more of these professional societies and to invest time in learning about this important area of Business Continuity Planning.
For more information on this subject, other business continuity topics or business continuity policies please write to: