A business continuity plan is an integrated set of instructions, procedures, and instructions that enable a certain business institution to respond effectively to disasters, accidents, threats, or emergencies without necessarily having to hinder or stop the key operations the business.
The development of this business continuity plan involves four main steps
- Conduction of a business impact analysis aimed at identifying the most critical and time sensitive functions of the business and identifying the resources and processes that essentially support them.
- The identification, documentation and subsequent implementation so as to recover the critical business processes and functions
- Organization of a team, followed by the compilation of a BCP for managing a disruption in the business.
- Availing training to the team members and enacting exercises or testing procedures to evaluate the viability of the plan.
The business impact analysis is the process of predicting the impact of a business disruption by gathering and processing information that is vital in the development of recovery strategies. It is conducted through a questionnaire that is used to survey mangers, directors and other relevant individuals in the business institution. It requires the people filling the questionnaires to identify and state the impacts that a business interruption might have on the processes or functions that they are directly responsible for. The BIA is related to the BCP in that it is the framework that provides the necessary information to be used in the formulation of a BCP.
In case, the firm is unable to continue operating its business, it will inform is customers in due time and assure them of the status of their funds at the union.
Policy objectives/objectives
The policy aims is intended to
- Ensure that disruptions that are constantly witnessed in business institutions that tend to slow down their operations are responded to effectively to ensure that the business remains running.
- Establish effective working relationships with our customers since they are indeed the pillar of the organization and without them, the business is bound to come crashing down.
- Equip employees with skills that will help them cope and adapt to disruptions that may be witnessed
- Mitigate the negative effects of the business disruptions
- Create a good public image and a high confidence level with the business form the public.
Scope
The policy covers every customer and every employee working in the firm. The firm also recognizes two main types of business disruptions that can halt the operations of the business. These two classes of disruptions form the basis of the firm’s business continuity policy plan. The two are internal disruptions and external disruptions.
Internal disruptions are the ones that affect the firm’s ability to do business or to communicate. For example, a fire that can occur within the business premises. The policy aims to ensure that should such events ever occur, there will be an effective damage control framework that will help to reduce the negative effects and ensure the firm is up and running again in the shortest time possible.
The external business disruptions mainly emanate from the external environment. The firm’s business continuity policy is intended to reduce the negative consequences that such disruptions can give to the business.
Standards
This policy recommends the use of technological standards for its full and complete implementation. It recommends the use of an integrated database server to store all the data pertaining to customers’ and employee’s accounts. These records have a tape back up.
The policy is tailored to ensure that if an external or internal business disruption ever occurs and the paper records are lost, they can be physically recovered from the tape back up site. If the primary site proves to be inoperable, then the firm will conduct its operations from the established back up site. If electronic records are lost, the storage media will be physically recovered or the date will be recovered electronically from the back up site.
The recovery time objectives (RTO) of the policy will define and determine the speed in which the IT infrastructure like applications, servers, and data access processes and services regain full operation after an episode of business disruptions. The policy stipulates a maximum recovery period b hours by which the business functions will be back in operation fully.
The recovery time objective (RPO) is an indicator of the maximum time in which it is still possible to recover data form back ups or transaction logs. As seen in above, the policy has already proposed an effective back up system form which data can be recovered as soon as possible.
Procedure
The procedure for the implementation of this policy is actually very simple and straightforward. The firm should first put the required funds in place. The firm will then inform its customers and employees of the impending enactment of the policy. The required technological infrastructure will then be out in place. The policy will then be introduced gradually and it is expected that it will be fully functioning by the end of two months.
Guidelines
Since the policy is very straightforward and simple, not many impediments that expected. The only issue would be lack of cooperation from the customers and the employees. This is why the firm intends to educate fully the employees and the customers before engaging in its implementation process.
In conclusion, it is the company’s hope that this policy will be effective and will indeed yield the desired results.
Works Cited
"Business Impact Analysis | Ready.gov." Home | Ready.gov. N.p., n.d. Web. 22 Apr. 2013. McCrackan, Andrew. Practical Guide to Business Continuity Assurance. Boston: Artech House, 2005. Internet resource.
