A Business Continuity Plan includes: Having a BCP enhances an organization's image with employees, shareholders and customers by demonstrating a proactive attitude.
Additional benefits include improvement in overall organizational efficiency and identifying the relationship of assets and human and financial resources to critical services and deliverables.
The lessons learned include: Continuous Service Delivery Assurance (CSDA) is a commitment to continuous delivery of critical services that avoids immediate severe disruption to an organization.
A BCP includes both risk evaluation, management and control and effective plans, measures and arrangements for business continuity.
While governments, not-for-profit institutions, and non-governmental organizations also deliver critical services, private organizations must continuously deliver products and services to satisfy shareholders and to survive.
Although they differ in goals and functions, BCP can be applied by all organizations.September 11, 2001 demonstrated that although high impact, low probability events could occur, recovery is possible.Even though buildings were destroyed and blocks of Manhattan were affected, businesses and institutions with good continuity plans survived.The purpose of the BIA is to identify the organization's mandate and critical services or products; rank the order of priority of services or products for continuous delivery or rapid recovery; and identify internal and external impacts of disruptions.This step determines what goods or services it must be delivered.It also implements the BCP, coordinates activities, approves the BIA survey, oversees the creation of continuity plans and reviews the results of quality assurance activities.Senior managers or a BCP Committee would normally: The BCP committee is commonly co-chaired by the executive sponsor and the coordinator.A Business Resumption Plan describes how to resume business after a disruption.A Disaster Recovery Plan deals with recovering Information Technology (IT) assets after a disastrous interruption.Information can be obtained from the mission statement of the organization, and legal requirements for delivering specific services and products.Once the critical services or products are identified, they must be prioritized based on minimum acceptable delivery levels and the maximum period of time the service can be down before severe damage to the organization results.