Business Continuity Management Resources
A Business Continuity Management (BCM) plan may be the most important investment your company ever makes. Unfortunately many companies just don’t place a high enough priority on their BCM resources. It is becoming more and more apparent to me that even the organizations that do place a high priority on their BCM planning get overwhelmed by the task and simply don’t know how to go about creating an effective plan. If you are still on the fence about creating a BCM plan read my article on the true cost of doing nothing. Another obstacle to overcome may be in trying to get the rest of your organization to “buy” in on the importance of having an effective plan. If that is the case then read this article on successful disaster recovery planning.
No matter how you look at it, an effective Business Continuity Management may be the only lifeline that keeps your organization alive when a crisis strikes. I understand that the project can seem overwhelming and it is easier to turn it into a “someday” project. In an attempt to help you overcome this and turn it into a “right now” project; I am going to do my best to simplify the task as a whole and compile my list of the most useful resources to utilize when creating your BCM Plan.
First Step– What Does Your Organization Really Need?
Much like a business plan, truly effective BCM cannot simply be cut, paste and fill in the blanks. It must be customized to your organizations specific size, needs and resources. Using templates and examples is a perfect place to start, but you must consider the size and scope of your needs. Also consider that truly effective Business Continuity Management is actually the grouping of multiple plans. The breadth and scope of what plans are actually needed within your organization depends entirely upon the organization itself and your risk assessment. Generally speaking BCM includes disaster recovery, business recovery, crisis management, incident management, emergency management and contingency planning. To a small or medium sized company many of these different plans can be combined; to large corporations it becomes necessary to differentiate between separate plans.
The ISO has pretty much standardized BCM and what all should be included in Disaster Recovery and Business Continuity plans. There is still a lot of customization needed on your part but reading up on ISO- 22301.xxx is a good place to start.
You may also want to read up on the staples that are going to be found in pretty much every Business Continuity Management module. Here are a couple of good resources to get your gears turning.
It is important to distinguish between your Business Continuity Management System and your business continuity plan, as well as your disaster recovery plan, etc. Read up here to help distinguish between it all.
Read up on this article on differentiating between your disaster recovery plan and your business continuity plan.
I also recommend reading up this article to differentiate between the Business Continuity Management System and the Business Continuity Plan itself
Second Step – Finding a Good Template
I must reiterate here that the template should only be used as a first draft approach. It is important to the effectiveness of your plan that you actually write out a real plan and not simply fill in the blanks on a template. However, utilizing a template to get started is a great start. Here are a few good resources.
Hands down my favorite free template is from www.disasterrecovery.org . I suppose it has been downloaded over 30,000 times for a reason.
Another decent template is this one by X solutions. Although it is in essence a simple excel spreadsheet; it does walk you through the steps and gets you started.
Tidyforms offers a few different simple templating solutions to get you going.
Third Step – Making The Plan
This is where we start getting down to the nuts and bolts of the operation. The real question to ask yourself is: Does your organization have the in-house expertise to make a truly effective and compliant Disaster Recovery Plan? The compliance issue depends entirely on what industry you are in. Many industries have regulating bodies that have specific guidelines and best practices you need to be aware of and comply with. For instance health care has Hipaa, the finance industry has FFIEC. This Gartner article has a fairly comprehensive breakdown of the different regulating bodies for each industry.
If your organization does not have the in-house expertise needed, you may want to seriously consider outsourcing your Business Continuity Management Systems. Here are a few good articles to read before deciding.
- Disaster Recovery in The Cloud
- Disaster Recovery Plans / Paper or Virtual
- IT Disaster Recovery Outsourcing
- DR/BC Frequently Asked Questions
- Plan Steps
Fourth Step – Cloud Based or Hard Copy
The invent of the cloud brought a lot to the table regarding business Continuity. In my opinion creating a cloud based DR/BC plan is far superior to maintaining a manual hard copy plan. Here are a few of the benefits.
- Easier to keep updated
- Accessible from anywhere
- Able to host vital documents
- Partner with built in communications
- Cost effective
- Simpler to implement during a disaster
This article is a good resource to explain how disaster recovery in the cloud works.
This article by TechTarget makes some good cautionary points to consider when moving to the cloud
While this document is pretty much simple data hosting on Amazon, it does provide some insight on Cloud Based hosting options.
Now that you have your plan in place, it is simply a matter of keeping it updated and keeping your personnel trained and vested in the success of your plan if disaster strikes.
For more information regarding Business Continuity and Disaster Recovery consider the following resources.