Please enable JavaScript.
Coggle requires JavaScript to display documents.
1 - Business Continuity Planning - Coggle Diagram
1 - Business Continuity Planning
Project scope and planning
Organization review
Goal: identify all departments and individuals who have a stake in the BCP process
BCP team selection
Representatives of departments for core services
It subject-matter experts in areas covered by BCP
Cybersecurity team members
Physical security and facility management
Attorneys
HR
Public relations team
Senior management representatives
Resource requirements
Resources for 1. BCP development
Resources for 2. BCP testing, training, and maintenance
Resources for BCP implementation
External dependencies
Request a System and Organization Controls (SOC) 2 or 3 report to vendors
Business impact analysis
Identifying priorities
Quantitative analysis
Asset Value (AV)
Maximum Tolerable Downtime (MTD) (also known as Maximum Tolerable Outage (MTO))
Recovery Time Objective (RTO)
Ensure RTO < MTD
Recovery Point Objective (RPO) == amount of data ready to lose (15 minutes max)
Risk identification
Identify all types of risk (e.g. terrorist acts, tornadoes, earthquakes, economic crises, service provider outages)
Likelihood assessment
Annualized Rate of Occurence (ARO)
Impact analysis
Exposure Factor (EF)
Single Loss Expectancy (SLE)
Annualized Loss Expectancy (ALE)
SLE = EF * AV (asset value)
Resource prioritization
Prioritize risks between quantitative and qualitative
Continuity planning
Strategy development
Goal: bridge the gap between the BIA and continuity planning elements of the BCP development
Provisions and Processes
People
Most valuable asset
Buildings/Facilities
Hardening Provisions (e.g. patch a leaky roof, fireproof walls)
Alternate sites (if no hardening is possible)
Infrastructure
Physically Hardening Systems (e.g. Uninterruptible Power Supplies)
Alternative Systems
Goal: Create a Continuity Of Operations Plan (COOP)
Plan approval and implementation
Plan Approval
Plan Implementation
Communication, Training and Education
BCP Documentation
Continuity Planning Goals
Statement of Importance
Statement of Priorities
Statement of Organization Responsibility
Statement of Urgency and Timing
Risk Assessment
Risk Acceptance/Mitigation
Vital Records Program
Keep all business-critical records (e.g contracts, patents)
Emergency Response Guidelines
Immediate response procedures
Individuals to notify
Secondary response procedures
10 Maintenance
All older versions of the BCP should be physically destroyed and replace by the latest version
Testing and Exercises