Business continuity plans explained
A business continuity plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. It’s more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human resources and business partners – every aspect of the business that might be affected.
Plans typically contain a checklist that includes supplies and equipment, data backups and backup site locations. Plans can also identify plan administrators and include contact information for emergency responders, key personnel and backup site providers. Plans may provide detailed strategies on how business operations can be maintained for both short-term and long-term outages.
A key component of a business continuity plan (BCP) is a disaster recovery plan that contains strategies for handling IT disruptions to networks, servers, personal computers and mobile devices. The plan should cover how to reestablish office productivity and enterprise software so that key business needs can be met. Manual workarounds should be outlined in the plan, so operations can continue until computer systems can be restored.
There are three primary aspects to a business continuity plan for key applications and processes:
- High availability: Provide for the capability and processes so that a business has access to applications regardless of local failures. These failures might be in the business processes, in the physical facilities or in the IT hardware or software.
- Continuous operations: Safeguard the ability to keep things running during a disruption, as well as during planned outages such as scheduled backups or planned maintenance.
- Disaster recovery: Establish a way to recover a data center at a different site if a disaster destroys the primary site or otherwise renders it inoperable.
Why is a business continuity plan important?
It’s important to have a business continuity plan in place to identify and address resiliency synchronization between business processes, applications and IT infrastructure. According to IDC, "on average, an infrastructure failure can cost USD $100,000 an hour and a critical application failure can cost USD $500,000 to USD $1 million per hour"1.
To withstand and thrive during these many threats, businesses have realized that they need to do more than create a reliable infrastructure that supports growth and protects data. Companies are now developing holistic business continuity plans that can keep your business up and running, protect data, safeguard the brand, retain customers – and ultimately help reduce total operating costs over the long term. Having a business continuity plan in place can minimize downtime and achieve sustainable improvements in business continuity, IT disaster recovery, corporate crisis management capabilities and regulatory compliance.
Yet developing a comprehensive business continuity plan has become more difficult because systems are increasingly integrated and distributed across hybrid IT environments – creating potential vulnerabilities. Linking more critical systems together to manage higher expectations complicates business continuity planning – along with disaster recovery, resiliency, regulatory compliance and security. When one link in the chain breaks or comes under attack, the impact can ripple throughout the business. An organization can face revenue loss and eroded customer trust if it fails to maintain business resiliency while rapidly adapting and responding to risks and opportunities.
What are the key features of an effective business continuity plan?
The components of business continuity are:
- Strategy: Objects that are related to the strategies used by the business to complete day-to day activities while ensuring continuous operations
- Organization: Objects that are related to the structure, skills, communications and responsibilities of its employees
- Applications and data: Objects that are related to the software necessary to enable business operations, as well as the method to provide high availability that is used to implement that software
- Processes: Objects that are related to the critical business process necessary to run the business, as well as the IT processes used to ensure smooth operations
- Technology: Objects that are related to the systems, network and industry-specific technology necessary to enable continuous operations and backups for applications and data
- Facilities: Objects that are related to providing a disaster recovery site if the primary site is destroyed
The business continuity plan becomes a source reference at the time of a business continuity event or crisis and the blueprint for strategy and tactics to deal with the event or crisis.
The following figure illustrates a business continuity planning process used by Kyndryl Global Technology Services. It’s a closed loop that supports continuing iteration and improvement as the objective. There are three major sections to the planning process:
- Business prioritization: Identify various risks, threats and vulnerabilities, and establish priorities.
- Integration into IT: Take the input from business prioritization and perform an overall business continuity program design.
- Manage: Administer what has been assessed and designed.
Resources
1. DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified, Stephen Elliot, IDC Opinion, IDC, December 2014.