Business Continuity Plan
In a business continuity plan, inclusion of components of infrastructure in a business is critical. A business should include its organizational assets, resources, processes and systems in its business continuity plan (Haag & Cummings, 2013). IT and all the other systems and information are depended upon by the business in its daily operations. This has been occasioned by an increase in terrorist attacks ad natural disasters, in the world.
Business continuity planning
A business should employ its strategic plan in order to understand the relative importance of all its assets. The other step is the development of a ranking of the assets in terms of their importance in the business. This is crucial since it avoids the high and unnecessary expenses of recovering each asset within minutes of loss. Some of the assets that a business can survive without, for some days, include payroll software (Haag & Cummings, 2013). However, other assets such as supply chain applications and orders should be recovered without much delay.
For Business Continuity Planning, analysis begins with impact analysis. At this point, there is a differentiation between critical and noncritical IT applications and information. The importance of IT assets and their susceptibility to threats are considered. The other type of analysis is threat analysis. At this point, all the threats to an organization are documented. The magnitude of threats such as floods, earthquakes and cyber attacks is evaluated. In e-business, for example, the threat of increased online traffic is substantial (Haag & Cummings, 2013). The third step in the analysis is impact scenario analysis. A business considers each threat and makes the worst case scenario for each of the threats. Further definition and detail concerning the scope and magnitude of possible disaster is evaluated. The final step in the analysis is the requirement recovery document. This document summarizes all the other levels of analysis, and it forms the basis of the design phase.
BCP design involves preparing a formal, technical and detailed plan for disaster recovery. It is the disaster recovery plan. An offsite storage facility stores the backup information. A collocation facility, a hot site and a cold site are essential facilities in the design phase. A disaster recovery cost curve is used in the recovery plan (Haag & Cummings, 2013). This plan charts the cost to an organization of information availability the cost of disaster recovery over a certain time. An intersection of these curves is the best and optimal recovery point based on cost and time.
For BCP, implementation is conducted before doing tests. A business implements all the procedures that are necessary in disaster recovery. Consultations are done with providers of collocation facilities and cold and hot sites. Employees are trained on the way they should react to disasters. Evaluation of IT systems is done to ensure they are configured optimally for disaster recovery (Haag & Cummings, 2013).
At this stage, the simulations of disaster scenarios are executed. Employees are engaged to ensure that the solution meets the recovery requirements of the organization (Haag & Cummings, 2013). In the event that there are noticeable deficiencies, the organization should return to design and implementation stages. This will assist in reconfiguring and reimplementation of disaster recovery plan. This testing is done until an optimal plan is developed.
As far as maintenance is concerned; there is a need to assess any new threats. In addition, reevaluation of IT systems is necessary. The other areas that should be surveyed are organizational assets in order to determine their importance in an organization (Haag & Cummings, 2013)
Haag, S., & Cummings, M. (2013). Management Information Systems for the Information Age. New York: Mc-Graw Hill.