Business Continuity and Disaster Recovery Plan Framework

In today’s world of ever increasing threats, companies need a highly structured and well-defined Business Continuity Plan (BCP) that leverages recognized industry standards and best practices. The BCP should provide a roadmap to prepare for and respond to a range of potential emergencies/disasters relating to the people, data and facilities that comprise business assets. The BCP should provide a description of the overall business continuity response management structure, identify specific roles and responsibilities, designate coordination and communication between entities, and describes a general concept of operations for efficiently and effectively addressing the life cycle of an incident.

While every company is different, general Business Continuity and Disaster Recovery Plan components could include:

  1. Introduction
    • Purpose
    • Applicability and Scope
    • Assumptions
    • Plan Development
    • Definition of a Disaster
  2. Risk Assessments and Business Impact Analysis (e.g., assessing business risk and impact of potential emergencies)
  3. Functionality and Environment
    • Recovery Strategy Overview
    • Architecture and Dependencies
    • Required Availability Capabilities
    • Recovery Resources (e.g., communication tools, vital records)
  4. Organization and Team Responsibilities
  5. Concept of Operations
    • Response (e.g., discovery and notifications, command and control, assessment, disaster declaration, response management)
    • Recovery (e.g., resumption of operations, failover process and recovery order, system recovery, technology recovery verification, alternate sites, reconstitution, etc.)
    • Prevention/Mitigation (e.g., self-assessments, data back-up, back-up power, security, monitoring, post-incident review, improvement planning)
    • Preparedness
      1. Plan Maintenance
      2. Training
      3. Plan Exercising/Testing

Possible Appendices:

  • Business Continuity/Disaster Recovery Team Roster
  • Checklists and Forms
  • Technical References
  • Application Tiering
  • 3rd Party Resources

Download PDF