Business Continuity Plan
Question:
Our CEO suggested that I help creating such a document (requested by some of our clients). Before meeting the relevant VP, I googled it and was amazed by the wealth of information regarding such plans and their complexity. My question is: did anyone out there participate in such a project and if yes, on what level: - helping with the writing - part of the project team - leading the project. I'm interested in your experience with this.

Answer:

My company writes these for others as a business. Its part of numerous security projects.

Business Continuity Plans (BCPs) are very difficult to write. They demand an intimate and comprehensive understanding of the business, its risks, and its tolerances to failure. It requires extensive training in risk management, information security, and business governance to write a successful BCP. Typically, technical writers assist in such projects, they don't lead them. A security or business auditor should lead such a project.

Ideally, your company needs should conduct a full security assessment that includes a business continuity and gap analysis. From that, you can outline the risks and tolerances for your organization. Then you'll be ready to write a BCP based on the findings of your security assessment

Eric is right, BCP work can be very fun. But if you have never done one, you should seriously consider contracting somebody who has experience doing them. Just running around and documenting paranoia "how many backups do we have" "what happens if a tornado hits the building" is not a BCP. A BCP is a corporate governance document that needs to address fundamental business, financial, and personnel issues. The paranoid stuff is merely a fraction of what a BCP contains.

There are some good templates out there that can serve as a framework. I'd look into ISACA (). Good group. They are mostly focused on IT governance and auditing work. Technically a BCP crosses the IT boundary into business and finance issues.

If you're CEO is asking for one just to placate clients, then you can throw one of these together. It might not be useful, but if that's the goal of the BCP, it will work.


Was this answer helpful?

Not Rated stars Ave. rating: Not Rated from 0 votes.
Home | Business Plan Information | Specfic Business Plans | Industry Business Plans | Other Business Plans | Conference Call Information | Conference Call Pricing | Conference Calling | Site Map
 
 
Privacy Policy