Business Continuity Requirements
Business continuity requirements, ensures the continuity of IT operations that is maintained from the primary or alternate locations during an incident or disastrous events.Business continuity requirements are based on the business continuity planning (BCP).
Develop and Document Scope and Plan
Business Continuity Planning (BCP)
BCP aims to prevent interruptions to operations and it is a process that proactively addresses the continuation of business operations during and in the aftershock of such disruptive events.
- Ensure the continuity of business operations without affecting the whole organization.
- Availability is most important factor.
- Life safety or preventing human loss
- Avoid any serious damage to the business
- Scoping: The scope of a BCP primarily focuses on a business process. The primary principle of BCP scoping is ensuring that the scoping process includes all the essential resources.
- Initiating the Planning Process: Establishing the roles and responsibilities of personnel involved
- Performing Business Impact Analysis (BIA): It is a type of risk assessment application that tries to assess qualitative and quantitative impacts on the business due to a disruptive event. Quantitative impacts are related to financial losses but Qualitative impacts are operational impacts such as the inability to deliver. This process has eight steps, which we will describe soon.
- Developing the BCP: Identify critical business processes and functions.
- BC Plan Implementation: The senior management must approve the properly documented business continuity plans, until then based on, it the plans are implemented.
- BC Plan Maintenance: Create a plan to maintain operations. The plans need to be periodically reviewed and updated.
Business Impact Analysis Steps
According to ISC2, this step itself includes the following six steps:
- Select individuals to interview for data gathering.
- Create data-gathering techniques, such as surveys, questionnaires, qualitative and quantitative approaches.
- Identify the company’s critical business functions.
- Identify the resources these functions depend upon.
- Calculate how long these functions can survive without these resources.
- Identify vulnerabilities and threats to these functions.
- Calculate the risk for each different business function.
- Document findings and report them to management.