Discussions

IT Business Continuity Plan

+
0 Votes
Locked

IT Business Continuity Plan

Gina Laviste
What should an IT Business Continuity Plan include?

Appreciate any inputs.
  • +
    0 Votes
    Tig2

    From a high level, and by no means complete, some points...

    Your continuity plan should be hand in glove with your disaster plan. They are two different things, but had better work together. With that said, here is my "quick list" of considerations:

    Business criticality- if this application/process/system fails, what is the impact to business?

    Is there an alternative to the way we are doing it? This might mean different platform, paper records, different location, you decide.

    Is it feasible to move the people performing a critical task to a different location? What is required to accomplish this?

    What definitive things are required to call an emergency? Who is responsible for doing so?

    Is the plan something that can be practised? Can we do regular drills?

    What additional equipment should we consider? Does that equipment require training? Do we need to create a handbook? At what level?

    Who will lead- at a departmental level- the execution of the plan? What special instruction should that person get? What qualifications should that person have? Who will substitute for them if they are not present?

    Are there sub-groups in the department that have different levels of criticality? Who are those leaders?

    How does business define criticality? How do the users define it? Are the definitions the same? What are the gaps? How should they be filled?

    These are just points to consider. The plan will cover this and more. At least it should.

    The BCP must be capable of being implemented within an hour of interruption. And it should be drilled.

    Hopefully this is a place to start.


    Edit- typo

  • +
    0 Votes
    Tig2

    From a high level, and by no means complete, some points...

    Your continuity plan should be hand in glove with your disaster plan. They are two different things, but had better work together. With that said, here is my "quick list" of considerations:

    Business criticality- if this application/process/system fails, what is the impact to business?

    Is there an alternative to the way we are doing it? This might mean different platform, paper records, different location, you decide.

    Is it feasible to move the people performing a critical task to a different location? What is required to accomplish this?

    What definitive things are required to call an emergency? Who is responsible for doing so?

    Is the plan something that can be practised? Can we do regular drills?

    What additional equipment should we consider? Does that equipment require training? Do we need to create a handbook? At what level?

    Who will lead- at a departmental level- the execution of the plan? What special instruction should that person get? What qualifications should that person have? Who will substitute for them if they are not present?

    Are there sub-groups in the department that have different levels of criticality? Who are those leaders?

    How does business define criticality? How do the users define it? Are the definitions the same? What are the gaps? How should they be filled?

    These are just points to consider. The plan will cover this and more. At least it should.

    The BCP must be capable of being implemented within an hour of interruption. And it should be drilled.

    Hopefully this is a place to start.


    Edit- typo