Business continuity plan (BCP)

Posted by Winnie Melda on November 2nd, 2018

A disaster recovery plan is defined as a document prepared to provide the necessary direction in making sure that the business operations are retained to a normal level of functioning as expected. It is a vital plan to any business with the objective it carries to implement within the organization as far as security management is concerned.

The Incident Response process

Incident response process defines the plan developed by the organization to determine the standards, policies, and procedures that are appropriate for risk management in the event of a crisis happening. It is outlined with the objective of curbing on the effects associated with the occurred disaster (Botha & Von Solms, 2004). This incident response process is defined to consist the steps of preparation, detection and analysis, incident containment, eradication and incident recovery practice and post-incident activities.

Preparation

The business continuity plan is always effective upon the description and undertaking of the incident response practice appropriately. The preparation provides the mechanism of being ready for any occurrence that will interfere the normal operations of the business. The natural calamities to take place without the knowledge of the organization and it is always ideal to make sure that the disaster recovery team is always prepared for anything, and that should serve as their motto, “Always prepared.” The preparation for such undetermined instances follows with the gathering of the human essentials and making sure that the entire fraternity of the company is aware of the first step to take in response to the occurrence. In system management, backups should be well functioning on a real time basis to make sure that the last transition is backed up for the future recovery of the business.

Detection and analysis

The detection and analysis is a process that defines the determination of the disaster rather the risk occurrence upon the underlying conditions. It is always ideal to work in close relationship with bodies that are concerned with disaster management so that upon the detection, immediate actions are undertaken. There are predictions of tsunamis and tornados that upon being sensitized the business will take the rapid step in avoiding of much impact to the organization. The required security measures can get enacted to the computing systems and thus safeguard the information and the subsequent effects of getting them destroyed. The analysis will enable the determination of the efforts to put in place to recover the conditions of the business.

Incident containment

The incident containment phase provides the description of the steps that the organization should consider undertaking about controlling and contained the disaster that has occurred. The practice is associated with the execution of activities that are linked to the eradication of the effects and the recovery of the organization operations back to the normal standards.

Eradication and Recovery

The step signifies the actions of removing the related effects and making sure that the organization recovers to the normal state of operation. Some disasters such as natural related cannot get eradicated completely and therefore ideal in preventing their rampant effects to the business. The subsequent actions will include the execution of the business continuity plan and relocating of the business in case of uncontrollable conditions due to the happenings.

The post-incident activities

The post-incident activities define the lesson that a business learns from the previous happenings so that a better plan can be developed to improve on the ways of safeguarding the business operations. The step provides solutions to the question of how to prevent the reoccurrence of the disaster, the potential preventive measures and the ways of improving the disaster recovery process.

Business continuity plans process

The business continuity plan process is defined as the practices of executing the knowledge obtained from the initial study of the incident happening towards providing the resilient response. Therefore the process makes sure that the actions of responding to the incident are kept intact according to the procedures and principles defined within the business to govern disaster recovery. The process of implementing a business continuity plan within the respective organization will get done through the following the steps of identifying and defining the risks that the organization is subjected to by then, the conducting of the risk impact analysis to the organization is considered the subsequent process step. The third phase of the process will define the determination and implementation of the particular preventive and mitigation controls to curb on the respective identified risk. The plan will then followed with the testing of the business continuity plan hence giving the chance of adjusting so as to suit the defined requirements (Goh, 2008).

Identification of the risk

The identification of the threats and risk within the organization is considered as the measure of conducting the business analytics about the previous activities and incidences that happened within the business. The process is done based on the historical happenings within the business about the operations done within the defined time. Another associate to that is the geographical factors that will get to consider the nearest places to determine the natural calamities for instance. The happening of natural calamities may be occurring within a given time which initiates the rupture of other cyber security related threats and risks. The necessary bodies will, therefore, work in close relationship with the response team.

Risks impact analysis

The phase of analyzing the risk impact in regards to the assets of the business will provide a good level of understanding the potential follow up activities that will enable the response team to develop the mitigation and preventive measures. Organizations are defined by different lines of operations and therefore the process will focus on the respective assets such as employees, and telecommunication and IT systems. The identification of the risk impacts to the company can be realized through the destruction of essential structures such as the communication link that renders the system unable to communicate. The Unavailable network will mean the failure of the system is functioning thus meeting not the defined objectives.

The risk impact analysis process always takes the consideration of using the readily available information in determining the respective impact of the incidents that occurs within the organization. In some cases, human loses a life, and this is always the worst impact that the organization may suffer. Therefore, the response team prior the execution of the business continuity plan must develop the best analysis steps to well identify the mitigation measures for prevention of such future happenings.

Prevention and mitigation control

This step of defining the possible prevention and mitigation measures is regarded as the climax part of the business continuity plan. The step is outlined in the descriptive procedures and practices that the organization will get saved prior their execution. The execution will lead to the recovery of the business operations to normal state and hence reduce drastically the effects that are associated with the incident occurrences. Amongst the most considerable procedures and practice is the conducting of training to employees and the entire fraternity of the organization so that they are aware of what to undertake to save their lives and essential assets to the business.

Intruders that do take such opportunities to undertake their malicious actions will be sidelined with the implementation of the cyber security related mitigation measures. Some of the considerable measures are the adoption of the IPSec within all the layers of the network architecture, use of firewalls and installation of the intrusion detection systems. If it is identified that the location is prone to rampant disasters, then the relocation of the business rather the company will be the provisional solution to the risks. In the case, the relocation should get done before the anticipated period that the disasters do take place. The relocation should get done with the reduction of some effects that are associated with the identified risks as their occurrence is such undetermined.

The business continuity plans to test

The business continuity plans final execution process is defined by the testing of the developed plan to provide the necessary mitigation within the company. The process is majorly identified with the practice of verifying and validating the effectiveness of the developed business continuity plan for the organization (Prigmatix Inc, 2012). In the process, there will be the identification and determination of the business continuity plan strengths and defects that will get followed with the rectification to suit the organization security requirements.

Plans for the alternative site relocation

The alternative site for relocation of the organization will get established by the area proximity to calamities. The proneness to natural calamities automatically eliminates the site to get considered for relocation. The appearance of the site regarding the terrain will matter to avoid the issue of floods as well as the access to the essential infrastructure such as good roads, airport or railways come as the alternate factors.

The setting of the alternative site should get defined with the proximity to the different identified threats and risks to the organization. The resources necessary for the implementation of the organization operations should be obtained at acceptable costs that do not affect the financial line of the business  (Martin, 2002). Therefore, proper ways of setting the alternative site for relocation should be such ideal.

Estimated alternative site relocation budget

                        Alternative site relocation budget

Activity/Item                                                                                  Estimated cost ($)

Acquisition of main site                                                                          800 000

The Site analysis                                                                                      100 000

Establishment and development

            -construction                                                                         50 000 000

            - Systems                                                                                 1 000 000

            - staffing                                                                                       10 000

Implementation and deployment of the establishments                          200 000

Operations and Maintenance                                                                   500 000

Other miscellaneous                                                                                 300 000

Total                                                                                                    52 910 000

References

Botha, J., & Von Solms, R. (2004). A cyclic approach to business continuity planning. Information Management & Computer Security, 12(4), 328-337.

Goh, M. H. (2008). Managing your business continuity planning project. Singapore: GMH Pte Ltd. pp 95.

Martin, B. C. (2002).Disaster Recovery Plan Strategies and Processes. Retrieved from https://www.sans.org/reading-room/whitepapers/recovery/disaster-recovery-plan-strategies-processes-564

Prigmatix Inc, (2012). 5 Tips to Build an Effective Disaster Recovery Plan. 

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in college research paper services if you need a similar paper you can place your order for best essay services online.