The Business Continuity Plan (BCP) is a formal written manual, which must be available for use before, during and after the end of business or catastrophic events. The goal of creating such a document is defining the minimum necessary resources and the way in which business activities will be organized in the event of a serious incident (natural disaster, fire, flood, terrorist attack …) and the necessary activities that must be undertaken in order to successfully return business to standard flows in the shortest possible time.
DESIGNING A BUSINESS CONTINUITY PLAN
Business organizations are exposed to different types of risks that can seriously jeopardize their business. That is why preventive planning and taking steps are necessary in order to secure business in the event of an unwanted event.
Planning stages:
Identification of risk
This plan must contain realistic potential risks. For this purpose, companies and business organizations often hire experts from the side.
Analysis
The next step in developing a business continuity plan is to analyze potential risks and business activities in order to identify business processes and resources that are critical to the organization’s operations.
Making a solution
Making a solution involves finding the most effective ways to recover business functions after a catastrophic event. This includes identifying the cost of the most favorable solution for recovering a critical business function, as well as the cost-benefit analysis in relation to the likelihood of the events and the impact it may have on the work of the organization.
Implementation and formal acceptance
Implementation of a business continuity plan is a process in which all the elements defined during the development of the plan are put into operation. This implies the establishment of a management body, contact list of employees, partners and external associates who play a role in the rapid and efficient recovery of key business functions.
Testiranje
Da bi organizacija bila sigurna da je plan za kontinuitet poslovanja zaista primenljiv i da na najjednostavniji i najefikasniji način obezbedjuje nastavak obavljanja ključnih poslovnih funkcija, potrebno je obaviti simulaciju katastrofalnih dogadjaja i testirati sve elemente plana.
Održavanje i unapredjivanje prihvaćenog plana
Usvojen plan za kontinuitet poslovanja treba kontinuirano ažurirati u skladu sa poslovnim i kadrovskim promenama u organizaciji.
Odredjivanje optimalnog nivoa investicije
Najznačajniji parametri za definisanje rešenja i njegove cene jesu vreme potrebno za oporavak poslovnih podataka (RTO – Recovery Time Objective) i vreme u koje želimo da vratimo sistem pre gubitka podataka (RPO – Recovery Point Objective). Što su ova vremena kraća, rešenje za bekap ili oporavak (disaster recovery) je skuplje, a gubici su manji, i obrnuto. Postavlja se pitanje kako ih odrediti, tako da investicija u rešenje bude opravdana.
U zavisnosti od osetljivosti poslovanja, kompanija se može odlučiti da investira u sistem za zaštitu od gubitka podataka onoliko koliko bi bila u gubitku da izgubi podatke (na grafikonu je to prikazano kao tačka preseka crvene i plave krive). U praksi optimalni iznos investicije u ova rešenja nalazi se negde oko ove tačke. Kompanije, dakle, pre svega definišu koliko dugo smeju da ostanu bez poslovnih podataka, a onda dizajniraju rešenje koje bi takvo stanje poslovanja podržalo.