Tips: Creating A Business Continuity Plan
SecureWorks offers tips, aligned with some of today's common regulation, to create a business continuity plan.
- Make sure your business continuity plan has a section for disaster recovery, and make sure your BCP is enterprise-wide, considering every critical aspect of your business including personnel and physical workspace. The BCP should include a sequence of tasks and responsibilities that are clearly spelled out.
- Do a thorough business impact analysis (including a security business impact analysis) and risk assessment.
- Test your BCP for its effectiveness, and make adjustments/updates to reflect changes in your organization. Testing is recommended at least on an annual basis, and you should include third parties like data processors, managed security service providers and core processors.
- Identify alternate locations to operate from in the event you are no longer able to conduct business from your office. This should include a capacity for data centers, computer operations and telecommunications.
- Back up data, operating system configurations, applications and utility programs, and identify alternate telecommunications.
- Identify off-site storage for back up media, supplies and documents such as your BCP, inventory list, operating and other procedures, etc.
- Make sure you have alternate power supplies in case you are without electricity (uninterruptible power supplies [UPS] and back-up generators).
- Assemble a team in advance and designate people who are responsible for various tasks in the event of a disaster. All personnel should be trained in their contingency-related duties and new personnel should be trained as they join your organization.