Streamline the traditional approach to make BCP development manageable and repeatable. Your Challenge Ineffective business continuity planning (BCP) leads to: Regulators and customers demanding a functional BCP. Progress is limited or stalled – no effective approach to make this a manageable project that can actually be completed. No clear sense of appropriate recovery objectives or how to get there. Do-It-Yourself Implementation The slides in this our Best Practice Blueprint will walk you step-by-step through every phase of your project with supporting tools and templates ready for you to use. Project Accelerator Workshop You can also use this Best Practice Blueprint to facilitate your own project accelerator workshop within your organization using the workshop slides and facilitation instructions provided in the Appendix. Let us help you plan your project Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. Onsite Expert Advice Our expert analysts will come onsite to help you work through our project methodology in a 2-5 day workshop. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully. In some cases, we can even help you to complete the project while we are onsite!

1. The challenge with traditional scenario planning is that it’s impossible to predict every possible incident. Instead, the goal here is one plan
that can be adapted to different scenarios, which also reduces the effort to maintain your BCP.
a. Policies and procedures manuals, if they exist, are often out of date or incomplete. Use these as a starting point, but don’t stop there.
Identify the “go-to” staff members who are well-versed in how the business unit runs and interview them to identify the informal and
undocumented processes.
b. “Working from home” is a common contingency plan, but validate that it is a realistic option during an incident. For example, if there
is a regional power or network outage, employees’ homes may also be affected. If their homes are not affected, is there a process to cover
long-distance or data charges? Are they dependent on inputs from other staff and is there a means to facilitate that workflow from home?
c. If processes are not documented, use this as an opportunity to create standard operating procedures (SOPs) to drive consistency and
process optimization, as described in the Info-Tech blueprint “Create Visual SOP Documents that Drive Process Optimization, Not Just Peace
of Mind.”
a. Account for hard copy files as well as electronic data. For example, case files that lawyers carry in their briefcases are information
necessary to carry out their tasks. If that information was lost, is there a backup? To meet the RPO for that information, you may need to
formalize copying case files on a regular basis (e.g. creating an electronic case file that can be backed up).
b. Expect that the RTOs/RPOs will need to be adjusted after determining the cost of projects required to achieve desired recovery
objectives, especially if the cost is greater than the resulting impact of downtime. This is part of the process of finding the balance between
the cost to prevent downtime and the potential cost and impact of downtime much like an ROI analysisTabletop planning had the greatest
impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.
Be the turtle – improving business continuity capabilities is a long-distance run, not a sprint. Even if budget is not a concern, understand that
change for the better is still change, and introduces risk; and massive changes introduce massive risk. Make incremental changes to minimize
disruption.
a. Define an incident response plan for an event that requires at least temporary relocation so it is comprehensive enough to also cover
other scenarios. The goal is one plan that can be adapted to multiple scenarios, not a separate plan per scenario.
b. Organizations often fail to put the same effort into their procedures for “returning to normal.” However, many of the same risks apply
– including data loss and downtime for the business. Apply the same rigor to your “return to normal” procedures as you do for the initial
recovery.
a. Expect to find conflicting priorities and uncover new dependencies as you complete the BCP for remaining business units. Assign the
same BCP Coordinator to each business unit to identify and resolve these issues as they come up.
b. Incident response team leaders are not necessarily those with the most senior title on each BC/DR team. It’s more important that the
team leader has the appropriate skill set than the bigger title.