Business continuity should make focus on incidents that are not frequent but may cause a big impact on the organization.
A Business Continuity Plan (BPC) is a plan used by an organization to respond to disruption of critical business process.
Steps to create a BCP:
- Inventory of assets
- Risk analysis with Business Impact Analysis (BIA) of the assets
- Recovery Strategy Development
- Implementation of BCP
- Recovery Procedures / DRP
- Periodical Test/Simulations
Create a BCP is an iterative and continuous process, so the previous steps may be repeated in cycles.
Concepts related to Business Continuity
Disaster Recovery Plan (DRP) covers the technological aspects of business continuity and document the detail procedure of the recovery operations.
Maximum Tolerable Period of Disruption (MTPD)
MTBF
MTTR
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
Critical Success Factor (CSF)
Key Performance Indicator (KPI)
Risk capacity = Risk Tolerance + Risk Appetite
Standards related to Business Continuity
Standards related to business continuity:
- ISO 22301 covers a Business Continuity Management System (BCMS)
- ISO 22317 covers a Business Impact Analysis (BIA)
- ISO 31000 covers overall risk management
- ISO 27005 covers risk management oriented to IT
You might also be interested in…
External References
- Various authors; “CISA Review Manual 15th Edition“, ISACA, 2016
- Sherifat Akinwonmi, Geary Sikich; “ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Management“, PECB