1. Develop a Business Continuity Plan
Streamline the traditional approach to make BCP development manageable and repeatable.
Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© Info-Tech Research Group

2. ANALYST PERSPECTIVE
A BCP touches every aspect of your organization, making it potentially the most complex project you’ll take on. You must streamline this effort or you won’t get far.
Don’t try to boil the ocean. Use these tactics to streamline your business continuity plan (BCP) project and stay on track:
Focus on one business unit at a time. Keep the effort manageable, establish a repeatable process, and produce deliverables that provide a starting point for the rest of the organization.
Don’t start with an extensive risk analysis. It takes too long and at the end you’ll still need a plan to resume business operations following a disruption. Rather than trying to predict what could cause a disruption, focus on how to recover.
Keep your BCP documentation concise. Use flowcharts, checklists, and diagrams instead of traditional manuals.
Frank Trovato,
Research Director, Infrastructure & Operations Practice Info-Tech Research Group

3. Our understanding of the problem
CIOs and infrastructure managers/VPs who have been tasked with leading or assisting business continuity planning.
CIOs and infrastructure managers/VPs who are seeking to align their IT DRP with an overall business continuity plan.
Position IT as the consultant for BCP, not the owner. Ultimately, the business needs to own the BCP to make it sustainable.
Execute a pilot BCP process to establish a methodology that can be repeated by the rest of the organization.
Achieve alignment between your IT DRP and overall BCP.
Business leaders responsible for business continuity planning.
Executives seeking to understand the time and resource commitment required for business continuity planning.
Follow a methodology that can be implemented one business unit at a time to keep the process from becoming overwhelming.
Scope the time and effort required to develop a BCP.

4. Executive summary
As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes and, therefore, their requirements to resume business operations better than anyone else.
The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.
Leverage the BCP methodology to not only identify current processes, but also review and optimize those processes.
Natural disasters such as Hurricane Sandy have increased executive awareness and internal pressure to create a BCP.
Similarly, industry and government-driven regulations are placing more focus on business continuity capability.
Customers are also demanding that organizations provide evidence that they have a workable BCP before agreeing to do business.
IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.
IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
BCP requires input from multiple departments with different and sometimes conflicting objectives.
Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time resource-intensive project.
Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP from becoming an overwhelming project.
Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

5. An overall business continuity plan requires several key components from different stakeholders
A business continuity plan (BCP) consists of several different plans as illustrated below. This blueprint enables you to:
Develop a BCP for a selected business unit (as a pilot project), and thereby establish a methodology that can be repeated for remaining business units.
Through the BCP process, clarify requirements for an IT disaster recovery plan (DRP). Refer to Info-Tech’s Disaster Recovery Planning workshop for instructions on how to create an IT DRP.
Implement ongoing business continuity management to govern BCP, DRP, and crisis management.
Overall Business Continuity Plan
IT Disaster Recovery Plan
A plan to restore IT application and infrastructure services following a disruption.
Info-Tech’s Disaster Recovery Planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.
BCP for Each Business Unit
A set of plans to resume business processes for each business unit. This includes:
Identifying business processes and dependencies.
Defining an acceptable recovery timeline based on a business impact analysis.
Creating a step-by-step recovery workflow.
Crisis Management Plan
A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.
Note: Crisis management is typically part of a risk management program. Refer to Info-Tech’s Risk Management blueprint. In the blueprint, Phase 4 outlines the BCM teams necessary to govern BCP, DRP, and crisis management.

6. Create a Right-Sized Disaster Recovery Plan today.
Info-Tech Insight: Business continuity planning should start with an up-to-date IT disaster recovery plan
Why you should start business continuity planning with your DRP:
IT services are a critical dependency for most business processes. Creating an IT DRP helps you mitigate a key risk to continuity quicker than it takes to complete your overall BCP, and you can then focus on other dependencies such as people, facilities, and suppliers. 1 2
A BCP needs to include workarounds for IT failures. It’s difficult to plan workarounds without a clear understanding of the potential IT downtime and data loss – your DRP will answer those questions. Think of payroll as an example: if downtime might be 24 hours, simply waiting for recovery might be an option; if downtime might be a week, waiting it out is not an option. 3
In the absence of a DRP, business continuity discussions often get bogged down in how to recover IT services because they are so critical. Again, take care of your DRP first, mitigate a key risk, and then move on to the rest of your BCP.
Create a Right-Sized Disaster Recovery Plan today.

7. Use Info-Tech’s methodology to right-size and streamline the process.
The traditional approach to BCP takes too long and produces a plan that can not be used or maintained
The Problem:
You need to create a BCP, but don’t know where to start.
The Solution:
Source: Info-Tech Research Group
BCP is being demanded more and more to comply with regulations, mitigate business risk, meet customer demands, and obtain insurance.
IT leaders are often asked to lead BCP.
Use Info-Tech’s methodology to right-size and streamline the process.
Reduce required effort. Keep the work manageable and maintain momentum by focusing on one business unit at a time; allow that unit to own their BCP.
Prioritize your effort. Evaluate the current state of your BCP to identify the steps that are most in need of attention.
Get valuable results faster. Functional deliverables and insights from the first business unit’s BCP can be leveraged by the entire organization (e.g. communication, assessment, and BC site strategies).
The
Complication:
Following a traditional BCP process takes longer to show value.
Traditional consultants don’t usually have an incentive to accelerate the process.
At the same time, self-directed projects with no defined process go months without producing useful deliverables.
The end result is a dense manual that checks boxes but isn’t maintainable or usable in a crisis.
BCP? I thought you said “beastly fee.”

8. Provide early value from BCP with Info-Tech’s practical approach, including a response plan for critical business units
Info-Tech’s Approach to Business Continuity Management (BCM):
Focus on developing a recovery workflow for critical business units first.
Resolve critical gaps as you identify them.
Set an agenda that provides quick-wins to create and maintain momentum.
Take an incremental approach to quantify and qualify the effort required for BCP.
Embed training and awareness
throughout the planning process.
Leverage early results to establish a BCM framework.
Ongoing testing, maintenance, improvement, awareness, and training.
Take action to resolve critical gaps as they are identified.
BCP for Business Unit A
Scope
Pilot
BIA
Response
Plan
Gap Analysis
Lessons Learned
BCP for Business Units B through N.
Scope
BIA
Gap Analysis
Response
Plan
3 months
6 months
1 year
Organizational Risk Assessment and Business Impact Analysis
Solution Design to Achieve Recovery Objectives
Create and
Validate Response Plans
In comparison, traditional BCM requires:
An extensive, upfront commitment of time and resources before retrieving any value or accomplishment from the process.
A “big bang” approach that makes it difficult to predict the required resourcing and timelines for the project.

9. Project Overview
Phase 1: Identify BCP Maturity and Business Process Workflows
Phase 2: Conduct a BIA to Determine Acceptable RTOs and RPOs
Phase 3: Document the Recovery Workflow and Projects to Close Gaps
Phase 4: Complete Your BCP and Implement Governance
Phases
Assess current BCP maturity
Define an objective impact scoring scale
Determine current recovery procedures
Repeat the pilot BCP process and create your overall BCP
1.1
2.1
3.1
4.1
Establish the pilot BCP team
Estimate the impact of downtime
Identify and prioritize projects to close gaps
Create BCM teams
1.2
2.2
3.2
4.2
Steps
Identify business processes, dependencies, and alternatives
Determine acceptable RTO/RPO targets
Evaluate BC site and command center options
Update and maintain BCP and BCMS documentation
1.3
2.3
3.3
4.3
BCP Business Impact Analysis Tool
Reference Workbook
BCP Maturity Scorecard
BCP Alternate Site Provisioning List
Recovery Workflow
Workarounds & Checklists
Tools and Templates
BCP Project Roadmap
Declaration Plan
Project Charter
BCP Summary
Business Process Workflows
Executive Presentation
Prioritization Tool

10. Preview: Assess current BCP maturity1
PHASE
A BCP maturity scorecard that aligns with ISO
Info-Tech has created a BCP maturity assessment that aligns with the provisions of the key ISO standard on business continuity management.
Use this Scorecard to:
Assess your current BCP maturity.
Create a compelling visual to tell the story to executives and auditors.
Track progress over time as you complete exercises, projects, and documentation that support your BCMS.
Focus your BCP efforts, based on the results.
The fact that this aligns with ISO…is huge.
Dr. Bernard Jones, MBCI, CBCP
Use your Info-Tech membership to download the BCP Maturity Scorecard today.

11. Info-Tech Research Group Helps IT Professionals To:
Quickly get up to speed with new technologies
Make the right technology purchasing decisions – fast
Deliver critical IT projects, on time and within budget
Manage business expectations
Justify IT spending and prove the value of IT
Train IT staff and effectively manage an IT department
Sign up for free trial membership to get practical
solutions for your IT challenges
“Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment.
- ARCS Commercial Mortgage Co., LP
Toll Free: