What is a business continuity plan (BCP)?
A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and can function quickly in a disaster.
Understanding Business Continuity Plans (BCPs)
BCP involves defining any risks affecting the company''s operations, making it an essential part of the organization''s risk management plans. Risks may include natural disasters'fire, flood, or weather-related events'cyber-attacks, and Centers for Disease Control events (COVID-19). Once the risks are identified, the plan should also include the following:
- Determining how the risk will affect operations
- Implementing safeguards and procedures to mitigate the losses
- Testing procedures to ensure they are optimized
- Reviewing the process to make sure that it is up to date
BCPs are an essential part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And companies can''t rely on insurance alone because it doesn''t cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves key stakeholders and personnel input.
At The National Football League, A Business Continuity Plan Was In Place In The Event Of A Tragic Event.
When I worked in Football Operations at the NFL, I was heavily involved on the Risk Management Team. Our team knew that the NFL had a plan if a tragic plane crash event eliminated an entire team. The plan was to have an emergency meeting involving all 32 team clubs. Team management would conduct a special draft of the existing 31 clubs, pulling enough players and staff to field a team to continue business operations for the rest of the season.
Business Continuity Plan vs. Disaster Recovery Plan
BCPs and disaster recovery plans are similar; the latter focuses on technology and information technology (IT) infrastructure. BCPs concentrate more on the entire organization, such as customer service and supply chain.
BCPs focus on reducing overall costs or losses, while disaster recovery plans look at technology outages and related expenses. Disaster recovery plans tend to involve only IT personnel'which create and manage the policy. However, BCPs tend to have more personnel trained on the potential procedures.
6 Levels Of Business Continuity Maturity
How mature is your organization when it comes to business continuity? Does your business continuity management (BCM) program crawl, walk, or run? From self-governed to synergistic, we have identified six levels of BCM maturity that most companies fall into.
Levels 1-3 represent organizations that still need to complete the necessary program basics to launch a sustainable enterprise business continuity management program.
Level 1 '' No real plan in place. A wait-and-see approach.
Individual business units and departments can organize or implement their business continuity or disaster recovery efforts. The state of readiness for disruptive events is low across the business enterprise. The business or individual department reacts to disruptive events when they occur. No actual planning is involved: business continuity recovery is reactive rather than proactive.
Level 2 '' Departmental: The one and only'you''re in a class alone!
At least one business unit gets it. You have reached Level 2 of BCM maturity if at least one department or business unit has initiated efforts to establish management awareness of the importance of business continuity. A few functions or services have developed and maintain business continuity plans within one or more business continuity disciplines, such as:
- Incident reporting
- Technology protection
- Security mandates
- Business continuity
At Level 2, your organization has at least one internal or external resource assigned to support the business continuity efforts of the participating business units and departments. The state of preparedness may be moderate for participants but remain relatively low across most of the company. Management may see the value of a BCM program, but they are unwilling to make it a priority at this time with minimal executive buy-in.
Level 3 '' Cooperative: Moderate preparedness, but on its way to full maturity.
Participating business units and departments have instituted a sophomoric program, mandating at least limited compliance to standardized BCM policy, practices, and procedures to which they have commonly agreed.
- A BCM program office or department has been established, which centrally delivers BCM governance and support services to the participating departments and/or business units.
- Still lacking executive buy-in; senior management has not committed the enterprise to a BCM program.
Levels 4-6 represent a definite plan for a maturing enterprise BCM program. If your business achieves Level 4, you are compliant with most standards.
Level 4 '' Standards in place: You have climbed to early BCM maturity adulthood.
Congratulations! Your management has arrived on the scene and is committed to the strategic importance of an effective BCM program throughout the organization. In addition, there is an enforceable, practical BCM policy that adopts structure, including procedures and tools for addressing all four business continuity disciplines:
- Incident reporting
- Technology protection
- Security mandates
- Business continuity '
Level 5 '' Integrated: Almost there!
At Level 5, the company meets all of the requirements of Level 4 that are now implemented throughout the company, adopting continuous quality improvements.
All business departments have completed tests on all elements of their business continuity plan, including their internal and external dependencies.
- Planned methods have proven to be effective.
- Management has bought into crisis management exercises.
- A communications and tracking system exists to sustain a high level of business continuity.
Level 6 '' Synergistic: You have reached BCM nirvana!
You not only conquered levels 4 and 5. You own it! As official business continuity gurus, you have:
- Sophisticated business protections are in place and tested successfully.
- Innovative procedures, practices, and technologies are working and functional in the BCM program.'