Business Continuity Planning Checklist
by Chris Day @ Fully Managed™
Posted 4 years ago
As we are often asked to participate in the business continuity / disaster recovery planning for our clients. As such, I thought I would put together a checklist of talking points to assist with the planning stages of developing such plans. Please note that this is meant as a quick overview, and is by no means complete, but it does help shed some light on the complexity and scope involved in developing a comprehensive business continuity / disaster recovery plan.
Purpose of a Business Continuity Plan
The purpose of any business continuity plan is to prepare you for extended service outages caused by factors beyond your control (e.g., natural disasters, human error, data corruption, etc.) and to restore services to the widest extent possible in the shortest time possible. The plan should identifiy vulnerabilities and suggest necessary measures to prevent such extended service outages. The plan should encompass all systems, sites and operations facilities.
Outcomes of a Well-Designed Business Continuity Plan
- Your business will be able to continue operations during and after a disaster
- You will be able to service your clients during and after a disaster
- You will maintain access to mission-critical applications and data
- You will protect your technology infrastructure investments
Checklist to Build a Business Continuity Plan
- Business Impact Analysis (BIA) - Have you identified and prioritized critical business applications?
- Scope - How comprehensive is this plan to be and when is it to be used?
- Objectives - Does this plan provide a comprehensive guide for those involved in recovery, including links to secured reference material (e.g. documentation, SOPs)?
- Assumptions - What does this plan assume is in place in order to be successfully executed?
- Definition of a Disaster - What are the different types of disasters accomodated by this plan? e.g. Power Outage, Fire/Flood, Theft, Data Corruption
- Recovery Teams - Who will be involved in the recovery process (Teams) and who will lead each of those teams?
- Invoking the Plan - Who will declare the disaster, how will notification occur, what scope of downtime would cause the plan to be invoked?
- External Communication - Who will be tasked with public relations with clients, media, regulatory agencies, government, clients, etc.?
- Data Backup - What data is backed up, how is it backed up (e.g. how often), how long is the data kept (retention), where is it stored?
- Alternate Workplace - Where are employees to go in the event of a disaster and what processes around that are required?
- "In the Event Of" Conditions - Specific steps (SOPs) to be taken in the event of specific types of events - e.g. natural disaster, fire, flood, server failure, network provider outage, etc.
- Plan Review and Maintenance - How to ensure this document is living and updated frequently? - e.g. change of key personnel
- Checklists and SOPs - Developed set of checklists which can be followed (preferably on paper)
- Diagrams and Flowcharts - Visual documentation is often preferred under times of duress
- Business Recovery Planning - System and facility operations, funding, operations recovery,