Disaster Recovery and Business Continuity Planning - Where to start?

K

kukani41

I have been asked by a company to look into their disaster recover and business continuity planning - they have none. Where do I start. I have taken a company through ISO 9001:2008 and became certified but unsure which standard to start looking at. Any help would be greatly appreciated.

Thanks

Sue:bigwave:
 

insect warfare

QA=Question Authority
Trusted Information Resource
Welcome to the Cove, kukani41!! :bigwave:

I was recently referred to an excellent resource called the Business Continuity Planning Suite (formerly called COOP "Continuation of Organizational Processes") which is currently available at ready.gov. Not only does it step you through the process of creating your own BCP, it also provides for testing of the plan and contains training modules (all for free).

I have heard only good things about it so far (if that means anything), but haven't yet had a viable opportunity to construct one from scratch. Maybe it is the right tool for you...

Brian :rolleyes:
 

Richard Regalado

Trusted Information Resource
I have been asked by a company to look into their disaster recover and business continuity planning - they have none. Where do I start. I have taken a company through ISO 9001:2008 and became certified but unsure which standard to start looking at. Any help would be greatly appreciated.

Thanks

Sue:bigwave:

Hi Sue. Welcome to the Cove!

What do you mean exactly by "to look into their..."? They want you to do an audit of their existing system? Or they want you to develop a BCMS?

Cheers!

Richard
 

Richard Regalado

Trusted Information Resource
Welcome to the Cove, kukani41!! :bigwave:

I was recently referred to an excellent resource called the Business Continuity Planning Suite (formerly called COOP "Continuation of Organizational Processes") which is currently available at ready.gov. Not only does it step you through the process of creating your own BCP, it also provides for testing of the plan and contains training modules (all for free).

I have heard only good things about it so far (if that means anything), but haven't yet had a viable opportunity to construct one from scratch. Maybe it is the right tool for you...

Brian :rolleyes:

Hello Brian!

I have gone through the site quickly and found it informative for home-preparedness. But some of the information can be applied to a corporate setting as well such as the creation of an emergency kit, different types of hazards which are applicable for home and at work, how to make clean water, etc. There is also a section for Workplace Plans though not as extensive as the section for home.

All in all, an excellent source of useful information. Thank you.
 
K

kukani41

Hi

They currently dont have any business continuity or disaster recovery planning. They want me to assess the business and put in a BCP.

Thanks

Sue
 

insect warfare

QA=Question Authority
Trusted Information Resource
Hello Brian!

I have gone through the site quickly and found it informative for home-preparedness. But some of the information can be applied to a corporate setting as well such as the creation of an emergency kit, different types of hazards which are applicable for home and at work, how to make clean water, etc. There is also a section for Workplace Plans though not as extensive as the section for home.

All in all, an excellent source of useful information. Thank you.

Thanks Richard,

According to their web page, they claim that this BCP suite can be used for any organization, regardless of size or type. I was drawn to it particularly for its similarity to the "TurboTax" interface, which relies on your information to do most of its value-added work.

Brian :rolleyes:
 

Richard Regalado

Trusted Information Resource
Hi

They currently dont have any business continuity or disaster recovery planning. They want me to assess the business and put in a BCP.

Thanks

Sue

Hi Sue. I would advise that when "putting in" or writing a BCP, you may want to use a framework to serve as your guide. One such framework is the ISO 22301:2012 Societal Security - BCMS (http://www.iso.org/iso/catalogue_detail?csnumber=50038). This international standard provides a systematic approach to planning, implementing, monitoring and improving your BCMS and can be used by any organization regardless of size and nature of work.

Alternatively, you may also want to look at SS 540 which is the Singapore Standard (http://www.ss540.org/) for BCM and also the NFPA 1600 Standard for Disaster and Emergency Management (http://www.nfpa.org/codes-and-standards/document-information-pages?mode=code&code=1600).

Should you decide to go for the ISO standard (which I strongly recommend), buy the standard to give you an idea of what needs to be established for a formal BCMS.

N.B. There are key activities to be performed before an organization can write a proper BCP. These activities include business impact analysis, risk assessment, risk treatment, determination of BCM metrics, etc.

In closing, there are 3 key questions that a BCM need to answer:

1. What could go wrong?
2. If things go wrong, how would it affect the organization?
3. How would the essential processes be continued after a disruption?
 
K

kukani41

Thanks for this Richard

I wouldnt know where to start for a business impact analysis, risk assessment etc. Do you know of any good examples or templates that I could look at to get an idea of what these are?

Thanks for your help it is very much appreciated.

Sue
 

Richard Regalado

Trusted Information Resource
If you decide to use ISO 22301 as your framework, I can provide guidance and point you to reference materials and give you templates.

Richard
 
Top Bottom