Business Continuity & Resiliency Planning (BCRP) - New Forum

#11
I would love to get a hold of a BCP template that can be used in a medical device (preferably) or pharmaceutical setting. Does anyone have one? The only ones I've seen online are for FEMA, government, or non-industry related.

Thanks in advance.
 

Richard Regalado

Quite Involved in Discussions
#12
I would love to get a hold of a BCP template that can be used in a medical device (preferably) or pharmaceutical setting. Does anyone have one? The only ones I've seen online are for FEMA, government, or non-industry related.

Thanks in advance.
I will sanitize one and post it here.
 

john.b

Involved In Discussions
#15
greetings! been awhile. for some reason I saw an alert about this post so it seems a reasonable time to check back in.

we do have a 27001 system but the BCP's we use wouldn't be any better than the first 10 examples that come up when you Google "BCP template." so I'll recommend doing that, and also say a little more about how to apply those. it seems repetitive for people to keep saying "contents and use depends on your company, context, system or process purpose, and requirements" but that's pretty much it.

if the idea is just to get 27001, or to fill whatever other requirement, you only need to run through the actual detailed requirements and get those covered. for a system to be functional that approach is all wrong, and a non-functional system is kind of hard to maintain, so that plus covering actual function makes sense. the theory is to plan for some sort of disruption event, so the planning needs to include whatever would be required in that case in your company. general themes like maintaining emergency contacts for employees, suppliers, local support agencies, fire department, etc. tends to come up.

even if it's not a formal process or not required starting with some version of a risk assessment and business impact assessment makes a lot of sense. common sense only goes so far and ideas about themes like testing are going to work out better based on a more developed and sophisticated approach. it's not necessarily easy to consider what might go wrong at a lot of different levels, eg. to factor in things like supplier issues, and personnel or systems IT disruptions.

I was talking to a friend who works in wastewater treatment about formal process once and he complained that in his company the QA or formal process documentation was just a bunch of stuff that one guy downloaded from the internet. unfortunately developing mature, functional, relatively complete process themed content isn't a given, even when the function is clear and important. there's a tendency to keep adding more to the documents, that a 20 section process must be twice as good as one with 10 parts, and on the operational side a tendency to want to have nothing to do with all of it. I can only emphasize that keeping things (process) functional may or may not even be conceivable depending on the context but keeping them as simple and as functional as possible should be a priority.
 
Top