Disaster Recovery and Business Continuity Planning - Where to start?

kukani41 · Apr 28, 2014

I have been asked by a company to look into their disaster recover and business continuity planning - they have none. Where do I start. I have taken a company through ISO 9001:2008 and became certified but unsure which standard to start looking at. Any help would be greatly appreciated.

Thanks

Sue :bigwave:

insect warfare · Apr 28, 2014

Welcome to the Cove, kukani41!! :bigwave:

I was recently referred to an excellent resource called the Business Continuity Planning Suite (formerly called COOP "Continuation of Organizational Processes") which is currently available at ready.gov. Not only does it step you through the process of creating your own BCP, it also provides for testing of the plan and contains training modules (all for free).

I have heard only good things about it so far (if that means anything), but haven't yet had a viable opportunity to construct one from scratch. Maybe it is the right tool for you...

Brian

kukani41 · Apr 30, 2014

Thanks so much Brian, I will take a look at it now

Sue
:bigwave:

Richard Regalado · Apr 30, 2014

kukani41 said:
I have been asked by a company to look into their disaster recover and business continuity planning - they have none. Where do I start. I have taken a company through ISO 9001:2008 and became certified but unsure which standard to start looking at. Any help would be greatly appreciated.

Thanks

Sue

Hi Sue. Welcome to the Cove!

What do you mean exactly by "to look into their..."? They want you to do an audit of their existing system? Or they want you to develop a BCMS?

Cheers!

Richard

Richard Regalado · Apr 30, 2014

insect warfare said:
Welcome to the Cove, kukani41!!

I was recently referred to an excellent resource called the Business Continuity Planning Suite (formerly called COOP "Continuation of Organizational Processes") which is currently available at ready.gov. Not only does it step you through the process of creating your own BCP, it also provides for testing of the plan and contains training modules (all for free).

I have heard only good things about it so far (if that means anything), but haven't yet had a viable opportunity to construct one from scratch. Maybe it is the right tool for you...

Brian

Hello Brian!

I have gone through the site quickly and found it informative for home-preparedness. But some of the information can be applied to a corporate setting as well such as the creation of an emergency kit, different types of hazards which are applicable for home and at work, how to make clean water, etc. There is also a section for Workplace Plans though not as extensive as the section for home.

All in all, an excellent source of useful information. Thank you.

kukani41 · May 1, 2014

Hi

They currently dont have any business continuity or disaster recovery planning. They want me to assess the business and put in a BCP.

Thanks

Sue

insect warfare · May 1, 2014

Richard Regalado said:
Hello Brian!

I have gone through the site quickly and found it informative for home-preparedness. But some of the information can be applied to a corporate setting as well such as the creation of an emergency kit, different types of hazards which are applicable for home and at work, how to make clean water, etc. There is also a section for Workplace Plans though not as extensive as the section for home.

All in all, an excellent source of useful information. Thank you.

Thanks Richard,

According to their web page, they claim that this BCP suite can be used for any organization, regardless of size or type. I was drawn to it particularly for its similarity to the "TurboTax" interface, which relies on your information to do most of its value-added work.

Brian

Richard Regalado · May 1, 2014

kukani41 said:
Hi

They currently dont have any business continuity or disaster recovery planning. They want me to assess the business and put in a BCP.

Thanks

Sue

Hi Sue. I would advise that when "putting in" or writing a BCP, you may want to use a framework to serve as your guide. One such framework is the ISO 22301:2012 Societal Security - BCMS (https://www.iso.org/iso/catalogue_detail?csnumber=50038). This international standard provides a systematic approach to planning, implementing, monitoring and improving your BCMS and can be used by any organization regardless of size and nature of work.

Alternatively, you may also want to look at SS 540 which is the Singapore Standard (https://www.ss540.org/) for BCM and also the NFPA 1600 Standard for Disaster and Emergency Management ((broken link removed)).

Should you decide to go for the ISO standard (which I strongly recommend), buy the standard to give you an idea of what needs to be established for a formal BCMS.

N.B. There are key activities to be performed before an organization can write a proper BCP. These activities include business impact analysis, risk assessment, risk treatment, determination of BCM metrics, etc.

In closing, there are 3 key questions that a BCM need to answer:

1. What could go wrong?
2. If things go wrong, how would it affect the organization?
3. How would the essential processes be continued after a disruption?

kukani41 · May 2, 2014

Thanks for this Richard

I wouldnt know where to start for a business impact analysis, risk assessment etc. Do you know of any good examples or templates that I could look at to get an idea of what these are?

Thanks for your help it is very much appreciated.

Sue

Richard Regalado · May 2, 2014

If you decide to use ISO 22301 as your framework, I can provide guidance and point you to reference materials and give you templates.

Richard

Disaster Recovery and Business Continuity Planning - Where to start?

kukani41

insect warfare

QA=Question Authority

kukani41

Richard Regalado

Richard Regalado

kukani41

insect warfare

QA=Question Authority

Richard Regalado

kukani41

Richard Regalado

Similar threads