Business Continuity Planning (BCP) / DRP

In the industry, many service providers:

Equate BCP with DRP (Disaster Recovery Planning)
Create a BCP to sell DRP hardware and services
Fail to understand both of the strategic and tactical dimensions of business continuity planning

The BCP should leverage and ultimately enable the organization’s business strategy
May require DRP as the manifestation of the risk mitigation action, but the BCP is truly business centric (not technology or catastrophe centric)
Should be created by an objective party with no potential financial gain as a result of selling DRP hardware, software or services
Holistically consider key scenarios that could cause interruption in critical business functions, processes and tasks
Evaluating risks (probability, impact) and the corporate risk tolerance against mitigation costs and remediation strategies (it is not just about insurance coverage!)

The TSI BCP Approach is defined at both a high-level

Identify the business risks meaningful to your business with expected probabilities and outcomes
Provide our subject matter expertise relative to potential risk areas (that have not been identified)
Present methods for reducing or managing those risks

Develop strategy for addressing each of the prioritized BCP areas
Work with customers and external regulatory groups to understand and document their requirements
Discuss options, pros, cons and costs

Coordinate with internal business subject matter experts to ensure satisfactory test plans are developed
Document all test scripts
Coordinate recovery tests and document results
Review results, present findings, and recommend improvements
Develop plan for reviewing BCP on a regular basis
Ensure that BCP is incorporated into future business processes, development, and purchases