Business Continuity Management

5. Business Continuity Management: Plans And Process

Plan development is one of the most important parts of business continuity management implementation (stage 3 of the business continuity management process). Without workable plans the process will certainly fail. Plans are needed on three levels, detailed below.

Level 1

At the highest level a crisis management process and plan is needed. This plan will be supported by other plans as necessary including:

  • Damage assessment plan
  • Salvage plan
  • Public relations plan
  • Vital records plan

These are used to identify and respond to a service disruption, to ensure the safety of all affected staff members and visitors and to determine whether to implement the business recovery process.

Level 2

This should include key support functions, for example:

  • Accommodation and services plan
  • Computer systems and network plan
  • Telecommunications plan
  • Security plan
  • Personnel plan
  • Finance and administration plan

Level 3

Each critical business area is responsible for the developing a plan to show individuals in recovery teams and a detailed task list for the recovery process. The owners of each plan must ensure that they have identified and agreed support and services required from other parties.


There are many options for developing plans including traditional word processing documents, database packages or specialist planning and plan development tools. Plans must be easily accessible and distributed to all personnel who have a part to play in a recovery. A useful tip is to create single crib sheets for each team. These might include:

  • Who owns the plan and who is responsible for updating it
  • General responsibilities
  • Assembly points and incident control centres, where applicable
  • Departmental strategy
  • Members of the recovery team and alternative contact details
  • Other useful contacts
  • Facilities to be provided at the recovery site
  • Action list
  • How to get to the recovery site

The IT recovery plan must contain all information needed to recover the computer systems, network and telecommunications in a disaster situation. It must also contain details of how lost data can be recovered and reconciled and how systems can be realigned. The plan should include:

  • Systems and applications restoration procedures
  • “Run-books” detailing the order of recovery of applications and data
  • Business-driven data reconciliation
  • Data integrity checking
  • Security permission
© Crown Copyright. URN 05/625; 01/05
1 2 3 4 5 6 7 8 9 10 11 12 13 14

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>