Suite of documents

Published under Risk Management

The suite of documents comprising the BCP will vary from organisation to organisation, but it is recommended that the following plans be considered. In smaller organisations these plans might be combined into one, but in larger organisations they will probably either exist as separate entities or some of the plans may be combined together.

Incident Timeline
Purpose of Plan
Used by
Incident Response Plan
To manage the immediate aftermath of an incident, including evacuation, liaison with the emergency services and health, safety and welfare of the staff and public
Incident Response Team
Incident Management Plan
To centrally manage the incident and ensure that the teams effecting recovery are equipped with their critical resources
Silver Team
Business Recovery Plans
To provide the teams who are recovering their critical processes, with the necessary action lists, information, procedures and contact details
Bronze Teams
Recovery Support Plans
• HR Plan
• Facilities Plan
• Health and Safety Plan
To provide the teams who have specialist roles in an incident with the necessary information and procedures to be able to support the bronze recovery teams
Bronze Teams
IT Service Continuity Plan
Recovery and Resumption
To detail the actions that ICT and IS should follow in order to restore the critical components to the critical processes within the agreed component RTOs and RPOs
ICT and IS
Communications and Media Plan
Response, Recovery and Resumption
This plan contains all the information necessary to enable the Communication and Media Team to communicate accurately and effectively with the staff, customers, public, suppliers and media
Gold, Silver and Bronze Teams
Business Resumption Plan
This plan details the procedures to follow to bring the organisation back to normal. It may be one plan or a series of plans and could include long term project plans
Gold, Silver and Bronze Teams

A further illustration of the relationship between the plans comprising the BCP and the phases of recovery are shown in the diagram below.

Relation the constituent plans in the BCP

When BC is introduced into an organisation one of the results is the production of a number of documents, not all of which are necessarily included in the BCP (e.g. a number of policies and procedures such as HR policies). The BCP can be used in isolation to effect recovery in the event of an incident affecting the organisation but in reality it interacts with other documents in the areas of Risk Management, Information Security, HR/Health and Safety policies and ITSC.

The following diagram shows the relationship between the potential plethora of documents and their relative ownership.

Relationship of BC/Risk/ITSCM/ISMS documents 

Some of the documents and processes already in place will require modification as different information is required e.g. HR will need next of kin information with current contact details, this system will require change management process to ensure the information is current, an information security policy to ensure that it is not widely accessible and BC to ensure that the information is available during an incident involving the information repository.

The details of the interfaces between these programmes (ISMS, ITSCM, BCM, RM) is dependent on the organisation and method of implementation.

Design BCP not only comprises a whole suite of documents, but further work is required to enable delivery and successful adoption of the plan. In this stage some consideration should be given to:

  • How the BCP will be distributed (paper, electronic, intranet, z-cards);
  • How the training will be delivered (e-learning, classroom learning, scenario exercises);
  • How awareness of the plan will be raised (lunch n' learn, company newsletter articles, intranet, questionnaires).

These elements influence the way the plans are written and delivered, therefore it is important to give some thought to them at this stage.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies