Business Resumption Plans (BRP) are defined in NIST 800-34, BS 25999-1, APS 232, NFPA 1600, COBiT, HB 292-2006 and PAS 77. This plan details how the business unit can resume normal operations following recovery of their critical processes. This may be a separate document or the business may decide how to manage this at the time that critical processes are operational and the organisation has stabilised (PAS 77 refers to this process as ‘fail-back’).
While Business Continuity may necessarily involve adopting temporary measures (such as office relocation, reduction of working hours, reduction of staffing levels and/or usage of backup IT systems), business resumption is concerned with restoring operations to as near normal levels as possible.
The upheaval of relocating, changing IT systems, etc. can be as traumatic to an organisation as the BC event which invoked plans in the first place. One advantage of the resumption process is that it can be scheduled to cause minimum disruption through correct planning.
Resumption may be to the original site or to a new location (depending on the damage sustained) and will need to be treated as a work programme in its own right, utilising the information from the resource matrices to develop a programme plan for reinstating normal operations in order of priority. The plan details the sequence, parties involved and other considerations (security, various timings, intermediate measures, communication, etc).
The Office of the Chief Information Officer (US Government) states that “Development of the Business Resumption Plan should be coordinated with Disaster Recovery Plan and Business Continuity Plan”.