The intended target group for the present document is Information Security and Information Technology experts. It focuses on how to write a Business Continuity Plan (BCP) to protect ICT or Information Security in the event of an incident which threatens their ability to provide their services to the rest of the organisation. The general overview of BCM also provides background to anyone writing a Strategy/Plan. In addition it addresses the interfaces among Business Continuity and Risk Management.
The structure of the site is not intended to be used as step by step instructions for conducting any of the activities described herein, but it is intended to provide an overview of a complete process.
The main body of the report draws on various worldwide standards, good practices and the experience of the authors to describe the main principles of Business Continuity Management. These main principles are summarised in an overview process diagram while the various standards that can be used to assist individuals in writing a BCP are illustrated in the process maps appended to the document.
Also appended to this report are two templates that will serve as a basis for the generation of an inventory of methods, tools and good practices for Business Continuity. They will be used later on to generate a survey on existing methods, tools and good practices in this field. The purpose of each template is to represent all necessary information required for the inventory entries. This information includes the main features of the methods and tools available and how they may best be used to assist an organisation in writing a BCP. Each method and tool has its own particular strengths. Accordingly the inventory compares and contrasts these tools and methods to ensure that those most appropriate to the organisation’s needs will be selected.
A GLOSSARY provides an explanation of the BC terminology used both in this document and in the standards and good practices used as a basis for this document. Where there is more than one term for the same entity it is cross-referenced.
Although the document appears to be aimed at larger organisations with separate ICT and IS departments, and several sites, it is equally relevant for firms defined as Small to Medium Enterprises (SMEs). Their plans will obviously be simpler since the roles and responsibilities and membership of the Operational Team may well amount to a single person rather than several individuals. Some plans may also be combined and sections irrelevant to the organisation deleted.