2 1.1 Business Continuity Planning
plan should be very clearly stated. The plan should include a general time-
line or some other relevant schedule of activity information. There should
be a section describing key outcomes and benefits expected when the plan is
executed. Allocated budget information (often allocated by activity) is
important and should be included. A table of resource requirements is a
critical component of the plan. Since resource allocation may be dependent
on contracts, the specific details of all pertinent contracts should be
included in the plan. A section discussing the various risks and issues
should be a part of the plan. Finally, it is the responsibility of the plan
owner to provide details of distribution and storage (showing how people
will get a copy of the plan so that they can take the appropriate action).
Business continuity (BC) refers to the ability of a business to maintain
continuous operations in the face of disaster [1]. How does one plan for that?
Why plan for a disaster when the chances are so remote? We live in an age
where environmental disasters are almost commonplace. They probably
always have been commonplace, but with the instantaneous news reporting
we have become accustomed to, it is not uncommon to hear of a typhoon
striking the Japanese coast, a forest fire raging out of control in the western
section of the United States, extreme flooding in Europe, and earthquakes
in Turkey—all in the same week! The devastating tsunami that hit South-
east Asia in late December 2004 is one of the most recent examples of why
business continuity planning is so necessary. What is often not mentioned
in the news is the havoc that is wreaked on the businesses and organizations
that have to cope with the aftermath of such disasters.
1.1 Business Continuity Planning
Business continuity planning and disaster recovery planning are subsets of a
more wide-ranging discipline: business contingency. Business contingency
is the practice of formally preparing for variations in the business environ-
ment. These variations can be of any kind, but the primary aim of business
contingency planning is to ensure the survival of an organization by prepar-
ing for, reacting to, and adjusting to those variations.
Business continuity is a subset of business contingency targeted specifi-
cally at measures required to ensure that business processes can be main-
tained under adverse, sudden changes (crises). Disaster recovery planning
is a subset of business continuity—it focuses on extreme examples of busi-
ness interruption (disasters). Another subset to business continuity, known
as continuous availability, has emerged since organizations have become
dependent on technology. This discipline emerged because if an organiza-