9. Business Continuity Plan (BCP)

Business Continuity Plan

Business Continuity Planning Process Diagram

Business Continuity Planning Process Diagram - Text Version

When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:

Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.

Identify, document, and implement to recover critical business functions and processes.

Organize a business continuity team and compile a business continuity plan to manage a business disruption.

Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.

Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.

Resources for Business Continuity Planning

Standard on Disaster/Emergency Management and Business Continuity Programs - National Fire Protection Association (NFPA) 1600

Professional Practices for Business Continuity Professionals - DRI International (non-profit business continuity education and certification body)

Continuity Guidance Circular, Continuity Guidance for Non-Federal Entities

Open for Business® Toolkit - Institute for Business & Home Safety

Business Continuity Impact Analysis

Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.

The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis. The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:

the operational and financial impacts resulting from the loss of individual business functions and process

the point in time when loss of a function or process would result in the identified business impacts

Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”

Resource Required to Support Recovery Strategies

Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.

Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:

Employees

Office space, furniture and equipment

Technology (computers, peripherals, communication equipment, software and data)

Vital records (electronic and hard copy)

Production facilities, machinery and equipment

Inventory including raw materials, finished goods and goods in production.

Utilities (power, natural gas, water, sewer, telephone, internet, wireless)

Third party services

Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.

Conducting the Business Continuity Impact Analysis

The worksheets Operational and Financial Impacts and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.

After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.

Recovery Strategies

If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis.

Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.

Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.

Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.

Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.

Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.

In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.

Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.

There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.

There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:

Shifting production from one facility to another

Increasing manufacturing output at operational facilities

Retooling production from one item to another

Prioritization of production—by profit margin or customer relationship

Maintaining higher raw materials or finished goods inventory

Reallocating existing inventory, repurchase or buyback of inventory

Limiting orders (e.g., maximum order size or unit quantity)

Contracting with third parties

Purchasing business interruption insurance

There are many factors to consider in manufacturing recovery strategies:

Will a facility be available when needed?

How much time will it take to shift production from one product to another?

How much will it cost to shift production from one product to another?

How much revenue would be lost when displacing other production?

How much extra time will it take to receive raw materials or ship finished goods to customers? Will the extra time impact customer relationships?

Are there any regulations that would restrict shifting production?

What quality issues could arise if production is shifted or outsourced?

Are there any long-term consequences associated with a strategy?

Resources for Developing Recovery Strategies

Professional Practices for Business Continuity Professionals - DRI International (non-profit business continuity education and certification body)

GSA's Recommended Methodology for Securing Alternate Facilities and Worksheet - U.S. General Services Administration

The Telework Coalition (America’s leading nonprofit telework education and advocacy organization)

Manual Workarounds

Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.

The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.

Developing Manual Workarounds

Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:

Internal Interfaces (department, person, activity and resource requirements)

External Interfaces (company, contact person, activity and resource requirements)

Tasks (in sequential order)

Manual intervention points

Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.

Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.

 
Contact    

Iso8583 - articles


ISO8583 Converter

ISO8583 Message Converter to XML SQL CSV interface specification mapping


ISO8583 Converter creating an XML,  SQL and CSV object from an incoming TCP/IP ISO8583 binary message, and then sending it to a HTTP host as ...
ISO8583 Switch

PCI compliant with neapay switch


PCI compliant with neapay switch Steps and procedure: Configuration parameters to acheive service PCI DSS compliance   ...
Products

Trace configuration in neaPay Simulator, Converter, Switch, Authorization and Cards Issuer


Trace configuration in neaPay Simulator, Converter, Switch, Authorization and Cards Issuer ...
ISO8583 Simulator

Add extra custom fields to the ISO8583 simulator


Adding extra, custom fields to the ISO8583 simulator in 3 simple steps is as easy as running the tests: Edit the spreadsheet and save it; Edit th ...
ISO8583 Switch

Deploy the Payments Switch Router in a test environment


Deploy then neaPay Payments switch router to easily route transactions based on BIN/prefix, amount, merchant, originating or destination insytitution, ...
ISO8583 Simulator

Regression Testing in 1 click with instant Analytics and CSV report


The neaPay Payments simulator is designed from the start to follow the life of a project, and therefore, after all testing has been completed, we need ...
ISO8583 Simulator

How the fingerprint reader works in the ISO8583 payments simulator


Step by step guide to enable and disable fingerprint reading, enrollment and verification with the neapay Simulator is pretty straight forward and ass ...
ISO8583 Simulator

Run One, Run Scenario, Run All, Run Load in the neaPay ISO8583 Simulator - Use guide


neapay ISO8583 simualtor is designed to Support your project in all stages and has 4 modes are available: RunOne - runs only the selected Test Case; R ...
ISO8583 Simulator

Altering test cases in Excel for the ISO8583 simulator


When you need to customize your own test case, you need to follow some simple steps all the time.In order to obtain this, you need to alter test data ...
ISO8583 Converter

Deploy the neaPay ISO8583 Payments converter in a test environment


When you receive a delivery from neaPay for an iso8583 convertor, you will get 1 zip file.  This step by step guide will guide you through ...
ISO8583 Simulator

Sample Recommended design for an Acquirer test cases suite, Scenarios and Regression


A test suit is composed of different scenarios which follow in a functional (or another) way in order to cover the full, or as much as possible, of th ...
ISO8583 Simulator

Load Test enabling and performance testing at 1TPS and 100TPS


neaPay simulator performance testing. Simulator is requiring 0.02 seconds to send 100 transactions, every second. How to enable Load /Stress test in ...

Choose the product you need



ISO8583 Converter

Convert ISO8583 to JSON XML SQL


ISO8583 Interface

ISO8583 Interface Handler


ISO20022 Converter

Convert ISO20022 to ISO8583 ...


ISO8583 Builder

Build ISO8583 from scratch


ISO8583 Switch

ISO8583 Router by criteria


ISO8583 Authorization

Authorize cards and ledger


Payments Acquirer

Acquiring host from devices


Cards Issuing

Generate and issue cards


ISO8583 Simulator

ISO8583 HISO98 HISO87 simulator


ISO20022 Simulator

ISO20022 & SWIFT simulator


POS Simulator

POS protocols simulator


Web Api Simulator

Web API tester Performance

 

Get a free quote, Ask for details
Get help

Contact us

Try the software yourself
Download

Download software

Read Documentation and Start guides

Documentation

Online Tools Overview

Online Tools