Business Continuity Plan (BCP)

Business Continuity is crucial to surviving in this highly competitive world. A single downtime can cause disasters to the businesses today. Therefore, the organization has to be prepared to respond to the events that may happen in order to minimize the losses and remains viable as usual.

An effective Business Continuity Plan (BCP) must include a collection of procedures and information that is maintained in readiness for use in the event of a disaster.

What is Business Continuity Plan?

BCP primarily deals with the recovery of Services, Operations, and Systems that are able to return to acceptable service levels when disrupted by natural disasters such as Tornado, Flood, Electrical Storm, Fire, etc.


The process of restoration (i.e. returning to normal levels of services) at the site of disaster will be carried out depending on the type of disaster and the level of damage to the assets at the site, after analyzed by BCP committee and other stakeholders.

Business Continuity Life Cycle

The continuity plan must be specific and render clear action points and goals during every possible scenario. The business continuity life cycle includes components such as Identify, Analyze, Design, and Execute.


a)    IdentifySignifies the products and services that need to be delivered in relevance to the mission of the organization

b)       Analyze – Analyses the current recovery capabilities in the organization with continual tracking mechanism

c)     Design – It is the cost-effective disaster recovery tool where the minimum application and data requirements are available during a disaster

d)     Execute – With Plan, Do, Check, and Act, a model for continuous improvement, the design of Disaster Recovery plan needs to be oriented towards Business recovery

Planning Business Continuity

1.       Risk Assessment

Risk is a possible event that could cause harm or loss, or affect the ability to achieve organizational objectives. The risk is assessed by the probability of a threat, the vulnerability of the asset to that threat, and the Impact it would have if it occurred.


The process of Risk management involves in identifying action items, prioritizing, evaluating, and eventually mitigation. Risk mitigation strategies namely, Risk Acceptance, Risk Avoidance, Risk Limitation and Risk Transference play a pivotal role in Risk Management

2.       Business Impact Analysis

Business Impact Analysis (BIA) is a streamlined process, which determines and evaluates the potential effects of an interruption to critical Business operations as a result of Disaster, Accident or an Emergency.


a)      Identifying  vulnerabilities – Vulnerability is a weakness that is exposed to the threat. It can be Internet browsers, Email client programs, Web application, Antivirus and DNS software vulnerabilities, Database vulnerabilities, and configuration mismatch in networking products such as switches, routers, and firewalls, outdated security policies and procedures

b)      Analyze potential loss - Human Resources, hardware or software malfunctioning, and physical disaster damaging the security network, are few of the potential loss in an Organization.

c)       Recovery plan – Adapts Plan, Do, Check and Act (PDCA) cycle, Implementing Business Continuity / Disaster recovery plan and periodically upgrade security policies and procedure adhering to organizational goals

d)      Implementing solution – They include system maintenance i.e. applying software patches, adopt best practices in deployment i.e. use of Firewalls and access controls

e)      Document reports – Document evidence will be a blueprint adhering-to continual improvement by periodic IT security audits and Risk Assessment maintenance


 3.       Design Strategic Solution

Strategic Business Units (SBU) adapts recovery plans ensuring that there is no downtime that impacts the business.


Triggering assets

Recovery Strategy

Fire / Flood Damage of Premises,                      Loss of Systems Mirrored data center and secure workplace
Bomb Threat Denial of Access to Premises Work from home or fall back to Recovery site
Supplier Failure Loss of Systems Deploying high availability Hardware in production environment with systems falling back to recovery site and with users stationed in usual premises


4.       Measurement – Plan, Testing, and Maintenance

The objective of Business Continuity Disaster Recovery is to provide an alternate processing site and return to the primary site within a minimal time frame whenever any disaster occurs in the secured systems.

Steps in Business Continuity Recovery


It is a comprehensive approach to dealing with the Restoration (Time of Recovery) of computer systems (Data availability) with all attendant software, with full functionality, under a variety of damaging or interfering external conditions that Businesses face from time to time.


Business Continuity Plan (BCP) connects Disaster Recovery (DR) and System recovery with-in the time frame that processes should be recovered (Maximum Tolerable Outage) for uninterrupted functioning of the business. It is a combination of technology associated with business.

About Ciby Baby Punnamparambil

Ciby is a Solution Architect at Vmoksha with over 12 years of experience in the IT industry. He has in-depth knowledge and industry experience in delivering IoT embedded and Mobility solutions.

One comment on “Business Continuity Plan (BCP)

  1. Sam Li

    I love what you said about designing a strategic solution. Business continuity planning is important for the welfare of your business. If I needed such assistance, I would work with the best business in my general vicinity.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>