CommodoreGorilla1807
Business Continuity Overview [What is business continuity?]…
Business Continuity Overview
[What is business continuity?]
[Where in the world does it exist? What industries use it?]
[Why do people use it?]
[Why does this company want to use it?]
[What else…?]
Intended Audience:
[Who is this written for?]
[Who else might be reading this]
[What else…?]
Purpose
[Why does this document exist?]
[What might it be used for?]
[What would it not be used for?]
[What else…?]
Departmental Overview
Team Overview
[What roles are in this “Business Continuity” department?] [How big is the team?]
[What else…?]
Partnering Departments
[What other departments will partner with the Business Continuity department? IT? Human Resources? Security? Who else? Explain how they would partner with your department]
[What else…?]
Risk Assessments
Definition
[What is a risk assessment?]
Process
[How does this company do a risk assessment? Who does it? How often? Why?]
[What else…?]
Risk Assessment Status
[What are some of the company’s most noteworthy risks? Why are they risks?]
[What are some things that a reader might think are risks, but actually aren’t? Why aren’t they risks?]
[What else…?]
Business Impact Analysis (BIA)
Definition
[What is a BIA?]
Process
[How does this company do a BIA? Who does it? How often? Why?]
[Where do we store our BIAs? How can people access them? Where do people go if they have questions?]
[What else…?]
BIA Status
[What are some of the most important things this company does? Are they vulnerable? Why? ]
[Explain how this section is connected to the Risk Assessment section. If the Risks you listed above happened, what important processes would be impacted? What would this company do about that?]
[What else…?]
Business Continuity Strategies
[Write some bullets on this subject: What will your “philosophy” be toward addressing your Risk Assessment & BIA findings? Do you want to try to protect against as much as possible (maybe because your brand demands you have a high reputation? or because you have regulatory pressure to do so?), or take a high number of risks (because it wouldn’t be worth it to your business for some reason? why?)? Why would you take either approach?]
[What else…?]
Incident Response
[Write some bullets on this subject: What are the most important things your whole company should know about how you respond to incidents? Is there a hotline or a website people can check? Is there a way that you would notify them about details in the event of an incident?]
[What else…?]
Plan Development and Implementation
Overview
[What circumstances would result in a plan being written? A finding from the BIA? A past incident? A regulatory requirement?]
[Why do different plan types exist?]
[How are plans written? By who?]
Business Continuity (BC) Plans
[What is a BC plan?]
[Where are these plans kept? Who can access them, and how?]
Disaster Recovery (DR) Plans
[What is a DR plan?]
[Do you have critical systems that you’d most want to worry about fixing?]
[Where are these plans kept? Who can access them, and how?]
Evacuation Plans
[What is an evacuation plan?]
[Do you have one for every facility?]
[Does each facility’s evacuation plan differ, or do they all share the same qualities?]
[Where are these plans kept? Who can access them, and how?]
Incident Response Plans
[What is an Incident Response plan?]
[What kind of incidents could your company have? Airlines have plane crashes, factories have fires, offices have shootings, technology companies get hacked – what kind of incidents might you face?]
[Where are these plans kept? Who can access them, and how?]
