What is Business Continuity Planning?
Continuity planning is a critical component of emergency management but “continuity planning” and “emergency management or planning” are often confused in their use. Business continuity planning normally applies to the mission/business itself.
The key purpose of Business Continuity Planning (BCP) is to reduce the consequences of an extraordinary operational interruption to manageable levels; plans represent a broad scope of activities designed to sustain and recover critical system services following an emergency event. Although when and how such an event will occur is not known, the fact that future unanticipated disruptions will happen is likely. A comprehensive BCP provides a framework that establishes operating procedures to sustain critical functions when normal procedures are not possible to perform and provides a guide for the restoration of normal operations and building functions. Ultimately, an organization would use a suite of plans to properly prepare response, recovery, and continuity activities for disruptions affecting the organization’s information systems, mission/business processes, personnel, and the facility.
The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes.
The ability to prepare for, respond to, and recover from events affecting U of T operations is dependent on establishing a framework that will enable us to continue the performance of centrally-managed critical functions across a broad spectrum of emergencies and rapidly resume other functions in a timely manner.
A BCP is not a one‐time project with an established start and end date. Rather, it is a living document. It is that information and action plans in the BCP remain viable and current. The plan (local or central) should be updated and tested at least once a year.
Those reviewing the BCP, or making their own plans for local BCPs, should also be cautious of assuming that a crisis will occur in isolation; in reality, when crisis strikes, few organizations operate as effectively as they would on a “normal” day and it cannot be presumed that all resources will be available within the expected time frame.
In general, continuity plans are designed to:
- Minimize loss of life, injury, and property damage;
- Mitigate the duration, severity, or pervasiveness of disruptions that do occur;
- Achieve the timely and orderly resumption of critical functions and the return to normal operations;
- Protect critical facilities, equipment, records, and assets;
- Be executable with or without warning;
- Meet the operational requirements of the respective portfolio or division. Continuity plans may need to be operational within minutes of activation, depending on the critical function or service, but certainly should be operational no later than 12 hours after activation;
- Meet the needs of the respective portfolio or division, who may need to plan for sustained continuity operations for up to 30 days or longer, depending on resources, support relationships, and strategy adopted; and
- Ensure the continuous performance of critical functions and operations during extraordinary operational interruptions, including those such as pandemics that require additional considerations beyond traditional continuity planning.