Categories Topics
Business Continuity Plan (BCP)

Business Continuity Plan (BCP) is part of an organization's service continuity program to ensure predictable levels of service in the event of a business disruption. Business Continuity ensures business services will be available as needed.

A Business Continuity Plan (BCP) typically would include at minimum:
  • Program Management: Roles, responsibilities and contact information for BCP participants and business process owners
  • Business Impact Analysis (BIA) that defines the criticality and priority (e.g. Recovery Time Objective in days) of each business function, based on financial, brand and regulation impact
  • Documented potential threats (e.g. earthquake, fire, flood)
  • BCP fallback and resumption procedures that are tested annually
  • Planning (e.g. BCP coordinator, fallback and resumption procedures, annual BCP testing)
  • Employee awareness and communication of BCP activities
For each critical business service, a Disaster Recovery Plan (DRP) should be documented that describes the process to fail over and restore applications, databases, and data to support the organization's BCP.  Please see topic "Disaster Recovery Plan (DRP)" for more details.

Topic Category
Business Continuity Plan (BCP)
News Articles
Ransomware Attack Strikes Pennsylvania Senate Democratic Caucuswww.tripwire.com3/6/2017
Ransomware Attack Causes County to Shut Down IT Systemwww.tripwire.com2/3/2017
GitLab database goes out after spam attackwww.infoworld.com2/1/2017
Ransomware Attack Leads LA School to Fork Over $28K in Ransomwww.tripwire.com1/10/2017
48% of UK businesses fail to back up company data at least once a daywww.scmagazine.com6/8/2016
Nasdaq Stock Exchange Goes Dark After Tech Glitchwww.wired.com8/22/2013
Forget hackers - storms and snafus are bigger threat, say infosec
S. Korea banks to segment network, establish data backupwww.zdnet.com7/11/2013
Patient data outage exposes risks of electronic medical recordswww.latimes.com8/3/2012
Backup systems ensured continuity of military networks during stormwww.nextgov.com7/2/2012
European Parliament says its website taken offline by attackerswww.networkworld.com1/26/2012
Update: BofA site outages called 'unprecedented'www.computerworld.com10/5/2011
White Papers
ENISA Annual Incident Reports 2012www.enisa.europa.eu8/20/2013
Business Continuity Policy
Guidelines for information and communication technology readiness for business continuityISO3/1/2011
NIST SP 800-184 Guide for Cybersecurity Event RecoveryNIST12/22/2016