Building a BCP

Vulnerability Assessment

• Determine those vulnerabilities (risks) that could interfere with completing critical business processes

• Evaluate all aspects of the organization, physical plant, information systems, policies/procedures, documentation.

• Determine impact of vulnerabilities on the organization

• Implement mitigation strategies…or accept risk(s).

Business Continuity Planning must be driven by the business, who has intimate knowledge of the impact of the inability to perform business processes.

Often, Comprehensive DR Plans are in place to recovery Technology Infrastructure and Application Systems, but they are not coordinated with the Business so that Critical Processes (systems) are prioritized.

Importance of Email

Impacts to be considered include things such as Health and Welfare (HIPAA), Non-Compliance, Revenue Loss, Business Reputation