Business Continuity Plan (BCP)
Process of creating long-term strategic business plans, policies and procedures for continued operation after a disruptive event
Lists a range of disasters and the steps the organization must take in any particular scenario to return to regular operations
Plan should be reviewed and updated at least every 12 months
When major changes occur in the IT assets they need to be added to the plan
BCP is an overarching plan and contains other sub-plans
Continuity of Operations Plan (COOP)
How do we keep operating in a disaster
Crisis Communication Plan
How we communicate internally and externally during a disaster
Responsible for communicating with media
Critical Infrastructure Protection Plan
Protect and keep the critical infrastructure running
Cyber Incident Response Plan
How we respond in cyber events
Mostly performed as part of Disaster Recovery Plan (DRP)
Occupant Emergency Plan (OEP)
How to protect facilities, staff and environment in a disaster event
Safety and evacuation procedures
Business Recovery Plan (BRP)
Lists of steps we need to take to restore normal business operations after recovering from a disruptive event
Continuity of Support Plan
Focuses narrowly on support of specific IT systems and applications
Also called IT contingency plan
Crisis Management Plan (CMP)
Gives us effective coordination among the management of the organization in the event of an emergency or disruptive event
NIST 800-34: Contingency Planning
ISO 22301: Business Continuity Management Systems
ISO 27031: Advice on how to work with Business Continuity Management
Project
Has a fixed start date, end date and budget
Move an organization ahead
Operations
Tasks performed repletely (Payroll, HR, Customer Service)
Keeps the lights on is an organization
It does not move the organization ahead
BCP is considered as an project
DRP is an sub-plan of BCP