Business Continuity Policy Statement

Introduction

The aim of preparing this business continuity plan is to minimize the disruptions to SanGrafix services during a crisis. The plan lays out what the enterprise needs to do if the normal business activities cannot be continued as a result of a disabling event like the loss of technology, theft of data, virus infection, etc. The plan realistically outlines the actions that should be taken by SanGrafix security teams, how downtime can be minimized, and also identifies the business priorities that can help make sure that in the case of a disruption, there can be an effective allocation of services.

Objectives

The objective of this BCP is to coordinate the recovery of critical assets and business functions in supporting and managing the recovery of the business in the event of their disruption or disaster strike (Savage, 2002).  That includes both short-term and long-term disastrous events or other disruptions like data deletion or unintentional modification, earthquakes, terrorism, explosions, power outage, and other natural as well as man-made disasters. A disaster is any incident that renders the organizational facilities inoperable so that it interferes with the company’s ability to offer essential business services.

The Priorities in the Event of a Disaster Situation include:

1.      To make sure there is the safety of data and assets; both human and non-human assets.

2.      To limit the damage disasters can cause to the business or to mitigate threats.

3.      To outline advanced preparations that will make sure that the critical enterprise functions can continue

4.      To have in place documented plans as well as procedures for ensuring a faster and effective activation of the plan strategies for the critical business functions.

Scope

The BCP is limited to the scope of recovery from disruptions and continuance from a major disruption in activities because of the non-availability of SanGrafix facilities. The plan incorporates the procedures for all the phases of recovery. Unless there is a modification to this plan, it does not address the temporary disruptions of the time span that is less than the one identified to be critical to the organizational operations. 

Risks Assessment

Because SanGrafix offers its services over the Web and it also uses a good number of information technology assets, it possible that the core business can be interrupted and result in a big loss to the business. The failure of the business support system can disrupt the business; therefore, it is crucial to have the mechanisms in place to handle those risks. The plan focuses on the events that have a high likelihood of occurrence.

The potential events in order of their importance include:

1.      Loss of the office buildings (e.g. through earthquake, fire among others)

2.      Loss of technology systems such as the database systems, servers, financial system, website, the data center, and the client management system.

3.      Loss of functions and applications such as email services, landlines, network and remote access, payroll, and other specialist applications.

Business Impact Analysis and Mitigation Measures

The loss of buildings will not be tolerated beyond two days as that can have a high negative impact on the business including the loss of revenue. The loss of technology systems, functions, and services will also have a big, diverse impact to the business, and it will make the business inoperational. That is because they lead to the loss of access to the data which is the cornerstone of any organizational survivability (Redman, 2008). The loss of critical information to the hackers will also tarnish the company image thereby making the clients shift to the rival companies.

Therefore, the company should backup its data to a remote location and in the case of a major disaster such as an earthquake; the services should be moved to the backup site immediately as the plans for site reconstruction commence forthwith (Lindström, Samuelsson, & Hägerfors, 2010). The disaster response team will be responsible for guiding the shift to the backup site. In case data is lost or there is a loss of services, there would be no reason to move to the alternate site, instead, the incident response team will recover the data or services as they try to establish the cause of the disruption.

Testing and Maintenance of the Plan

The users and all the response team members will need to be trained on how to handle the potential disasters to which the organization is exposed. The testing of the recovery plan will be conducted without the disruption of the business services, and it will be supervised by the incident response coordinator with the approval of the management. The major areas of the plan that will be tested include the network recovery capability, the database recovery capability, and the batch processing capability. The testing will help to highlight the weaknesses as well as the status of the update of the BCP (Pitt & Goyal, 2004).  The testing of the plan will be done twice a year. The business continuity coordinator will have the responsibility of maintaining the plan. He/she will be distributing the plan to the owners periodically for review and updating.

References

Lindström, J., Samuelsson, S., & Hägerfors, A. (2010). Business continuity planning methodology. Disaster Prevention and Management: An International Journal, 19(2), 243-255.

Pitt, M., & Goyal, S. (2004). Business continuity planning as a facilities management tool. Facilities, 22(3/4), 87-99.

Redman, T. C. (2008). Data driven: profiting from your most important business asset. Harvard Business Press.

Savage, M. (2002). Business continuity planning. Work study, 51(5), 254-261.

Sherry Roberts is the author of this paper. A senior editor at Melda Research in nursing writing services if you need a similar paper you can place your order for non plagiarized essay for sale.