Compass IT Compliance Blog

Introduction to Business Continuity Planning

[fa icon="clock-o"] Jan 7, 2019 11:47:40 AM [fa icon="user"] CJ Hurd [fa icon="folder-open'] BCP, Business Continuity Planning

BCP wordcloud

This is part 1 of a 4-part series as we discuss Business Continuity Planning (BCP). We will take you through conducting a Business Impact Analysis, Plan Implementation, and BCP Testing in the coming months as part of this series.

My wife and I recently had a discussion concerning the purchase of a whole home generator for the house we just bought. Here is how that conversation went:

Wife: (read this as a woman with a high-pitched voice so you sound like my wife) “So I did some research and the generator we need is about $10K.”

Me: Mouth hits the floor… “How many Watts is that one?”

Wife: 22,000

Me: “What are you wanting to power with that? Fenway Park?”

Wife: “No, our house.”

Me: “Maybe I should rephrase for you, what are the things we can’t go without and truly need to keep powered if power is lost?

To make a long story short, she wanted everything from the coffee maker (which maybe is a necessity) to the TV, lights, stove, microwave, washer, dryer, and the bathroom so that she could still use the hair dryer. The only items we agreed on were the refrigerator, the well, the hot water heater, and the furnace. Makes sense for a family of 5, right? 

I have a lot of experience with Business Continuity Planning after doing it for over 20 years in the Coast Guard. In that life we were building and implementing a plan that ensured that no matter the situation, radio communications were up, and someone was there to answer every call. What happened if a call was missed due to a power outage or a gap in communications? Unfortunately, there was a potential for lives to be lost. Just a little pressure, right?

For that reason, Contingency plans were put in place, tested, and re-tested continuously. We set up secondary and tertiary Communications Centers fully equipped with computers, phones, and radio equipment to limit the downtime as much as possible. The Coast Guard’s motto is Semper Paratus – meaning “Always Ready”, and we were! Are you?

I have painted two very different pictures for you. One where a man’s wife wants to make sure her life operates the same today as it did yesterday, no matter what happens, and apparently, no matter the cost. Another one where lives are at stake and even the smallest interruption may have the severest of consequences. Is there a price too high to pay to ensure no call for help is missed?

Let’s talk about your organization now. Where do your needs lie for Business Continuity Planning? My guess is somewhere between the two scenarios. Have you talked about it with your employees? Would they know what to do, where to go, and who to call in the event of an outage or an emergency? What does each department need to be able to continue business operations? How long can your business withstand without certain people, functions, or tools? I am not trying to make your head spin, I promise!  Just trying to make you think.

Every industry is different and thus every business or organization has different continuity needs. A business continuity program for a supermarket may look very different from one engineered for a financial institution or government agency. Planning for something that may only happen on the rarest of occasion is difficult for a lot of people. Turn the news on for 5 minutes and you will see something that happened that certainly wasn’t planned. I don’t put my seat belt on because I am planning on getting in a car accident; I just want to put myself and my family in the best position to survive in the case that I get into one. 

Business Continuity Plans are no different. Creating a plan may not help you avoid the unwanted situation, but it will certainly help you and your organization to overcome it! Stay tuned next month for the next part in our series where we will discuss the Business Impact Analysis, what it entails, and what that means for your business. If you have any questions or want to talk to one of our security professionals, contact us and we can get a call scheduled.

CJ Hurd

Written by CJ Hurd

CJ Hurd is an IT Auditor with Compass IT Compliance. In this role, CJ works with clients across all vertical markets to help them assess their information security program and cybersecurity initiatives to identify potential weaknesses and build a plan to help them mitigate their risks. Prior to joining Compass, CJ retired from the United States Coast Guard after 21-years of service, where he was named the Coast Guards Information Security Officer of the year in 2015, 2016 and 2017 and also in 2016 was named the Department of Homeland Security’s Information Security Officer of the year.