BUSINESS CONTINUITY MANAGEMENT
Links and Resources
Activation Procedures – Guidelines to aid in making a decision to activate part or all of the CO Plan, including determining who is responsible for making such decision, how the team is mobilized (activated) and the required timeframes.
Alternate Site Operations – A business continuity strategy involving pre-identification of alternative work sites that can house pre-determined staff, equipment, material, supplies, equipment, connectivity and other requirements associated with critical operations and processes. Selection of alternate work sites should be based on the critical operations and processes that must be performed, and the space and infrastructure necessary to support them.
Awareness Briefing – An option for ensuring a business continuity plan is maintained over time. This form of training/testing is considered adequate for operations and processes covered by a “Lite” BC Plan. Briefings should be conducted at least annually for management and key personnel.
Business Continuity Plan (BCP) – The formal documentation of the process of developing advance strategies and action plans to enable an organization to respond to an adverse incident, so that critical business processes resume within a pre-defined time frame, the impact of the incident is minimized, and the affected business operations are restored as soon as possible.
Business Continuity Plan (BCP) Appendices – The appendices of a Business Continuity Plan include detailed and useable aspects of the critical operations and/or processes, business continuity strategies, vital records and databases that may be needed in support of the critical operations and processes and tools that will support implementation of the BCP and specific procedures. Additionally, the details of your planning and risk analysis and other supporting background information can be appended to the BCP.
Business Continuity Plan (BCP) Template – The Business Continuity Plan Template offers a format to document and create your BCP and supporting documentation. These business cotninuityaterials, once complete, will be the tools your business or function business continuity structure will utilize to prepare for, respond to and recover from any real-life disrupting event.
Business Continuity Planning – The process used to develop advanced arrangements and procedures which enable an organization to respond to an incident in such a manner that critical operations and processes can continue without significant interruption.
Business Continuity Planning Process – A collaborative effort involving the evaluation of all critical processes, product line exposures, dependencies, interdependencies and reliance on 3rd-parties. Vital to ensuring the success of the process is collaboration with key site services, corporate and other infrastructure organizations such as Facilities, IT, Telecom, Procurement, Logistics, EH&S, Security, PR/Communications, HR and other business units or global functions.
Business Continuity (BC) Planning Team – Individuals designated by management and is responsible for developing business continuity plan(s) for the critical operations and processes identified through the initial business continuity planning.
Business Continuity Program – An ongoing program supported and funded by executive management to ensure the business continuity requirements for their critical operations and processes are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested.
Busienss Continuity (BC) Strategy – The overall business continuity strategy should establish how the business or global function intends to achieve the HP Business Continuity Operating Philosophy, and the approach that will be taken within their organization. The strategy might include a site by site, regional or common risk-grouped approach to accomplish business continuity capabilities and readiness.
Business Impact Analysis – A process that provides for the systematic and thorough identification and evaluation of critical operations and processes, prioritizes them based on risk, impact and allowable downtime, setting the foundation for mitigation opportunities and business recovery strategies.
Concept of Operations – A process that provides guidance to how the business continuity planning team operates once activated, including overview approach to critical operations and processes, business continuity and business recovery activities, meeting schedule or frequency, team coordination in-between meetings, information sharing, lists of key contact etc.
Continuity of Operations (CO) Planning (also known as Business Continuity Planning) – A holistic approach for defining and maintaining the minimum standards of risk management and developing a framework for assessing threats and addressing risks.
“Core” Business Continuity Plan – A basic plan that contains essential information including notification, coordination, communications and minimum continuity. This plan should be developed regardless of whether “Lite” or “Full” CO Plan option is selected.
Cost/Benefit Analysis – The evaluation of the ratio between the cost to implement a mitigation or recovery action and the potential reduction in revenue impact the mitigation or recovery action brings.
Critical Interdependency – Mutually dependent elements of a critical operation or process which rely on each other. It is important to evaluate all elements of an interdependent operation or process in order to fully understand the value-chain complexities (both upstream and downstream).
Critical Operations or Processes – Critical operations and processes are those that either generate or impact a significant amount of revenue or where their disruption would have serious implications for HP brand image or reputation. These critical operations or processes must be continued regardless of an event’s severity, location along the supply or value chain or duration.
Crisis Management – The overall coordination of an organization’s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, or ability to operate.
Deactivation Procedures – Guidelines and criteria for team deactivation once the situation has been resolved, and recovery is either in process or complete. Deactivation should occur once normal operations can be resumed, and verification of readiness to continue operations in the normal or newly defined fashion going forward is complete.
Detection Procedures – Guidelines to aid in making event assessment decisions and maintaining stakeholder linkages to ensure prompt notification when an event occurs. Procedures should include triggers and the process to initiate Notification procedures.
Downstream Dependencies/Interdependencies – Other HP businesses rely on parts, products or, services from the business to complete and sell their own products. An outage or interruption at either location may have an adverse revenue impact on both businesses.
Emergency – An unplanned event that can cause deaths or significant injuries to employees, customers, or the public; or that can shut down our business, disrupt operations, cause physical or environmental damage, or threaten the company’s financial standing or public image.
Emergency Response Plan – A written plan intended to address the immediate first-hour reaction and response to an emergency situation commonly focusing on reducing the severity of the incident and ensuring life safety. The plan contains procedures and designation of team members assigned the responsibility to respond to local emergency situations.
Escalation Procedures – Guidelines and criteria to aid in making decisions about event escalation to higher level management and/or the crisis management level. Procedures should define escalation process to ensure appropriate escalation manner and timeframe.
“Full” Business Continuity Plan – A plan to be developed if an organization determined that it has a few or more critical operations that either cannot be disrupted, can be disrupted for only a short duration or where there is no simple or obvious continuity strategy. This plan should include a “Core” Plan containing basic information with additional details given the complexity and extent of critical operations. It also requires detailed training, exercising and monitoring.
Incident Response – The actions taken to react to an unexpected negative event involving potential damage to the organization’s stakeholders, processes, technology, infrastructure, intangible property or brand. The incident is managed and resolved at the level closest to the event using existing structure and processes.
“Lite” Business Continuity Plan – A business continuity plan appropriate for an organization which has determined it has no critical operations and/or processes that meet organization’s definition for “critical” or has limited critical operations/processes with simple continuity solutions. This plan should include a “Core” Plan containing basic information and requires limited training and exercising.
Long Term Recovery Strategy – Long term recovery strategies are intended to address the restoration of the normal operating environment, resumption of normal operations and correction of the event’s root causes.
Minimum Acceptable Level of Operation – A determination of the minimum operating capacity for each critical business process following an outage or disaster as well as the minimum resources required to establish such levels. An operation should define its minimum acceptable operating capacity (such as minimum transactions to be conducted, minimum incoming calls to be handled, and minimum accounting transactions to be processed per hour) in order to survive and continue to operate at a minimum acceptable level to maintain delivery of products and services.
Notification Procedures – Guidelines and criteria to aid in making decisions to notify management and part of or the full Busines Continuity Planning Team about an event. Procedures should define notification process to ensure notification of appropriate personnel, required information, communication means and associated timeframe.
Operating Philosophy for Business Continuity – A guiding principle that demonstrates the HP’s commitment to ensuring seamless service and minimized disruptions to company’s business: “HP holds its Senior Leaders accountable for the development maintenance and testing of business continuity plans for their processes, operations and/or facilities. Plans should be documented and annually reviewed to ensure rapid recovery from events that could have a significant impact on performance, customer expectations or financial results.”
Operational Risks – Risks arising from uncertainty around or disruption to HP's value chain, physical assets, people and information technology. Examples include cyber terrorism, hacker attacks, computer viruses, transportation carrier strikes, unstable political climate, failure to meet regulatory requirements, long lead time to replace equipment/supplies, etc.
Physical Risks – Physical risks are those that could disrupt site, building, infrastructure systems, or infrastructure operations. Examples include fire, flood, earthquake, hurricanes, terrorism, explosions, chemical spills, and theft.
Probability Scale – The probability of a specific threat to your operations should be measured on a 1 through 5 probability scale, with 1 being the least probable (remote) and 5 being the most probable (imminent threat).
Recovery Strategies – Methods which would be used to recover critical business operations. Examples include maintaining spare equipment, using finished product in the delivery pipeline, relocating operations to an alternate building, etc.
Relocation Recovery Strategy – A relocation strategy is intended to respond to a more severe crisis or disaster possibly resulting in significant damage to buildings, infrastructure, processes, equipment and people. A relocation recovery strategy requires a step-by-step action plan for the relocation of each critical function to other site(s). This could also apply to either 1st-party or 3rd-party operations. Depending on the nature and extent of damage from the incident, a combination of restoration and relocation strategies may be appropriately employed.
Restoration Recovery Strategy – Of an impaired (degraded) or unserviceable telecommunications service or facility, action taken to repair it and return it to service. Note: Permanent or temporary restoration may be accomplished by various means, such as patching, rerouting, substitution of component parts, etc. A restoration strategy generally is intended to respond to a short term, minor to moderate incident, and involves repairing and restoring operations or processes at the location where the incident occurred. This could apply to either 1st-party or 3rd-party operations.
Risk Quantification – Measuring the financial impact of exposures to accidental loss and subsequent interruption of operations. Impact can be both quantitative (related to revenue) and qualitative (related to customer satisfaction and brand image).
Short Term Continuity Strategy – Short term continuity plans should be designed to address the steps required to ensure continuity of the pre-identified critical operations and processes that have been disrupted by the immediate problem
Site Leadership Council (SLC) – The SLC is responsible for providing leadership, governance and facilitation of site preparedness to ensure the site is adequately prepared for emergencies and disasters in order to protect HP’s people, property, reputation and continuity of operations. The SLC will ensure an integrated management response to site incidents/crises.
Tabletop Exercise – Method for testing the viability and accurateness of business continuity plans. Going through such an exercise will identify plan weakness and gaps and provide the opportunity for team members to rehearse their roles.
Upstream Dependencies/Interdependencies – Included in this category are other HP businesses with operation that rely on for the supply of parts, products, or services. An outage or interruption at either location may have an adverse revenue impact on both businesses.
Work-arounds – A business continuity strategy, which generally involves creating a way to perform certain operations/tasks in an altered manner so as to accomplish the core results required, but typically with reduced personnel and possibly different vendors/suppliers, computer/system access, tools, materials and/or supplies.
Send mail to
questions or comments about this web site.