Chapter 8: BCP Policy

• The BCP policy is the framework for and governance of designing and building the BCP effort. 
• The policy outlines the BCP purpose and provides an overview of principles of the organization and those behind BCP. 
• The policy includes its scope, mission statement, principles, guidelines, and standards. 
• Steps to drawing up a policy:
• Identify and document the components of the policy.
• Identify and define policies of the organization that the BCP might effect.
• Identify pertinent legislation, laws, regulations, and standards.
• Identify "good industry practice" guidelines by consulting with industry experts.
• Perform a gap analysis. Find out where the company is in terms of continuity planning, and spell out where it wants to be at the end of the BCP process.
• Compose a draft of the new policy.
• Have different departments within the organization review the draft.
• Put the feedback from the department into a revised draft.
• Get the approval of top management on the new policy.
• Publish a final draft, and distribute the publicized it throughout the organization. 
• Business Impact Analysis (BIA):
• BIA is a functional analysis
• A team collects data through interviews and documentary sources
• BIA is used to document business functions, activities, and transactions
• BIA develops a hierarchy of business functions
• BIA steps:
• Select individuals to interview for data gathering
• Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches)
• Identify the company's critical business functions
• Identify the resources these functions depend upon
• Calculate how long these functions can survive without these resources
• Identify vulnerabilities and threats to these functions
• Calculate the risk for each different business function
• Document findings and report them to management