Business Continuity

9 Critical Business Continuity Plan Objectives

March 5, 2022

9 min read

Tracy Rock

Director of Marketing @ Invenio IT

9 Critical Business Continuity Plan Objectives

by Tracy Rock | Mar 5, 2022

Identifying your business continuity plan objectives is an important first step in creating a comprehensive plan. Putting these objectives into words serves two purposes:

It gives the plan administrators a guide to what the plan should accomplish by providing a high-level overview of the areas that must be addressed in the document as it is being created and maintained.
It gives stakeholders and other personnel a clearer understanding of the document’s purpose and scope.

By clearly defining these objectives prior to starting your business continuity planning process, you increase the likelihood that you will achieve the core goal of your plan: preparing the business for a disaster scenario to minimize downtime when such an event occurs.

Based on our experience as a business continuity services provider, we have identified 9 business continuity plan objectives that are critical for focusing your team’s energies on the activities that will create the policies and procedures that will build lasting resilience into your business operations. We recommend communicating these objectives at your project launch meeting, emphasizing them in your project communications, and listing them at the opening of your business continuity plan (BCP) document.

Business Continuity Plan Objectives Aligned to Template

To add structure to our recommendations, we have aligned these objectives with the format of the Business Continuity Plan template developed by the Ready.gov organization. Ready.gov is an organization within Federal Emergency Management Administration (FEMA) that was created to marshal the resources of FEMA and the Department of Homeland Security (DHS). It’s mission is to deliver materials to the public to improve the nation’s ability to respond to emergencies including natural and man-made disasters. This site includes a section devoted to business issues, which is where the business continuity plan template is found.

The sections of the BCP template provided by Ready.gov are:

Program Administration
Business Continuity Organization
Business Impact Analysis
Business Continuity Strategy & Requirements
Manual Workarounds
Incident Management
Training Testing and Exercising
Program Maintenance and Improvement

At the conclusion of the discussion of each of the objectives, we designate which section or sections of the plan where you can have the greatest impact on achieving these objectives. The section name is listed in italics.

9 Critical Business Continuity Plan Objectives

Objective 1: Identify Disaster Recovery Personnel

Identifying the personnel who will be staffing your disaster recovery team is one of the most important goals of your business continuity planning. Some of the questions that need to be addressed are:

Who is on those disaster recovery teams?
What are their roles?
How can they be reached in an emergency?
Who are the alternates in the event the designated primary is unavailable?

One of the most important roles in your disaster recovery organization is the crisis management coordinator. This person can also be referred to as the disaster recovery coordinator. The person is granted authority to make decisions and is responsible for initiating recovery plan protocols and directing the recovery of business operations. The coordinator is also responsible for communicating with the company’s insurance companies about policies related to disaster impacts, including the company’s cyber insurance policy, which will play an important role in mitigating the financial effect of disaster impacts on ongoing operations.

BCP Template Section: Business Continuity Organization

Objective 2: Assess Risks and Impact

Another crucial purpose of creating a BCP is identifying the various internal and external threats to your operations through a risk assessment. The results of the risk assessment will be incorporated into a business impact analysis that will specify different types of disasters that could disrupt your business and quantify the impact of each scenario: how much damage would be caused, how long the recovery would take, the cost of operational losses, and so on.

As the graphic below demonstrates, the Business Impact Analysis (BIA) lays the foundation for the remainder of your BCP. All your recovery strategies, continuity plans, and update processes derive from the work that occurs during the business impact analysis phase.

Source: Ready.gov

The purpose of the BIA is to allow companies to uncover all the linkages among internal business operations and with suppliers and customers to anticipate to the greatest degree possible what can possibly become de-linked and quantify the potential impact. In a Business Continuity Institute (BCI) article entitled, “Why the BIA Provides the Foundation Stone for Business Continuity,” the author states:

“It never fails to amaze me the labyrinth of intricate parts that goes into making up an organisation, and it can often be difficult for individual teams to understand how they contribute to the success and vision of the business. I liken it to a delicate ecosystem where everything needs to work in balance and harmony to work efficiently and effectively. When you start changing or removing parts of the organisation, whether that is through structural change or an incident, that ecosystem becomes out of balance and therefore we need to understand the impact.”

Business continuity consultants can play a constructive role in ensuring that all interactions are surfaced and discussed. As outsiders to your operations, they have an ability to pick up on linkages that employees in the system can overlook as they are simply too close to particular functions to see all potential implications for your business and customers.

One of the outcomes of the BIA is the establishment of the plan’s Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). These two metrics are defined in the following way:

RTO – The amount of time in which, following a serious event or outage, a business process and its associated applications must be restored in order to prevent a defined amount of impact.
RPO – The amount of data that could be manually recovered following the restoration of an application following a serious event or outage.

The importance of establishing these measurements lies in the fact that they are used as a basis for defining your recovery strategies. MHA Consulting, a business continuity consultant, stresses the importance of RTO and RPO concepts in guiding your recovery processes investment decisions: “Knowing them helps ensure that your strategies, implementation, and plans are neither overly aggressive (wasting resources) or inadequate (providing insufficient protection).”

BCP Template Section: Business Impact Analysis

Objective 3: Outline Existing Preventive Measures

A business stakeholder wants to know, “what are we doing to prevent ransomware situations like the one I just read about in the news?” This is another reason for your BCP. It will outline the technologies, tools, and protocols that are already in place to prevent or mitigate the effects of a disaster. Technologies for premises-based data backup and cloud services backup are included in the preventive measures analysis.

By demonstrating to all members of the business continuity organization what assets are already in place, the preventive measures analysis provides a means of gaining agreement among team members about what investments the company needs to make in additional preventative measures. Often referred to as a gap analysis, the process will build consensus amongst team members so the BCP findings can then be used as a tool to pitch executive decision-makers for the investment capital to improve business resilience.

BCP Template Section: Business Impact Analysis

Objective 4: Provide the Step-by-Step Protocols

Your plan will provide the specific procedures that need to be followed to assist in recovery. Chances are, when a disaster strikes, personnel won’t remember exactly what they’re supposed to do. Your disaster teams should have a general idea, but if needed they’ll be able to consult the document to follow the exact procedures as they’re listed.

At this point, it is important to draw the distinction between a business continuity plan and a disaster recovery plan. In our previous post on this topic, we noted that, “a comprehensive business continuity plan will actually have a disaster recovery plan built into it.” The disaster recovery plan is an element of your business continuity plan but is also a standalone document.

The disaster recovery plan includes granular instructions covering such items as definition of plan triggering events, emergency alert and escalation procedures, steps in activating emergency response teams, and team assembly points are all elements of a plan with well-constructed response protocols.

BCP Template Section: Business Continuity Strategies and Requirements

Objective 5: Identify the Location of Critical Data and Assets

One of the most important IT business continuity plan objectives is to identify where critical data and other assets are being stored. This allows recovery teams to begin recovery even if key IT personnel are unavailable. Imagine, for example, a scenario in which you had no IT workforce. There must be, at least, a footprint for other personnel or stakeholders to follow. Any confusion will significantly impede the recovery process.

An IT asset management system offers companies a way to automate tracking of assets and reduce errors resulting from out-of-date information, duplicates, inaccurate serial numbers and tag overlaps. Asset management systems also play a role in cyber security preventive measures. Without a complete asset management list, a device could be overlooked that connects to the network without virus protection or the latest patch to meet a known security threat. IT asset management systems have facilitated the tracking of the great dispersion of devices that resulted from the COVID-19 pandemic.

BCP Template Section: Business Continuity Strategies and Requirements

Objective 6: Identify Back-up Locations and Resources

Recovery teams need to know where and how to relocate operations and with what resources. Your BCP will outline the availability of any back-up office space or the procedures for securing a new space rapidly. Additionally, it will cite the availability of back-up physical resources, such as workstations and devices.

There are several different types of disaster recovery backup sites that are generally classified in one of four ways: cold site, warm site, cold site, and mobile site. These types are described below:

Cold Site – A facility with adequate space and infrastructure (electric power, telecommunications connections, and environmental controls) to support the IT systems, which may have raised floors and other attributes suited for IT operations.
Warm Site – A partially equipped office space that houses some or all of the system hardware, software, telecommunications and power sources.
Hot Site – An office space appropriately sized to support system requirements and configured with the necessary system hardware, supporting infrastructure, and support personnel that work 24 hours a day, seven days a week.
Mobile Site – A self-contained, transportable shell custom-fitted with specific telecommunications and IT equipment necessary to meet system requirements.

BCP Template Sections: Business Continuity Strategies and Requirements; Incident Management

Objective 7: Prioritize Emergency Communications

Who communicates with the client during an emergency? Who notifies the workforce? Who speaks to the media? By having a business continuity management policy in place, recovery personnel will understand their roles in both internal and external emergency communications.

One of the goals of your crisis communications plan is to help maintain calm within your workforce so all parties can fulfill their responsibilities and continue to serve customers. Disaster events can eliminate ordinary methods of communications, so alternative communications channels should be specified.

Identifying and understanding your audiences, or stakeholders, is the necessary first step in formulating your crisis communications plan. The following is a list of potential audiences:

Customers
Survivors impacted by the incident and their families
Employees and their families
News media
Community—especially neighbors living near the facility
Company management, directors and investors
Government elected officials, regulators and other authorities
Suppliers

A clear definition of who will be the spokesperson aligned to each of these audiences is necessary in order to provide speed of response and to ensure consistency of message.

BCP Template Sections: Business Continuity Strategies and Requirements; Incident Management

Objective 8: Find Weaknesses and Propose Solutions

Any holes in your continuity planning must be addressed. The BCP is as much a process as it is a static document. It’s a work in progress requiring ongoing risk assessment, identification of scenarios that would leave operations unprotected, and the development of action steps to address weaknesses that call for immediate attention.

Business continuity plan testing is an important element of keeping your plan current and responsive to changing conditions. There are four categories of testing described below:

Plan Review – Senior management and department heads analyze the Business Continuity Plan and discuss potential improvements
Tabletop Exercise/Structured Walk-Through Test – In this scenario-based, role-playing exercise, the objective is to ensure all critical personnel in your organization are aware of and familiar with the relevant portions of the BCP, as well as their role in a disaster.
Walk-Through Drill/Simulation Test – The Walk-Through/Simulation can incorporate actual recovery actions such as restoring backups, live testing of redundant systems, a simulated response at alternate locations, and actual notification and resource mobilization.
Functional/Full Recovery Test – A BCP Functional/Full Recovery Test involves a complete test of your backup systems with parallel testing (running your live and backup systems in conjunction) or a full failover test (completely transitioning operations to your backup systems).

Your testing schedule is highly dependent on such factors as company size, your pace of new equipment and upgrade installations, and the amount of turnover in your IT staff, but most business continuity professionals recommend annual testing at a minimum.

BCP Template Sections: Testing, Testing & Exercising; Program Maintenance and Improvement

Objective 9: Fulfill External Requirements

The final objective does not link to any particular section of the plan itself, but instead addresses the reality that your company may be required to provide a BCP to satisfy external requirements from regulators, vendors, and insurance companies.

As noted by the Disaster Recovery Institute (DRI), there are over 120 regulations that mandate business continuity management across a variety of industries. These are mandated by regulatory authorities and legislation such as the Financial Industry Regulatory Authority (FINRA) and the Health Insurance Portability and Accountability Act (HIPAA).

RFPs increasingly include a requirement to demonstrate an active business continuity management program and insurers will want see evidence of a BCP as a part of the underwriting process.

Conclusion

Gaining organizational commitment to achieving these critical business continuity plan objectives is a significant challenge, as business continuity leadership has to find a way to motivate employees to commit to spending time on issues that don’t contribute to achieving daily goals. Recruiting the right team, adopting a collaborative approach with participants, engaging senior management early in the process, and investing in training and certification will contribute to long-term commitment to planning success.

Learn More

As a provider of business continuity services, Invenio IT has helped clients manage through disaster incidents. To learn more about how we can put this experience to work for your company to minimize downtime from disruptive incidents, contact our disaster recovery teams at (646) 395-1170 or success@invenioIT.com.

Sign up on our blog home page to join our community of 17,000+ readers who receive our updates on topics related to business continuity, disaster recovery, data backup, and cybersecurity.

I have been working with Invenio for the past 6 years and on a consistent basis I found there support to be outstanding. The primary support representative, Dale S., goes out of his way to ensure his services are beyond my expectation.

Curtis Hill

13:52 04 Oct 22

Great Support staff all around. The system works as described. I've successfully restored a server that was blue screened by updated onboard application incompatibility.

Jeffrey Mondi

15:55 07 Jun 22

We have been working with Invenio IT for about 7 years now. They support of Datto backup system and their support is nothing but the best. They have been great helping set everything up and since then, we just monitor the backups and really have nothing to do as it has been running flawlessly. We an rare issue do occur, I can contact Dale at anytime (I mean anytime, he had answer the phone like 2 am) and he will help in anything I need, whether to spin up a virtual server when one of our production server goes down or we get an error on one of the backups and he looks into it and either resolve it or give us the solution to resolve it. Also, when we needed to upgrade our Datto system, they really go out of their way to give you the best deal which should have cost us a lot but Dale came through and we have been backing up flawlessly. Overall, Invenio IT has great support and always there when you need them. I will recommend them to anyone and I will take them anywhere I go. Thank you Invenio IT, especially to Dale Shulmistra!

Andre Glenn

15:24 03 Jun 22

Invenio IT has been very supportive and a long time vendor. They have supported our backup and recovery needs as well as provide top tier technical service whenever needed. Highly recommend!

Kevin Schnupp

16:24 02 Jun 22

Always goes above and beyond to ensure a great result. Quick responses and work completed on time and accurately. We have used Invenio IT and their Datto service numerous times to bail out customers. They always make us looking amazing and save the customer a lot of heartache. Can't ask for more!

Rajev S

19:32 01 Jun 22

I purchased my Datto backup appliance from Invenio IT (Dale Shulmistra) the best customer service rep. I've had in a while. He will go out of his way to help you in any way he can. Truly a five star!!

George Rodriguez

15:18 01 Jun 22

We've had Datto service with Invenio IT since 2015. While it's rare that we have issues, every time I need Dale's help he get's things done. It's really nice to have reliable service and one less thing to worry about these days. I would highly recommend Dale and Invenio IT.

Jimmy Rabitsch

14:20 01 Jun 22

We have been working with Invenio IT for over 3 years now. They have provided superior customer service and are very responsive. We work directly with Dale who is a pleasure to work with.

Anosh Zaveri

14:09 01 Jun 22

Invenio IT has been an exceptional business & technology partner for our company for many years. They have the best-in-class service (sales & support) and a knowledgeable teams on-staff when we need them the most. Good service; great people.

Larry Lou

14:01 01 Jun 22

Always responsive and helpful with a great team and awesome support, glad to do business with them.

Damien Russell

13:57 01 Jun 22

I worked with 3 techs previous before Darnell Johnson, the three previous were not on the same level as Darnell. His customer service and dedication to make sure all bases are covered are unmatched. 10/10

Jacob B

23:29 13 May 22

Invenio IT is the backbone for my disaster recovery solution. If I have anything wrong with my backups I am getting a call from Dale. This type of support is awesome especially when backing up 100+ servers.

Paul Gugel

02:18 24 Jan 19

Invenio IT has provided us with an excellent BDR solution in the Datto SIRIS. An enterprise-level solution at a reasonable cost, along with simplicity and ease-of-use, were a few items that helped us move to a Datto SIRIS. The only surprise was the extremely detailed level of service and support we received from Invenio IT. After 20 years of IT experience as a support professional myself, I did not expect to be surprised by the sustained, over-the-top level of support and professionalism that we received from Dale and the Invenio IT team. But I was surprised, and very happily so. Actually, I couldn't be happier!

Clyde Cornelius

15:08 07 Jun 18

The Datto Siris product works well and the web portal for management is excellent. My Invenio Rep is attentive, gets in front of issues and monitors the backup service.

Edward Caco

15:31 05 Jun 18

Great product! Great Service. I was up and running in no time.

Theodore Herrmann

21:35 04 Jun 18

I highly recommend Invenio IT to everyone. They provide amazing customer service. They are very responsive, and quick to resolve any issues or concerns. They have been a tremendous resource for several IT projects. One product / service in particular that is an absolute must is their backup services using the Datto SIRIS. This is just one example of many that has simplified my life while giving me much improved data security. I have full confidence and peace of mind knowing my data is secure and always available. By far the absolute best IT company I have ever dealt with.

Robert Bearry

19:41 04 Jun 18

I am very pleased with the Datto project and support offered at Invenio IT. The professionalism and speedy response to all of my issues have been handled impeccably. I would highly recommend their services. -Billy

William Porche

19:33 04 Jun 18

We were looking for a product which will verify the backup everyday without our intervention. For our size, Datto Alto 4 by far is the best product available on the market for the up-front and recurring price. Everyday it shows that the image backup is boot-able. We did the test by visualizing the server in the cloud and connecting seven work stations to it, and it worked flawlessly. Dale from Invenio IT was there every step of the way from purchase to install to testing. He provided exceptional service. He oriented us to Datto environment very well and is always available to answer questions. Further, every day he is monitoring the backups and ensuring the success. We are very pleased with the results. Thank you Dale!

Yogesh Mantri

21:09 24 May 18

Datto/Invenio was installmental in saving my business. The SIRS had a snapshot of beginning of the day. So I was good to go in minutes with the last backup thank you invenioIT.

Kim Zayac

16:41 03 Nov 17

We have the Datto SIRIS through Invenio IT and we couldn't be happier. Great team with exceptional customer service. Keep up the good work!

Rachel Leventhal

21:34 17 Aug 17

Invenio IT is simply awesome! I have been working with Dale for a couple of years now and the service and after sales support is great. I have submitted support requests and literally have had them resolved in under 20 minutes. That is great service!

gramfer

12:36 03 Aug 17

I have a SIRIS2 backup hardware which is an outstanding product and Invenio IT is one of the best support companies out there. They keep me informed of anything that is going on with my backups.

01:23 26 Jul 17

Quick response and good customer relationship. We been working with Invenio for over a year and it has been good results all around. Keep up the good work.

Date Kouy

20:06 20 Jul 17

Incredible professionalism from the Invenio staff. Hard working, a joy to do business with, and true innovators. This is a company that values its partnerships and will always do what's best for the customer.

Grant Brown

20:34 18 Jul 17

So... how complicated would your life be if you lost precious data files and there was no chance of recovery. Sounds scary. Yes it does. Life can be easier. You can take an associates human error of erasing or losing work or even an equipment failure that would have you work through the weekend in stride. Deploying a DATTO Sirus will protect your data locallly and in the cloud with so many easy ways to recover when the need arises. Support is excellent and reliable. Get a DATTO Sirus and rest... assured!

Ron Rizzi

20:09 17 Jul 17

Solid Datto support for our server systems. In the rare event there's been an issue, Invenio often knows before we do and has a fix ready. They are highly responsive to questions and keep our backup system.

Jason Blair

16:51 17 Jul 17

The fantastic Datto SIRIS coupled with the helpful folks at Invenio IT have let me stop worrying about my backups and disaster recovery plans to focus on more important things such as my morning coffee and keeping users from destroying the network before lunch.

Matthew Fex

16:35 17 Jul 17

Great partner to have. I recently joined the company I work for and found that they have a Datto backup system. I have never used the system and with the assistance of Dale at Invenio IT the learning curve has been an easy one. They typically let me know if something has gone wrong before I even knew it happened. Bottom line, outstanding support. I would highly recommend them for your IT services needs.

Gary Collier

16:11 17 Jul 17

Purchasing my SIRIS3 through Invenio IT has been one of the best decisions I’ve made. They always reach out to help whenever a problem arises, often before I even know there’s an issue with my backups. When my business got hit with Ransomware, I was able to restore my entire environment within a matter of hours thanks to my SIRIS3 and Invenio IT!

Gregory Carwile

16:08 17 Jul 17

The Invenio IT staff is friendly and knowledgeable! They really know everything about the Datto SIRIS

annmarie kotsianas

03:20 02 Jul 17

Can't say enough about the folks at Invenio. They are experts in business continuity and a pleasure to work with!

Michael Marlin Jr.

16:50 28 Jun 17

Invenio IT is a great organization to work with. Their consulting and managed services are exceptional are always at the leading edge of I.T. Strategy and execution, anticipating what you need before you experience an expensive order of magnitude "issue". They lead with integrity and clear down to earth communications. Highly recommended.

Leander Gillard

16:19 19 May 15

Great company medium sized organizations, handles all the management of data integrity, data redundancy/backup and all of your data management needs. I was truly lucky to have a excellent company supporting my orgazation when we did actually encounter data issues. Invenio IT was able to quickly assess and analyze the problem and then fix our issues with no down-time and little to no effect on our user base. Thank you Invenio IT.

Employment Employment

15:04 06 May 15

Invenio IT has supported my business for the past few years and I have had a great experience. The staff is knowledgeable and go out of their way to make technology simple to understand. If you are in need of a strategic (and friendly) IT partner, I would consider this company.

T. Rock

14:22 06 May 15

‹

›

Business Continuity

9 Critical Business Continuity Plan Objectives

March 5, 2022

Tracy Rock

9 Critical Business Continuity Plan Objectives

Business Continuity Plan Objectives Aligned to Template

9 Critical Business Continuity Plan Objectives

Objective 1: Identify Disaster Recovery Personnel

Objective 2: Assess Risks and Impact

Objective 3: Outline Existing Preventive Measures

Objective 4: Provide the Step-by-Step Protocols

Objective 5: Identify the Location of Critical Data and Assets

Objective 6: Identify Back-up Locations and Resources

Objective 7: Prioritize Emergency Communications

Objective 8: Find Weaknesses and Propose Solutions

Objective 9: Fulfill External Requirements

Conclusion

Learn More

How to Stop Cyber Extortion with Datto Ransomware Protection

Chaos, Lawsuits, and Lost Lives: The Crisis of Cybercrime in US Hospitals

25 Disaster Recovery Statistics That Prove Every Business Needs a Plan