Identify the scope and boundaries of business continuity plan. First step enables us to define scope of BCP. It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution‘s assets.
• Conduct a business impact analysis (BIA). Business impact analysis is the study and assessment of effects to the organization in the event of the loss or degradation of business/mission functions resulting from a destructive event. Such loss may be financial, or less tangible but nevertheless essential (e.g. human resources, shareholder liaison)
• Sell the concept of BCP to upper management and obtain organizational and financial commitment. Convincing senior management to approve BCP/DRP is key task. It is very important for security professionals to get approval for plan from upper management to bring it to effect.
• Each department will need to understand its role in plan and support to maintain it. In case of disaster, each department has to be prepared for the action. To recover and to protect the critical functions, each department has to understand the plan and follow it accordingly. It is also important for each department to help in the creation and maintenance of its portion of the plan.
• The BCP project team must implement the plan. After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan.
NIST tool set can be used for doing BCP. National Institute of Standards and Technologies has published tools which can help in creating BCP.