A business continuity plan is an essential document that lines out how business operations will continue after a incident or business disrupting event. This is the plan that will be followed by all high and low level individuals to ensure that business operations continue.

Getting Started

Keep in mind that your business continuity plan will be different depending on a number of factors. Following a template and adding/removing what is more applicable to your organization will make the artifact more digestible when you or your team review it in the future. This is especially the case for working with a business continuity plan as multiple individuals will need to be involved in reading and following the plan.

What to include in your Access Control Policy

When creating this artifact you should include the following areas.

• The purpose of this artifact
• The scope that includes everything that is covered by this document.
• Business Continuity Team (BCT)
• Risk Assessment and Impact Analysis
• Business Impact Analysis (BIA)
• Business Continuity Strategies
• Incident Response and Activation
• Communication Plan (Int/Ext)
• Response and Recovery Procedures
• Alternate Worksite and Resource Allocation
• Testing and Maintenance
• Plan Approval and Revisions

Each of these cover essential topics that should be defined and built by your organization. Ensuring that the proper individuals that need access to this document have that access is important to consider.

What should I stay away from

When creating an artifact try and stay away from any super technical jargon. One of the main reasons we create these documents is to have them be readable and follow-able by other individuals.

If you are creating an artifact based on a specific security framework or creating one based on compliance. It is ideal to include sections and content based on that groups requirements. Doing some reading of documentation should tell you what you should include.

Keep these documents available to your team and to the individuals that need to use or view them. Locking these artifacts up only hurts you and the people that should be using them.

Download

Need Help?

We work with a lot of companies that are unsure what they need to have in place. Identifying which technical documents you need or don't need in your organization can help you when it comes to having an audit. If you want to stay a few steps ahead when an attack happens reach out.