Skip to content

Page333

Building the BCP/DRP Team

Building the BCP/DRP team is essential for the organization. The BCP/DRP team comprises those personnel that will have responsibilities if/when an emergency occurs. Before identification of the BCP/DRP personnel can take place, the Continuity Planning Project Team (CPPT) must be assembled. The CPPT is comprised of stakeholders within an organization and focuses on identifying who would need to play a role if a specific emergency event were to occur. This includes people from the human resources section, public relations (PR), IT staff, physical security, line managers, essential personnel for full business effectiveness, and anyone else responsible for essential functions. Also, depending on the type of emergency, different people may have to play a different role. For example, in an IT emergency event that only affected the internal workings of the organization, PR may not have a vital role. However, any emergency that affects customers or the general public would require PR’s direct involvement.

Some difficult issues with regard to planning for the CPPT are how to handle the manager/employee relationship. In many software and IT-related businesses, employees are “matrixed.” A matrixed organization leverages the expertise of employees by having them work numerous projects under many different management chains of command. For example: employee John Smith is working on four different projects for four different managers. Who will take responsibility for John in the event of an emergency? These types of questions will be answered by the CPPT. It is the planning team that finds answers to organizational questions such as the above example. It should be understood and planned that, in an emergency situation, people become difficult to manage.

Scoping the Project

Properly scoping the BCP/DRP is crucial and difficult. Scoping means defining exactly what assets are protected by the plan, which emergency events this plan will be able to address, and finally determining the resources necessary to completely create and implement the plan. Many players within the organization will have to be involved when scoping the project to ensure that all portions of the organization are represented. Specific questions will need to be asked of the BCP/DRP planning team like, “What is in and out of scope for this plan?”

After receiving C-level approval and input from the rest of the organization, objectives and deliverables can then be determined. These objectives are usually created as “if/then” statements. For example, “If there is a hurricane, then the organization will enact plan H—the Physical Relocation and Employee Safety Plan.” Plan H is unique to the organization but it does encompass all the BCP/DRP subplans required. An objective would be to create this plan and have it reviewed by all members of the organization by a specific date. This objective will have a number of deliverables required to create and fully vet this plan: for example, draft documents, exercise-planning meetings, and tabletop preliminary exercises. Each organization will have its own unique set of objectives and deliverables when creating the BCP/DRP depending on the organization’s needs.

Executive management must at least ensure that support is given for three BCP/DRP items:

  1. Executive management support is needed for initiating the plan.
  2. Executive management support is needed for final approval of the plan.
  3. Executive management must demonstrate due care and due diligence and be held liable under applicable laws/regulations.