Page342
Related Plans
As discussed previously, the Business Continuity Plan is an umbrella plan that contains other plans. In addition to the Disaster Recovery Plan, other plans include the Continuity of Operations Plan (COOP), the Business Resumption/Recovery Plan (BRP), Continuity of Support Plan, Cyber Incident Response Plan, Occupant Emergency Plan (OEP), and the Crisis Management Plan (CMP). Table 8.5, from NIST Special Publication 800-34, summarizes these plans.
Table 8.5 Summary of BCP Plans From NIST SP 800-34 [12].
| Plan | Purpose | Scope |
|---|---|---|
| Business Continuity Plan (BCP) | Provide procedures for sustaining essential business operations while recovering from a significant disruption | Addresses business processes; IT addressed based only on its support for business process |
| Business Recovery (or Resumption) Plan (BRP) | Provide procedures for recovering business operations immediately following a disaster | Addresses business processes; not IT focused; IT addressed based only on its support for business process |
| Continuity of Operations Plan (COOP) | Provide procedures and capabilities to sustain an organization’s essential, strategic functions at an alternate site for up to 30 days | Addresses the subset of an organization’s missions that are deemed most critical; usually written at headquarters level; not IT focused |
| Continuity of Support Plan/IT Contingency Plan | Provide procedures and capabilities for recovering a major application or general support system | Same as IT contingency plan; addresses IT system disruptions; not business process focused |
| Crisis Communications Plan | Provides procedures for disseminating status reports to personnel and the public | Addresses communications with personnel and the public; not IT focused |
| Cyber Incident Response Plan | Provide strategies to detect, respond to, and limit consequences of malicious cyber incident | Focuses on information security responses to incidents affecting systems and/or networks |
| Disaster Recovery Plan (DRP) | Provide detailed procedures to facilitate recovery of capabilities at an alternate site | Often IT focused; limited to major disruptions with long-term effects |
| Occupant Emergency Plan (OEP) | Provide coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat | Focuses on personnel and property particular to the specific facility; not business process or IT system functionality based |
Continuity of Operations Plan (COOP)
The Continuity of Operations Plan (COOP) describes the procedures required to maintain operations during a disaster. This includes transfer of personnel to an alternate disaster recovery site, and operations of that site.
Business Recovery Plan (BRP)
The Business Recovery Plan (also known as the Business Resumption Plan) details the steps required to restore normal business operations after recovering from a disruptive event. This may include switching operations from an alternate site back to a (repaired) primary site.
The Business Recovery Plan picks up when the COOP is complete. This plan is narrow and focused: the BRP is sometimes included as an appendix to the Business Continuity Plan.
Continuity of Support Plan
The Continuity of Support Plan focuses narrowly on support of specific IT systems and applications. It is also called the IT Contingency Plan, emphasizing IT over general business support.