Gartner Research

Business Continuity Planning for IT

Published: 24 March 2005

ID: G00203109

Analyst(s): Fred Cohen

Summary

Business continuity planning (BCP) is fundamental to effective operations for any enterprise. In this overview, Security and Risk Management Strategies Principal Analyst Fred Cohen describes systematic approaches to ensure that the proper level of availability is maintained across the spectrum of events that enterprises encounter.

Table Of Contents

Synopsis

Analysis

  • What Are Minimums?
  • Timeliness Issues
  • Risk Management Decisions
  • Standards-Based Approaches
  • Testing Regimens
  • Regulatory Drivers
  • Plan Update Regimens
  • Analytical Processes
  • Recommendations
    • What Standard Should Be Followed?
    • What Risk Management Process Should Be Used?
    • What Role Do Vendors Play in BCP?
    • Who Should Be in Charge?
    • Test the Plan Thoroughly and Realistically
    • Assess Time Frames for Recoveries
    • Top Management Involvement
    • Resource Requirements

The Details

  • Reasonably Anticipatable Event Sequences
  • Reasonably Manageable Event Sequences
  • Disaster Recovery vs. BCP
  • How Event Sequences Are Managed for Continuity
    • Risk Acceptance
    • Risk Transfer
    • Risk Avoidance
    • Risk Mitigation
  • ISO 17799 BCP Issues
    • General Considerations
    • BCP as a Process (ISO 17799 Section 11.1.1)
    • BCP and Risk Assessment (ISO 17799 Section 11.1.2)
    • Writing and Implementing Business Continuity Plans (ISO 17799 Section 11.1.3)
    • BCP Framework (ISO 17799 Section 11.1.4)
    • Maintaining and Assessing Business Continuity Plans (ISO 17799 Section 11.1.5)
  • How to Do All That
    • Identifying Event Sequences with Significant Negative Consequences
    • Identifying Critical Business Processes
    • Determining Thresholds for BCP Mitigation and Alternatives
    • Who Is in Charge of What, and How Does Buy-In Happen?
    • What Testing Mechanisms Should Be Used and How Often?
    • How Often Should the Plan Be Revisited?
    • How Long Can the Enterprise Be Down?
  • Other BCP Standards and Approaches
  • External Support for BCP Activities
  • Regulatory Drivers for BCP

Conclusion

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.