10 Characteristics of a Good Business Continuity / Disaster Plan
World Class CIOs typically have all of these in place.
Most organizations have a Business Continuity / Disaster Recovery plan - but how can you recognize a good plan from a really bad and confusing plan?
The following 10 characteristics will help you determine if it is a good plan or a not.
- Action Oriented - If people are expected to follow and execute plan activities, it must be action oriented with activities and deliverable clearly defined.
- Assigned Roles & Responsibilities - If specific actions are to be taken by someone, then it should state who is responsible for it - and if they are not available, who the alternate/backup person is.
- Comprehension - When a disaster strikes, peoples thoughts can run away from them, so any instruction shave to be short simple and right to the point.
- Minimal Background Material - Any background material should be kept in a single over-arching BCM program document that outlines how strategies are executed and managed.
- Not Everything to Everyone - It should not contain duplicate information that already exists in another plan. Too much information is just as bad as not enough information in a disaster; people become overloaded with information and they cannot process it correctly or in a timely manner.
- Maintained - If the plan is years old and has not been maintained, reviewed or updated it probably doesn't contain the best information you need.
- Available - A plan can sometimes be used by someone who didn't write or contribute to it but they're still going to have to know where it is and have it available to them if they need it.
- Indexed and Cross-Referenced - The plans must be indexed and cross-reference to ensure there are no contradictions in activity execution.
- Accessible - It's one thing to distribute plans and have them located on systems but if no one can get at them, what good are they going to do.
- Recently Tested and Audited - You can add all sorts of bells and whistles to make a plan work but if the basics are not tested and do not meet compliance requirements then it is of little use.