Continuity of Operations Plan

(OBJ 3.4)

Continuity of Operations Plan (COOP)

• Ensures an organization's ability to recover from disruptive events or disasters
• Requires detailed planning and forethought

Key Terms

• Business Continuity Planning (BC Plan)
  • Plans and processes for responding to disruptive events
  • Addresses a wide range of threats and disruptive incidents
  • Involves preventative actions and recovery steps
  • Can cover both technical and non-technical disruptions
  • Includes primary, secondary, and tertiary actions in case of a disruption
  • A BCP will be used for any disruptive event or any kind of response to a given threat
    • From malware to environmental disasters
  • Example:
    • Switching to backup credit card processors to maintain payment processing during a disruption may become a part of BCP
    • The need for remote work in a business affected by protests, which are beyond technical issues, may be included in BCP
• Disaster Recovery Plan (DRP)
  • Focuses on plans and processes for disaster response
  • Subset of the BC Plan
  • BCP and DRP differ only in the type of event to respond to
  • Focuses on faster recovery after disasters
    • How to resume operations more quickly after a disaster
    • What can an organization do to continue operations during disasters?
  • DRP may include cloud-based solutions
  • Addresses specific events like hurricanes, fires, or floods
  • Example:
    • Spreading all of our services across multiple AWS regions and availability zones.
    • Split staff across different locations (shifting operations)
      • Philippines team and U.S. team.

Strategies for Business Continuity

• Consider alternative locations for critical infrastructure
• Distribute staff across multiple geographic regions
• Use cloud services to maintain operations during disasters

The Role of Senior Management

• Senior managers are responsible for developing the BCP/DRP
• Goals for BC and DR efforts should be set by senior management
• Appoint a Business Continuity Coordinator to lead the Business Continuity Committee

Business Continuity Committee

• Comprises representatives from various departments (IT , Legal, Security, Communications, etc.)
  • BCP/DRP covers everything in the business so the committee must comprise people from across the organization
• Determines recovery priorities for different events
• Identifies and prioritizes systems critical for business continuity

Defining Scope

• Define the scope of the BCP/DRP to prevent scope creep
  • Senior management decides the plan's scope based on risk appetite and tolerance
  • Can be broken down by business function or geographical area
  • All components must be coherent and compatible for crisis situations