2. A dynamic process that identiﬁes and prioritizes the critical functions and the likely
threats to those functions. These management disciplines, processes, and
techniques provide business continuity for critical business functions under the
These circumstances and limits include:
● Deﬁning worst-case scenarios used for business continuity planning.
● Approving the funding and staﬃng of the company's BCP Program.
3. Business Continuity in context
Disaster Recovery - The creation & execution of plans to recover the data &
systems of an organisation
Contingency - the physical or process alternative to a single point of failure eg.
Backup generator for power failures
Operational Continuity - the alternative processes implemented during a
failure, which allow the “process” to continue, whilst relying on the
contingencies or DR Plans to restore full operations
Business Continuity - the processes by which business can be maintained to an
acceptable level until full processes and systems are restored
4. Why Should we do Business Continuity Planning (BCP)?
•To identify the organisation’s key processes
•To identify the critical underlying technology & services
•To identify the critical stakeholder relationships
•To identify the alternative approaches
•To establish a plans that can be readily and eﬀectively activated
•To provide real operational alternatives
6. Business Impact Analysis
Business Impact Analysis (BIA) process identiﬁes and evaluates the potential eﬀects (ﬁnancial,
life/safety, regulatory, legal/contractual, reputational and so forth) of natural and man-made events or
disasters on business operations
7. Four purposes of the BIA
1. Obtain an understanding of the organization’s most critical
2. Inform a management decision on maximum tolerable
outage for each function
3. Provide the resource information from which an appropriate
recovery strategy can be determined
4. Outline dependencies that exist both internally and externally
8. 7 steps of a Business Impact Analysis
1. Identify key business processes and functions
2. Establish requirements for business recovery
3. Determine resource interdependencies
4. Determine impact on operations
5. Develop priorities and classiﬁcation of business processes
6. Develop recovery time requirements
7. Determine ﬁnancial, operational, and legal impact of
10. Understanding impact criticality
Recovery Time Requirements
Maximum tolerable downtime (MTD): the maximum downtime a business can tolerate the absence or
unavailability of a particular business function. The higher the criticality the shorter the MTD is likely to be
Downtime consists of two elements: systems recovery and the work recovery time MTD = RTO + WRT.
Recovery Time Objective (RTO): time available to recover disruptive systems and resources. This is the
time you will have to get systems back up and running.
Work Recovery Time (WRT): It takes time to get critical business functions back up and running once the
systems (hardware, software, and conﬁguration) are restored.
Recovery Point Objective: the amount or extent of data loss to be tolerated. The recovery point objective
(RPO) is the age of ﬁles that must be recovered from backup storage for normal operations to resume
If maximum tolerance downtime (MTD) 3 days then Recovery time objective (RTO) must be in 1 day and
rest 2 days are for work recovery time (WRT).
11. Summary Of the
● In December Morphy Richards HQ was
● Risk Identiﬁcation
○ Threat:- Floods (weather event)
○ Vulnerability:- IT System, Data
centers,Key Machinery and
Manufacturing units, Buildings
● Synstar international kicked Morphy Richards
BCP plan into action and recover within 24
● Backup IT system were installed to run
Morphy Richards business system
● The backup was powerful enough to continue
business even after three complete weeks and
was capable to run business in the most
demanded period of the year.
12. Key Process
● Pending Orders
● Tracking in Stock Items
● IT maintenance
● Online Catalogue
● Online assistance
● Order Tracking
● Credit Card Processing
● Website Product Search Database
1. The problem has only been analysed with IT maintenance and backup.
2. If any calamity or disaster strikes it eﬀects the diﬀerent business functions
like the SCM and the diﬀerent type of BIA and eﬀectively a diﬀerent
approach to BCP has to be applied
3. BIA only deals with impact of disaster. It does not provide any insights for a
what could be a solution for it.
4. Many businesses have access to more than one facility. Hardware at an
alternate facility can be conﬁgured to run similar hardware and software
applications when needed. Assuming data is backed up oﬀ-site or data is
mirrored between the two sites, data can be restored at the alternate site
and processing can continue