Security Encyclopedia

Business Continuity Plan (BCP)

A Business Continuity Plan (BCP) is a documented set of strategies an enterprise will take in the event that a disaster disrupts business operations.

Also called business continuity and resiliency planning, business continuity planning focuses on what steps the enterprise will take to resume operations as it recovers from a disaster. In this planning and BCP creation, decision-makers invest considerable time and resources into analyzing disruptive scenarios and BCP material investments. Key activities include analysis of applicable scenarios, purchasing and offsite locating, and compliance with BCP laws and guidelines. A BCP is a business decision that takes into account a self-examination of tolerable risks such as maximum allowable downtime before business continuity (the stated goal) is reached.

A Disaster Recovery Plan (DRP) precedes a Business Continuity Plan (BCP). Examples of BCP steps an enterprise might take are data vaulting, retaining backup Internet Service Providers (ISPs), and having extra inventory for workstations in the event teams must work remotely.

Example:

“Mission-critical, large, or heavily-regulated enterprises have a documented BCP in place so that they can maintain some operational capacity in the event of a natural or man-made disaster.”