BCP/DRP

Considering specifically the threat of hackers and cybersecurity, the first thing you should consider is performing a business impact analysis (BIA), to identify how business services and processes would be impacted by disruptions caused by such threats.

After identifying how business services and processes would be affected, then you can start planning your BCP/DRP, considering the most impacted services and processes. According to ISO 22301, a Business Continuity Plan must contain:

• Purpose, scope, and users
• Reference documents
• Assumptions
• Roles and responsibilities
• Key contacts
• Plan activation and deactivation
• Communication plan
• Incident response
• Physical sites and transportation
• Order of recovery for activities
• Recovery plans for activities
• Disaster recovery plan
• Required resources
• Restoring and resuming activities from temporary measures

To see how a BCP compliant with ISO 22301 looks like, please access the free demo at this link: https://advisera.com/27001academy/documentation/business-continuity-plan/

This article will provide you a further explanation about BCP content:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/

This material will also help you regarding BCP content:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- How to use ISO 22301 to continue operations during the pandemic [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-iso-22301-to-continue-operations-during-the-pandemic-free-webinar-on-demand/