Wondering how you see structure of the business continuity plans in a larger company (+1500 employees)?
- one plan for each critical business area/function?
- one plan for IT recovery - including crisis mgmt plan
- one plan for building recovery - including crisis mgmt plan
- one plan for critical business recovery - including crisis mgmt plan
... ensuring all plans are aligned ??? and work together ??
THANKS for your words on this!!
Please note that department-oriented plans (e.g., IT plan, Facilities plan, HR plan, etc.) are the easiest way for mid-size companies like yours.
From our experience, the optimal structure for large companies is the following:
one top-level document called Business Continuity Plan, where you define the crisis management plan, and the general rules by which all continuity activities will abide, ensuring all plans are aligned.
separated Incident Response Plans for describing how you would respond to different incidents, covering related activities required by all areas of the organization.
recovery plans for describing how to recover each of your processes/departments/projects in case of a disruption, also covering related activities required by all areas of the organization. For IT operations this plan is commonly known as the Disaster Recovery Plan