Case Study

Drafting a Business Continuity Plan

Client Details
  • Council – Metropolitan
The Challenge(s)
  • Council has an out of date and irrelevant BCP
  • The basic backup procedures are in place but have not been tested
  • The complexity of recovering from cloud-based services
  • Lack of DR site availability
  • Limited Budget and Resources
The Solution
  • Follow an ISO 27001 ISMS approach and methodology
  • Carry out a business impact analysis and identify the key BCP requirements
  • Identifying the business risks and likelihood is a critical consideration
  • Must provide a core capability to address a Cyber Security Incidents
  • Establish current recovery capabilities; relocation of key services that need to be provided
  • Workshop DR scenarios and discuss viable practical solutions with stakeholders
  • Carry out workshops with key stakeholders (including decision makers) to make sure that everyone understands the requirements and challenges.
  • Ensure that security is maintained in a DR situation.
  • Aid include BCP requirements within the ICT Strategy.
What did we learn?
  • Building the most appropriate and efficient business continuity capability involves a large investment in time and budget. In most cases this will require careful budgetary planning which in most cases will delay the implementation.
  • Taking a practical approach and identifying the inherent capabilities within existing systems might not deliver the most comprehensive business continuity solution but it can provide partial recovery and protection to the business.