If you talk with Business Continuity Planners from different organizations, you’ll end up with a whole list of Plan types they employ. These might include Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), Crisis Management Plans (CMP), Continuity of Operations Plans (COOP), Supply-Chain Response Plans (SCP), Employee Safety, Evacuation Plans, Pandemic Response Plans, Incident Management Plans (IMP), Alternate Work Area Plans (AWP) and more.
You can find definitions in various glossaries like DRJ. Here is an attempt to make sense of plan names, in plain language, and in no particular order:
Incident Management Plan (IMP):
The IMP should be the first response plan to be invoked in any incident that causes or may lead to a disruption of business operations. The IMP addresses incident assessment, protocols to declare and invoke BCP or DR Plans, and responder team activation. In essence, the IMP contains the command & control protocols needed to manage any incident response. Some organizations refer to this type of plan as a Crisis Management Plan; most envision Crisis Management differently (see that definition below).
Employee Safety Plan:
Protecting critical assets is an important mandate for every organization. Every organization’s most critical asset is its People. Employee Safety plans focuses on the health and safety of those people in emergency situations. The simplest is an Emergency Evacuation Plan. In many instances, Employee Safety plans are owned by other operational stakeholders outside of the Business Continuity Management (BCM) program, such as Facilities, EH&S or HR Departments.
Crisis Management Plans (CMP):
A crisis management plan is typically invoked when the reputation or the ‘brand’ of the organization is somehow in peril. A CMP should address the methodology that will be used to present the public face of the organization during the ‘incident’. The crisis management plan addresses Crisis Communication, succession planning and Command & Control of information provided externally, whether by press conference, press release, social media or other means.
Business Continuity Plan (BCP):
Sometimes used interchangeably with Disaster Recovery Plans, a true Business Continuity Plan is a plan of action to respond to business operation disruptions. Business Continuity Plans ensure the continuity of critical business functions or processes whenever their operations are impacted. Whether the disruption results from a loss of people or workspace, disruption of technology or supply-chain, Business Continuity Plans should help guide those business functions through the manual or alternate procedures needed to continue critical business functions. Many organizations created a BCP for each critical business process. Some organizations create a BCP for an entire department, and some for an entire location. Many organizations focus on recovering from specific scenarios, while others plan for the disruption of critical assets (people, facilities, IT services) regardless of the scenario.
Continuity of Operations Plans (COOP):
A variant of the Business Continuity Planning process as practiced by the public sector / government organizations. Generally, COOP plans are focused on critical functions – those which, if disrupted, would cause the greatest harm to constituents.
Disaster Recovery Plans (DRP):
Disaster Recovery Planning gave rise to the entire Business Continuity industry, and many industry associations still have “Disaster Recovery” associated with their name (DRII, DRJ, for example). In current usage, a DRP documents the process of restoring critical IT Services in the event of a disaster or service disruption. The scope of a Disaster Recovery Plans can be as big as restoring a whole data center, a few vital services, or a single technology sub-system (such as a storage device or a network).
There are also plans for people to work from alternate locations, logistics support plans, supply-chain disruption plans, staffing rotation plans, remote worker (work-from-home) plans, command & control plans, site recovery plans and the list goes on. There are plans for every season and every reason.
With all the most recent operational resiliency efforts, like implementing geo-diverse business operations, replicated data centers, and diversified sourcing management, is there still a need for Business Continuity Plans? Recent events like the tsunami that hit Japan, Super storm Sandy, Hurricane Katrina, the Arab Spring, volcano eruptions and Somali Pirates expose the clinks in amour of preparation. Failing to plan is planning to fail.
Related blog:
Caution: 6 Signs of a Business Continuity Plan in Trouble
