|
|
 |
PKI Policies and Procedures: Business Continuity Plan
The business continuity plan is a basis for PKI security standards and is stated as a requirement in the certificate policy. The business continuity plan documents policies and procedures if the business is interrupted unexpectedly. It is an internal document but can be subject to external review for audits and accreditation.
Business continuity planning is also known as business resumption planning or disaster recovery. Both of these terms, however, leave out an essential element: continuing to conduct business in the event of unexpected contingencies. It is sound business practice to have procedures that enable your organization to continue to operate, even at reduced capacity, if any event disrupts normal business. The term "disaster recovery" is often associated with IT systems, hardware, software, and networks, but too often it ignores such elements as the people needed to run certain programs and tasks. Disaster recover plans can also omit events outside the system itself, such as a demonstration or a strike. Continuity planning, using a methodologically sound framework, covers all possible contingencies and promotes ongoing communication, training, and testing to ensure the continuing effectiveness of the plan.
Business continuity planning should also include elements of critical infrastructure protection such as the threat and risk assessment.
Successful business continuity planning requires a strong understanding of the organization's purpose so that planners can focus on those functions that are essential. Business continuity planning also relies on strong and visible support from management. Planning should involve as many people at all levels of the organization as possible so that they are prepared to act on the plan when needed.
The business continuity plan template contains the following sections:
- High-level description of the steps to develop, implement, test and maintain the plan;
- Information on threat and risk assessment in the context of business continuity planning
- Checklist of elements and factors for developing and maintaining the plan.
|
|
