Treasury Board of Canada Secretariat
www.tbs-sct.gc.ca
Common menu bar links
Breadcrumb Trail
Institutional links
Chief Information Officer Branch
IT Project Review and Oversight
Enhanced Management Framework
ARCHIVED - A Guide to Effective Business Continuity in Support of the Year 2000 Challenge
This page has been archived.
Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
5.0 Plan
In order to establish a yardstick against which a department's progress in implementing business continuity can be measured, plans must be developed and implemented. Failure to develop these plans may significantly affect the department's preparedness in dealing with possible crises.
5.1 Process
Note: Risk planning is based on the SEI "Plan" process [CRM Guidebook, Chapter 6, Page 53].
With the first three activities completed, departments can then develop plans to address the risks and ensure their preparedness to ensure business continuity. The two plans that need to be developed are:
- Risk Action Plan. This plan will address known risks and develop specific strategies to address the risks; and
- Business Continuity Preparedness Plan. This plan address all the components required to respond and recover from a crisis. It addresses both compliancy and business continuance contingency plans developed for specific risks or events; crisis scenarios to link possible risk events; crisis response plans, and business resumption plans.
These plans should be developed by members of the governance structure assigned to the areas of the business continuity process (i.e. risk action plan, contingency planning, crisis management, and business resumption).
The process to be implemented consists of providing the information identified in the corresponding templates and, more importantly, mobilizing the resources to implement the plans.
More specifically, the objective of the Risk Action Plans is to determine what actions should be taken, if any, to mitigate the identified risks. Risk action planning answers the following questions:
| Question | Explanation |
|---|---|
|
Responsibility must be assigned for each risk item |
|
An approach or strategies to deal with the risk item must be developed |
|
The scope and actions to manage the risks must be determined |
The resulting risk action plans must then be implemented according to the assigned responsibilities.
The objective of the business continuity preparedness plan is to address all the components required to respond and recover from a crisis. In essence, it also answers fundamental questions such as:
| Question | Explanation |
|---|---|
|
Departments must develop both compliance and business continuity contingency plans for those areas where they are exposed. |
|
Departments must attempt to anticipate likely crisis scenarios in order to develop effective responses to these events. |
|
Departments must determine what needs to be done in order to revert back to normal operations after experiencing a crisis or implementing a contingency plan. |
Both of these plans are supported by templates.
5.2 Data Flow
Figure 6 – Plan Data Flow
The following data inputs are required:
Input
| Data Input | Description |
|---|---|
| Risk Information Sheet(s) | From the "Analyze" activity containing the risk information |
| Risk Assessment Report | Contains the risk information as well as other background information such as observations or problems. |
| Business Continuity Statement of Requirements and Capability Assessment | From the "Analyze" activity, stating the requirements for contingency planning. |
Output/Deliverable
The deliverables to be developed as part of this task include:
- Updated risk information sheet(s) with the risk action plan information; and
- Business continuity preparedness plan, with crisis scenarios, contingency plans, crisis response plan and business resumption plan.
5.3 Techniques and Tools
Table 10 provides a summary of the techniques and tools used for this activity. Details of the techniques and tools can be found in the appendices.
| Activity | Techniques and Tools |
|---|---|
| Plan(s) |
|
| Develop Business Continuity Preparedness Plan |
|
5.4 Guidelines and Tips
The following are guidelines and tips that can facilitate the performance of this activity.
- Plan important risks first (those that are likely to materialize soon and have a significant negative impact);
- Plan efficiently (stay focused on the cost-benefit of the proposed plans);
- Ensure that the risk action plans address the source of the risk;
- Make sure that key stakeholders are present and provide input into the planning process;
- Implement the risk action plans in a timely manner in order to effectively deal with the risks;
- Communicate the risk mitigation strategy and risk action plans (included as part of the updated Risk Information Sheets) to the Governance Structure members; and
- The level of contingency planning should be commensurate to the level of exposure for each function (i.e. the more exposed a function is to disruption, the greater the efforts should be in the area of contingency planning).
