This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
In order to establish a yardstick against which a department's progress in implementing business continuity can be measured, plans must be developed and implemented. Failure to develop these plans may significantly affect the department's preparedness in dealing with possible crises.
Note: Risk planning is based on the SEI "Plan" process [CRM Guidebook, Chapter 6, Page 53].
With the first three activities completed, departments can then develop plans to address the risks and ensure their preparedness to ensure business continuity. The two plans that need to be developed are:
These plans should be developed by members of the governance structure assigned to the areas of the business continuity process (i.e. risk action plan, contingency planning, crisis management, and business resumption).
The process to be implemented consists of providing the information identified in the corresponding templates and, more importantly, mobilizing the resources to implement the plans.
More specifically, the objective of the Risk Action Plans is to determine what actions should be taken, if any, to mitigate the identified risks. Risk action planning answers the following questions:
Question | Explanation |
---|---|
|
Responsibility must be assigned for each risk item |
|
An approach or strategies to deal with the risk item must be developed |
|
The scope and actions to manage the risks must be determined |
The resulting risk action plans must then be implemented according to the assigned responsibilities.
The objective of the business continuity preparedness plan is to address all the components required to respond and recover from a crisis. In essence, it also answers fundamental questions such as:
Question | Explanation |
---|---|
|
Departments must develop both compliance and business continuity contingency plans for those areas where they are exposed. |
|
Departments must attempt to anticipate likely crisis scenarios in order to develop effective responses to these events. |
|
Departments must determine what needs to be done in order to revert back to normal operations after experiencing a crisis or implementing a contingency plan. |
Both of these plans are supported by templates.
Figure 6 – Plan Data Flow
The following data inputs are required:
Input
Data Input | Description |
---|---|
Risk Information Sheet(s) | From the "Analyze" activity containing the risk information |
Risk Assessment Report | Contains the risk information as well as other background information such as observations or problems. |
Business Continuity Statement of Requirements and Capability Assessment | From the "Analyze" activity, stating the requirements for contingency planning. |
Output/Deliverable
The deliverables to be developed as part of this task include:
Table 10 provides a summary of the techniques and tools used for this activity. Details of the techniques and tools can be found in the appendices.
Activity | Techniques and Tools |
---|---|
Plan(s) |
|
Develop Business Continuity Preparedness Plan |
|
The following are guidelines and tips that can facilitate the performance of this activity.