Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - A Guide to Effective Business Continuity in Support of the Year 2000 Challenge


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Appendix N  -  Business Continuity Requirements - Definition Detailed Procedures

Process Overview

An essential element of business continuity is the determination of when and where contingency plans should be developed and implemented. The following table provides steps to assist departments in making this determination. This procedure should be applied during the "analyze" step.

Table N-1: Contingency Planning Requirements Definition Detailed Procedure
Steps Description Responsibility
1. Conduct a business impact analysis

Using the prioritized mission-critical business function list and associated asset mappings from the "Identify" step, as well as the Risk Information Sheets from the "Analyze" step, conduct a business impact analysis. Input may also be required from the Year 2000 Project/Program Office with respect to progress on assets being made Year 2000 compliant.

For each mission-critical business function:

Function Owner
  a. Has a risk been associated with the mission critical function or any of its mapped assets?
  • YES Then a contingency is required for the business function. Go to Step #2 to determine the contingency requirement details for the business function.
  • NO Go to the next question Step #1-b).
 
  b. In addition to any risk assessment information, are any assets that are mapped to the business function vulnerable to a Year 2000 failure?
  • YES Then more analysis is required to determine whether a contingency is required for the business function. Go to Step #1-c).
  • NO Then no contingencies are required for the business function/asset. Document this decision and have senior management approve it.
 
 
  c. Is the asset(s) that is considered to be vulnerable to a Year 2000 failure required (or considered a significant contributor) in delivering the business function's services/products (or delivering a minimal acceptable level of service)?
  • YES Then a contingency is required for the business function. Go to Step #2 to determine the contingency requirement details for the business function.
  • NO Then no contingencies are required for the business function/asset. Document this decision and have senior management approve it. Note: Departments need to instruct their personnel on the department's response to risk (i.e. totally risk averse, willing to accept some risks, etc.) in order to guide this exercise.
 
 
2. Develop a draft/high level contingency for the entire business function? For each business function associated with a known risk (Step 1-a) or has vulnerable assets from Step 1-c), develop a contingency plan to address a potential failure (can be total or limited to one or a combination of assets). Function Owner
  Factors to consider at this stage are:
  1. Level of functionality required to replace the minimum acceptable service level.
  2. The minimum acceptable level of functionality to replace the functionality from the asset.
  3. Are all assets in the category required or is a subset acceptable to maintain the minimum service levels required by the business function?
  4. What type of contingency will be employed: manual; semi-automated; or automated replacement.
  5. Implementation schedule:
  • When should the contingency be implemented (acquired, tested, trained, maintained, deployed)?
  • Who will do perform these activities?
  • How long is the contingency required for?
  • What will trigger the contingency implementation?
  • Cost of the contingency implementation
 
 
3. Monitor Progress Report For each mission-critical business function and mapped asset: Function Owner
  a. Is there is a concern with the Year 2000 readiness based on variance in schedule, successive slippages, etc.?
  • YES Verify the contingency plan to ensure that there exists a contingency for the asset and for the business function. If there are no contingencies, develop a contingency as per Step #2, then go to Step 3b).
  • NO Continue to monitor the environment and go to the next question Step #4 or #5.
 
 
  b. Is the concern with the progress at a threshold where the contingency should be triggered?
  • YES Implement the contingency.
  • NO Continue to monitor the environment and go to the next question Step #4 or #5.
 
 
4. Monitor Continuous Risk Management Activities For each mission-critical business function and mapped asset:

a. Are any of the identified risks materializing based on the indicators on the risk information sheets?

  • YES Implement the contingency associated with the risk.
  • NO Continue to monitor the environment and go to the next question Step #5 or #3.
 
Function Owner
  b. Have new risks been identified?
  • YES Verify the contingency plan to determine if there exists a contingency for the asset and for the business function. If there are no contingencies, develop a contingency as per Step #2, then go to Step 3-b).
  • NO Continue to monitor the environment and go to the next question Step #5 or #3.
 
 
5. Review the Verification and Validation reports (including audit reports) For each mission-critical business function and mapped asset:

a. Is there is a concern with the Year 2000 readiness for an asset or function based on the verification and validation (or audit) report.?

  • YES Verify the contingency plan to ensure that there exists a contingency for the asset and for the business function. If there are no contingencies, develop a contingency as per Step #2, then go to Step 5-b).
  • NO Continue to monitor the environment and go to the next question Step #3 or #4.
 
Function Owner
  b. Is the concern with the progress at a threshold where the contingency should be triggered?
  • YES Implement the contingency.
  • NO Continue to monitor the environment and go to the next question Step #3 or #4.