〈   Business Continuity
Business continuity at a company: theoretical underpinning

Chapter 1.2

What are the objectives of the BCP?

An organisation uses a BCP to try to ensure its preparedness, in order to respond to an unforeseen event as quickly and efficiently as possible. It often involves common-sense measures that are easy to implement. The big question that guides the creation of a BCP is: what are the specific actions that you would put in place to prepare for this type of event?

In practice, the first step in a BCP is to draw up an internal policy, i.e. a fairly short written document, which sets out the objectives of the BCP. That is because the risks will differ depending on the context, the size of the company, its activity, and so on, and therefore the responses will too. Whether, for instance, fire, computer failure, cyberattack or power outage, each risk must be assessed, each scenario (likelihood, impact) developed and specific responses considered and addressed.

The definition of objectives is the key element of the BCP. It is crucial to bring together all the stakeholders and to deliberate with them about the risks and responses. Once these notions have been qualified and quantified, you must ensure that everyone understands and accepts them in order to avoid disputes.

Then comes the definition of the RPOs and RTOs. The Recovery Point Objective (RPO) is an organisation’s maximum acceptable backup time for lost data. What data losses are tolerable? Should a backup be performed every 24 hours, every 48 hours or once a week? Meanwhile, the Recovery Time Objective (RTO) refers to the time that the company can tolerate before restarting the activity, without this compromising the survival of the organisation: invoices to be paid, legal notices to be published, and so on. Some deadlines cannot be ignored.

2023 © Trust Valley. All rights reserved.