US Bankcard Services Industry Blog

Monday, June 13, 2011

SMB’s Assistant: Business Resumption: A Plan Part 2 of 3

Let’s suppose the worst does happen and your business is all but destroyed…even with your great business continuity plan. How do you as a merchant recover…how do your clients recover…what are the next steps? Well, here are a few simple practices that could mitigate the liability and damage when a business has to stop for a disaster and resume soon thereafter.

Business Resumption Plan(BRP) – The BRP addresses the restoration of business processes after an emergency, but unlike the BCP, lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. Development of the BRP should be coordinated with DRP (Disaster Recovery Plan) and BCP (Disaster Recovery Plan).

Basic BRP Checklist

  1. List the major functions or activities of your business or organization.
  2. Determine which activities are “time critical” business functions.
      Consider the following as they apply:
    • What functions would have to be done immediately after a business interruption? What could be postponed?
    • What are your external requirements on a day-to-day basis?
    • What do you need from outside your business in order to continue to function?
    • How could you continue to have credit card processing?
    • What are your immediate internal requirements?
    • How long can your essential business functions be inoperative?
    • Are there regulatory requirements or penalties that must be considered?
    • What is the financial impact of non-performance of a business function?
    • What are the costs to respond vs. the short-term loss of revenue?
    • Are other organizations dependent on functions that your business performs?
    • What legal or contractual liabilities would arise if the activities were curtailed or shut down?
    • What would be the public relations implications of a curtailment of your activities or a shutdown of your business?
    • Would the safety or security of personnel and property be jeopardized?
    • Which of your essential operations are dependent on computer support? (WAN, LAN, Stand-alone)
    • How long these operations could be performed without computer support?
    • List important clients and contacts internal and external
    • Identify essential operating information for vital business functions and prepare a checklist of essential records. & maintain copies of essential records off-site (PCI compliance would be handy now)
    • Determine what essential office equipment is required. Specify any special computer hardware, software, databases, networks or other technology.
    • Identify your work in progress. Determine the work flow and business impact if the identified information and work in progress were destroyed and could not be recovered.
    • Identify any work in progress for your business that is being done outside your facility.
  3. Assign a priority to each of the “time critical” activities you have identified.
    • less than one day Priority 1
    • 2 to 4 days Priority 2
    • 5 to7 days Priority 3
    • 8 to10 days Priority 4
    • more than 10 days Priority 5 etc.
  4. Develop a planning objective for each activity.
    • To be capable of answering 50% of incoming calls within one hour and 100% of calls within 4 hours of disruption.
  5. Determine the minimum needs for initial response. The ability to communicate with your employees, suppliers, customers, etc. is the key aspect to an effective initial response. And then list up all the basic needs from suppliers, partners etc.
  6. Obtain senior management approval of the essential functions, priorities and planning objectives you have identified
  7. Delegate planning assignments to the staff that carry out the essential activities on a day-to-day basis.
  8. Write a detailed plan. Consolidate all sections of the plan into a business resumption plan for your entire business. The plans for each division, department, etc. should be assembled to form the business resumption plan for your business as a whole. The restricted and confidential portions of the plan should be protected.
  9. Communicate the plan to employees.
  10. Store and keep copies of the plan in a secure off-site location away from your main office so it will not be impacted by the same event that disrupted your business operations.
  11. Test the plan. Conduct a test of the plan in a realistic fashion and with ample warning to all employees that the plan is being tested.
  12. Review business resumption plan on a regular basis. Update it to reflect changes in activities, procedures, performance, etc.

We hope that you found the above elucidating. This should get you on the right path. And in our next episode we will get a combined outline for BCP and BRP. Until then…stay prepared. To find out more about your industry and our service, please call us at 888-525-8558 or on the web visit US Bankcard Services or drop us an e-mail.