Step 1: Business Analysis
The purpose of the first step is business analysis. This goes far beyond a simple analysis of your network infrastructure. It also includes the following:
1. An understanding of all processes that make your business function, including how those processes work together to produce business outcomes. The identification of vendors and other business partners whose contributions to your operation are critical for product and service delivery. Include why and in it what manner you interact with each entity.It’s also important to record contact information as well as the existence of agreements that contain clauses dealing with interruption of deliveries, service, support, payments, etc.
2. A thorough understanding of your information processing infrastructure.It isn’t enough to understand your internal network. You must also understand how your network interfaces with those of your customers, banks, and suppliers.Your infrastructure assessment must include all required workstations, servers, storage devices, backup/restore systems, and communication services.
3. An understanding of which people are critical to your business. These individuals are often not on your management team. Rather, they are the people who work in the trenches every day. Their understanding of how to get work done is a key element in maintaining business continuity. Additional information about them, and the tasks they perform, includes:
- The existence of cross-training to ensure more than one person can adequately perform business critical tasks.
- An assessment of how to maintain business continuity if key people are unable or unwilling to participate in recovery operations.
4. The identification of vendors who will assist with your recovery. They might include:
- Computer hardware and software vendors
- Recovery site vendors
- Communication vendors
5. The creation of a contact list including all key employees. Contact information should include:
- Home address
- Home phone
- Cell phone
6. An assessment of all key support services, including:
- Voice communication
- Fax services
- Shipping and receiving
Upon completion of the analysis step, you should have a clear view into the people, processes, and technologies necessary to continue delivering product and services. As we move to the next BCP step, we begin assessing the risk associated with the full or partial loss of one or more of them.