Introduction

The bulk of your work in developing your business continuity and disaster recovery plan is complete when you get to this point. Granted, you may be reading this section through from start to finish before developing your plan (recommended) and therefore you will have none of the actual work completed. However, things move quickly in the business world and there are some of you who are doing the work as you read each chapter. Either way, this is where everything comes together. The risk analysis you performed led you into your vulnerability assessment. That data helped you develop an assessment of the impact various risks would have on your business. Finally, you took all your data and identified mitigation strategies actions you could take to avoid, reduce, transfer, or accept the various risks you found. With that, you now have to develop a plan that takes your mitigation strategies and identifies both methods for implementing those strategies, and people, resources, and tasks needed to complete these activities.

In Chapter 34, we'll go over emergency activities including disaster response and business recovery, so we'll refer only briefly to those elements in this chapter where appropriate. In Chapter 35, we'll discuss training and testing and in Chapter 36, we'll discuss maintaining the plan. All of these are elements that should be included in your BC/DR plan as well.

The plan basically needs to state the risks, the vulnerabilities, and the potential impact to each of the mission-critical business functions. For each of...