TMC's Advisor

The Advisor is published by TMC

Audit Your Own BCP/BRP

You’ve been working from home for the past 18 months, and a lot has changed - including your office’s risk profile. If you’re like many others, your business resumption plan (BRP or BCP) lives in an “out of sight, out of mind” state, perhaps sitting in binders gathering dust on the shelf or buried in SharePoint or in a corner of a website. It’s time to blow off the dust and audit it. Here’s how to do that yourself.

By Guy Robertson

Guy Robertson is a senior planner at TMC and an instructor at the Justice Institute of BC and Langara College. He has written five books and numerous articles on corporate security and disaster planning, and offered workshops and lectures at conferences across North America and in the UK.

Planning Materials

Review your disaster planning materials to identify out-of-date, incorrect or incomplete information:

Discuss your current plan with department representatives and request their ideas for updating of the plan and adding new material.

Pay particular attention to the ways in which pandemic management and wildfire problems have been addressed. Just because your office is in an urban area you are not necessarily protected from wildfires. They can occur in a tree- lined median or nearby park.

Compliance

Review the list of your office’s compliance requirements. These might include federal, provincial and municipal government legislation, guidelines, and regulations. These regulations will include your regional and local Fire, Building, Safety and Emergency Management Codes, industry-specific regulations, and may include PCI and ISO standards for credit card processing and IT security.

Privacy

Review the list of your office’s privacy requirements. This would include provincial and federal legislation. Consider the implications of insufficient information security and unsuitable storage. Make sure that you have completed privacy impact assessments (PIAs) for your computer applications.

Head Office

The Final Step

When you have updated your BRP, set a date for testing it with a tabletop exercise. Convene in a meeting room or in your Emergency Operations Centre with or without a test facilitator. Attendees will open an envelope explaining the disaster with instructions of how they need to use your BRP to resume operations.

By the end of the exercise they will understand where the BRP failed to help them reach their objectives. Incorporate what they’ve learned into your updated plan. Schedule your next exercise.

If you’d like to comment on this article or explore these ideas further, contact me at .

This article was published in the August 2021 edition of The TMC Advisor
- ISSN 2369-663X Volume:8 Issue:4

©2021 TMC Consulting