CONTEXT DEFINITION
It defines the company's Business Continuity policy, its scope, stakeholder expectations, roles, responsibilities, delegations, and competencies. It also defines both internal and outsourced processes and the related responsibilities.
BUSINESS IMPACT ANALYSIS (BIA)
It defines business continuity priorities and requirements, the process of analyzing activities and the effects an interruption could have on them, and allows for prioritization of the recovery of critical processes by defining the Maximum Tolerable Period of Disruption (MTPD). Threat Analysis, on the other hand, promotes understanding of the risks related to critical processes, their dependencies, and the potential consequences of an interruption.
These activities form the basis on which Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are defined during the design phase, and on which business continuity strategies and tactics and threat mitigation measures are selected.
BUSINESS CONTINUITY PLAN
Definition of roles and responsibilities, purpose, objectives, activation criteria and procedures, communication, timelines, testing and crisis simulation procedures, and plan formalization.
