Business Continuity and Contingency Planning Approach

Phase I: Initiation

o Establish business continuity work group.

o Develop high-level business continuity planning strategy.

o Identify core business processes.

o Define roles and assign responsibilities.

o Develop a master schedule and milestones.

o Implement a risk management process.

o Assess existing business continuity, contingency, and disaster recovery plans and capabilities.

o Implement quality assurance reviews.

o Attain executive commitment.

Phase II: Business impact analysis

o Define information requirements, methods, and techniques to be used in developing the BCCP.

o Define year 2000 failure scenarios.

o Perform risk and impact analyses for each core business process.

o Assess infrastructure risks.

o Define acceptable levels of outputs and services for each core business process.

o Structure enterprise templates.

Phase III: Contingency planning

o Assess costs and benefits of alternatives and select contingency strategy for each core business process.

o Identify contingency plan templates and implement modes.

o Define triggers for activating contingency plans.

o Establish a business resumption team for each core business process.

o Develop a zero day strategy and procedure.

o Follow steps in developing the contingency plan: facility level.

Phase IV: Testing

o Validate business continuity strategy.

o Develop contingency plan tests.

o Establish test teams and acquire resources.

o Prepare and execute tests.

o Validate the capability of contingency plans.

o Rehearse business resumption teams.

o Update the business continuity plan.

o Update disaster recovery plans.


Web Sites for Planning Help

Here are some Web sites that include information on year 2000 contingency planning. Much of this list was compiled by Ginger Campbell, RN, PhD, a consultant in Tampa, FL, who works with a variety of health care organizations. (For Campbell’s contingency plan outline, see p. 171.)

Business continuity and contingency planning sites

o Department of Information Resources for the State of Texas — Guidelines for contingency planning: http://www.dir.state.tx.us/oops/ctgyplan/index.html.

o Disaster Recovery Institute International — Professional Practices for Business Continuity Planners: http://www.dr.org/ppover.htm.

o Disaster Recovery Journal — http://www.drj.com.

o The Journal of Business Continuity — http://www.business-continuity.com/business_continuity.html.

Federal year 2000 Web sites

o Federal Deposit Insurance Corporation — Guidance concerning contingency planning: http://www.fdic.gov/banknews/fils/1998/fil9851b.html.

o The Mitre Corporation Year 2000 homepage — Y2K contingency management plan outline: http://www.mitre.org:80/research/y2k/docs/CONTINGENCY_PLAN.html.

o The President’s council on year 2000 conversion — http://www.y2k.gov.

o The Department of the Army — contingency planning document: http://www.army.mil/army-y2k/Contingency.htm.

o Social Security Administration — business continuity and contingency plan: http://www.gsa.gov/gsacio/ssay2kb1.htm.

o Electric utilities and year 2000 contingency planning: http://www.euy2k.com/cp.htm.

Year 2000 Web sites

o Health care’s year 2000 information clearinghouse — http://www.rx2000.org.

o The Gartner group — http://gartner5.gartner web.com.

o The Odin Group — http://www.odin-group.com.

o The Year 2000 information center — http://www.year2000.com.

o Managing Year 2000 hospital risks — http://www.2000legal.com/hospital.htm.