2. www.piit.co.uk
Why is Business Continuity Planning Important?
• BCPs are critical to the transparent and continuous operation of all types of
businesses
• Analysts claim two out of five businesses that experience a disaster will go out of
business within five years of the event
• The ability of an organization to recover from a disaster is directly related to the
degree of BCP that has taken place BEFORE the disaster
• BCPs more important as companies’ reliance on technology increases.
• more emphasis on IT and communication services
• to help manage supply chains
• less tolerant of information and service loss
• Organisations must plan for the recovery of key business functions, using priorities
and timescales derived from assessed risks and accompanying data.
• BCPs must cover IT, data and voice communications as well as for essential
personnel and offsite locations.
• BCPs must consider people and accommodations in which they can work.
3. www.piit.co.uk
Why is there greater emphasis now given to BCP?
• Creating and maintaining a BCP helps ensure that an institution has the
resources and information needed to deal with these emergencies:
• Natural disasters such as storms, floods and fire
• Accidents
• Sabotage
• Terrorism
• Power and energy disruptions
• Communications, transportation, safety and service sector failure
• Environmental disasters, pollution and hazardous materials spills
• Cyber attacks and hacker activity
• Business Continuity Planning is at or near the top of CEO and CTO
concerns
4. www.piit.co.uk
What did recent events teach us?
• Plans must be updated and tested frequently
• All types of threats must be considered
• Dependencies and interdependencies should be carefully analysed
• Key personnel may be unavailable
• Telecommunications are essential
• Alternate sites for IT backup should not be situated close to the primary site
• Employee support (counselling) is important
• Copies of plans should be stored at a secure off-site location
• Sizable security perimeters may surround the scene of incidents involving national
security or law enforcement, and can impede personnel from returning to buildings
• Increased uncertainty (following a high impact disruption such as terrorism) may
lengthen time until normal operations are restored
5. www.piit.co.uk
Business Need
• Tracking plans via paper document and email was difficult
• Working out requirements for DR locations was cumbersome and
needed a separate spreadsheet to maintain
• No clear view of who was actively managing and maintaining plans
• Data terminology – such as location names - was inconsistent across
different departments
• KPI reporting was a manual process that took days to create
• A single source to hold information that would be accessible in a DR
situation
7. www.piit.co.uk
Each business activity entered as a Statement of Requirements capturing key
information such as Recovery Point and Time Objectives, Activity performed,
number of FTE’s
BCP in ServiceNow
8. www.piit.co.uk
Once Statements of Requirements have been entered shows a quick view of what
would be required from a remote facility if a plan was activated
BCP in ServiceNow
12. www.piit.co.uk
• Single source of information
• SaaS hosted so available from any location that can access the internet
• Plans can be managed; last reviewed on, tested on, as well as being
used for holding the plan activities; escalation, return to work
• Provides real-time information on the data held within a BCP for in the
moment KPI reporting
• Uses existing ServiceNow data structure to track plans against
Locations, Departments and Business Services
• Changes and amendments are audited and can be tracked
• Notifications sent on when review periods are reached
• Remote location requirements in a DR scenario available in a couple of
clicks
• Can be linked to ServiceNow IT GRC to handle remediations in missing
data
Benefits