Carnegie Mellon University

Business Continuity Life Cycle

The Business Continuity life cycle is comprised of the following phases:

Business Impact Analysis is a data collection activity that is achieved via interview with the functional owners and administrators of a business function to understand:

  • Services provided by the business function
  • Dependencies that the business function has in order to operate (i.e., facility, people, technology, vendor)
  • Recovery requirements of dependencies
  • Alternatives, workarounds, and/or manual processes in the event the dependencies is unavailable or inaccessible
  • Potential risk impact that the University could experience in the event the business function could not recover and establish continuity within their recovery objective(s).
  • Business Impact Analysis data is housed and maintained within the Business Function tab of the Fusion Framework, a third-party cloud solution from Fusion Risk Management that resides on a Salesforce platform.

Risk Assessment and Gap Analysis consolidates the results of the Business Impact Analysis of a collective Organization/Division by prioritizing dependencies based on the criticality of their recovery objectives, and conducting a comparison against current recovery capabilities to determine if a potential recovery gap is present. These results are presented to organizational leadership to review and decide if the potential gap is an acceptable risk or if the potential gap should be remediated through additional investments or workarounds. This analysis enables:

  • Senior and functional leaders within an organization/division to understand the potential risks that could impact their continuity in the event of a disaster or significant business disruption
  • Transparency between business recovery requirements and dependency recovery capabilities
  • Thoughtful risk management and informed decision making
  • Facilitation of conversations between business leaders and dependency providers to determine effective solutions for risk remediation

Business Continuity Planning documents the actions and activities that a business function will execute to establish and sustain continuity of operations at an acceptable level within recovery objective(s) in the event a disaster or significant business disruption should occur.  Plans are designed on an all-hazard approach focusing on four key loss scenarios:

  • Loss of Facility
  • Loss of People
  • Loss of Supplier
  • Loss of Technology

An all-hazard approach focuses on the impact of a loss as opposed to the cause. Business Continuity Plans are developed and maintained within the Fusion Framework, a third-party cloud solution from Fusion Risk Management that resides on a Salesforce platform.

Plan Exercising and Continuous Improvement exercises validate the feasibility of a Plan, identifying opportunities for continuous improvement over time.  Exercises can take the form of a simulated event or a live event.  A live event is a situation in which the Business Continuity Plan was used resulting from an actual disaster or significant business disruption to the business function.  A simulated event is facilitated by DR/BC Services where a business function can exercise a Business Continuity Plan in one of the three ways:

  • Walkthrough – a gathering of the business function team to conduct a detailed review of the Business Continuity Plan, ensuring awareness and understanding of content, roles, and responsibilities
  • Tabletop – a gathering of the business function team to discuss and role play a disaster or significant business disruption for the purpose of exercising the Business Continuity Plan in a controlled environment
  • Functional – a gathering of the business function team to perform and role play a disaster or significant business disruption for the purpose of exercising the Business Continuity Plan in as real of an environment as possible without an actual disaster or significant business disruption occurring
  • Exercise information and results are maintained within the Fusion Framework, a third-party cloud solution from Fusion Risk Management that resides on a Salesforce platform