V.A     Event Management

The BCP may define various situations as events, disruptions, or triggers. An event is an occurrence or change in circumstances that may affect operations. An event can be physical, cyber, or a combination of both. A disruption is either an anticipated or unplanned event that causes operations to degrade or fail for an unacceptable length of time (e.g., a minor or extended power outage, an extended unavailable network, or equipment or facility damage or destruction). A trigger is an event that prompts management’s response. Predefined threshold escalation triggers are a key element of a BCP, and responses should be designed to mitigate the impact from adverse events.

The BCP should include event management procedures that detail reasonably foreseeable event types and provide thresholds and responses. Procedures should describe how to report an event to management and the situations that warrant notification to those who address events. Management should consider establishing a team(s)Depending on the entity’s size and complexity, authority to respond to an event may fall to an individual, a team, or multiple teams. The term “team” is used for purposes of this booklet. to address events. Individuals managing the event may change depending on the nature of the event and team member availability. While the team should manage the event and communicate with stakeholders, event monitoring is an entity-wide responsibility (e.g., board, senior management, and other personnel).

Responses may include activities, programs, or systems that protect life and property, meet basic human needs, and preserve the entity’s operational capability. Examples of event responses include:

  • Switching operations to a backup facility after a software upgrade and subsequent rollback fail.
  • Rerouting personnel to a safer location or authorizing telecommuting when the local area becomes unsafe.
  • Authorizing telecommuting when an event causes disruptions to operations.
  • Invoking disaster recovery procedures once management has identified a significant cyber attack.
  • Activating emergency response procedures once a hurricane threatens the local region.


Previous Section
V Business Continuity Plan
Next Section
V.B Continuity and Recovery