Management should develop comprehensive mitigation strategies to resolve potential problems that may result from internal and external interdependencies. Mitigation strategies will depend upon the results of the BIA and risk assessment, but should always ensure that processing priorities can be adequately implemented and that business operations can be resumed in a timely manner. The following represent examples of appropriate mitigation strategies:
- Strengthening the physical facility using dependable construction materials;
- Establishing redundant vendor support;
- Establishing media protection safeguards and comprehensive data back-up procedures;
- Implementing redundant or alternative power sources, communication links, data back-up technologies, and data recovery methods;
- Increasing inventories of critical equipment;
- Installing fire detection and suppression systems; and
- Purchasing and maintaining adequate reserves of food, water, batteries, and medical supplies.
Once the BCP is complete, the viability of the plan must be assessed as part of the risk monitoring and testing step, which involves the development, execution, evaluation, and assessment of a testing program. The testing program is then used to update the BCP based on issues identified as part of the testing process.
Internal and External Components
Risk Monitoring and Testing