Business Continuity Plan
Additionally, many businesses are required to create and follow plans for disaster recovery, business continuity and data protection in order to meet compliance regulations. This is particularly important for organizations operating in financial, healthcare, manufacturing and government sectors. Failure to have BC procedures in place can result in legal or regulatory penalties, so understanding how to comply with resiliency standards is important.
BC Service Performance.
Merysol Security can be engaged to either develop a new BC Plan or to test an existing one. The purpose of testing a BC plan is to discover flaws in it so the Customer can resolve them before they impact the ability to restore operations.
If a new Plan is to be developed, Merysol Security will work closely with the business owner and the IT specialist ( if different from the business owner), to create a practical, cost effective plan. The proposed new plan will be tested to ensure it actually works.

The Business Continuity Plan engagement consists of the following steps:
> It begins with a meeting, typically one-hour long, between the business owner and his/her IT representative (if available); and a Merysol Security Expert. In this meeting the BC Plan process is presented, expected cooperation from the business is discussed, and the deliverable BC Plan is explained along with the expected duration of the engagement.
> Merysol Security proceeds to deliver a BC questionnaire. This tailored questionnaire is intended to covers the business activities and personnel involved in emergency operations to restore business as usual.
> The Customer’s person in charge of the project ( 80% of the time is the business owner), fills out the questionnaire either by himself/herself, or with help from Merysol Security. When completed, it is submitted to Merysol Security. Merysol Security analyses the information and prepares the deliverable BC Plan. The Plan is provided to the Customer in electronic form (pdf).
> A meeting is scheduled to discuss the Plan findings and recommendations. Next steps, if any, are discussed
The duration of this engagement is highly dependent on the complexity of the operation and the time it takes the Customer to fill the questionnaire. It usually takes two (2) weeks.
Nowadays it is common for small businesses to engage a Managed Service Provider (MSP) to be their IT expert rather than hire the IT expert in-house. The MSP should be very familiar with the Customer’s BC Plan so they can be effective during an attack requiring to exercise it.
