Business Continuity Planning

Goals and End State

The goal of Business Continuity planning is to implement tested and verified policies and procedures that will ensure critical functions of your business can be sustained continuously, or resumed within time limits specified by management, following an event that might otherwise halt or seriously degrade business operations.

The end state will see successful execution of the procedures, and continuation of critical business functions, following a potentially interrupting event, within time and cost thesholds set by management.


Depending on the level of formality appropriate for your business size, culture, and value of information assets at risk, we will produce the following valuable intangible assets:

  • Enterprise Risk Management Program Charter and Policy
  • Business Continuity Program Charter
  • Business Continuity Management Strategy
  • Risk Management Plan for Business Continuity
  • Threat Modeling Chart and Business Impact Analysis
  • Vulnerability Management Program
  • Risk Assessment Chart for Business Continuity, including Risk Controls Register and Metrics
  • Incident Response Policy and Plans
  • Incident Monitoring and Alerts Register
  • Disaster Recovery Plan
  • Business Continuity Plan
  • User and Partner Training/Awareness Plans
  • Business Continuity Testing and Validation Plan

Additional Notes

Implementation of Business Continuity plan requires support and input from top-level management in order to align the plan with your company's business objectives and risk tolerance thresholds, and to ensure cooperation from all relevant department managers. J.D. Fox Exec will provide guidance at each relevant step in the process.

We will develop and implement your Business Continuity plan together as a project. And the end of the project, your Business Continuity plan will need to be reviewed, tested, and updated regularly. We will design the plans so that your company can manage this internally going forward; procedures will be included in the Testing and Validation Plan. Or, you may choose to engage J.D. Fox Exec periodically to assist with reviews, assessments, and modifications to the plan.

If your company has neither an Information Security program or Business Continuity plan, developing both together will greatly improve efficiency and return on your investment, as there is significant overlap between the two processes.