Contingency

I hate the (incompetent) IS auditor, here is the story. One day your external auditor from big 4 audit firm come checking your IT system. This guy, discuss some issue with executive level within your company. This text book auditor then asks you to prepare any document or plan in case of disaster or incident. You, in charge in IT department then asking question to the auditor.
“Can you explain more detail what type of document? Since I’m little bit confuse with your jargon of BCP, DRP, COOP what is the difference?”

And here is the explanation, theoretically, according to NIST-SP 800-34 standard, you must prepare:

1. Business Continuity Plan (BCP)

Purpose: Provide procedures for sustaining essential business operations while recovering from a significant disruption
Scope: Addresses business processes; IT addressed based only on its support for business process

2. Business Recovery (or Resumption) Plan (BRP)

Purpose: Provide procedures for recovering business operations immediately following a disaster
Scope: Addresses business processes; not IT-focused; IT addressed based only on its support for business process

Recent natural disaster, such as earth quake or tsunami is true evidence that all business operation need appropriate business continuity management. Today, there are a lot of world standard that could be followed to get the best implementation of business continuity management. From the US standard: NIST SP 800-34 to British Standard 25999. Here is simple comparison between to standard.