1. Understanding your organisation:

a. Business Impact Analysis – to ensure that you understand the impact of disruption to your business activities

b. Risk Assessment – understanding the threats and vulnerabilities that you face

2. Determining the strategy to adopt:

a. Options to reduce the likelihood of disruptive incidents

b. Options to reduce the impact of disruptive incidents

c. Options for recovery strategies when the organisation’s business is disrupted

3. Developing and implementing the response:

a. Implementing the measures to reduce likelihood and impact

b. Implementing incident response plans to deal with the immediate priorities

c. Implementing business continuity plans to ensure that the organisation can continue its key activities

d. Ensuring that appropriate solutions are implemented to support the business

4. Exercising the plans and solutions that have been implemented

5. Ensuring that everybody in the organisation has an appropriate level of knowledge and understand their role in preventing and responding to incidents

6. Implementing management systems that ensure:-

a. Ongoing maintenance of proven capabilities

b. Continual improvement in those capabilities

c.  Preventive and Corrective actions are identified and acted upo