Plan de continuidad del negocio (BCP) aplicado al departamento de TI de la empresa de soluciones tecnológicas TELECOMSEC

Abstract

The Business Continuity Plan (BCP) proposed for the Information Technology (IT) department of the TELECOMSEC company is focused on describing the way in which said company remains operational during the unplanned interruption of one or more of the its services. This BCP constitutes a reference guide with planned and organized strategies that allow dealing with a materialized incident in the shortest possible time. It is important to know the current situation of the company with respect to technological infrastructure, roles of technical personnel and the services it offers, for which relevant information was collected for the development of this project. The support of managers and operational staff is essential when applying the different instruments for collecting information. The business impact analysis (BIA) was carried out to determine the critical processes and services that must be recovered as a priority within the established maximum tolerable time. Subsequently, the risk analysis of the critical assets of the IT department of the TELECOMSEC Company was carried out, applying the MAGERIT methodology. Based on the results obtained in the previous risk assessment phase, the operational strategies were established and the Business Continuity Plan was designed considering different scenarios, taking as references the guidelines established in the international standard ISO 22301:2019. The testing, maintenance and review plan for the BCP components was also defined. Finally, in the training and awareness phase, a syllabus was proposed with several alternatives to be taught to the technical staff. The topics are selected by the person in charge of the IT department according to the need of the company. Similarly, various ways in which the BCP can be socialized were suggested.