Once the BIA and the port’s overarching business continuity strategy have been completed and documented, the port should prepare its business continuity plan (BCP). The port should decide whether to have one single centralized BCP for the whole port or smaller, and more targeted BCPs for its most critical business activities or processes. The smaller the port and its operations, the more likely a single BCP will suffice. If a port has multiple distinct and geographically dispersed operations, it is recommended that each operation has its own BCP. This may mean the port does not need to cover the full extent of its operations. Port BCPs should be filed in a centralized repository.
When not covered by the overall BCM programme, ports should ensure that their BCPs address the following elements:
- Critical disruption criteria focus on the disruption level required for the BCP to be enacted. This is especially critical if the port has a centralized incident monitoring entity, e.g. a security operations centre. Disruption levels triggering the BCP could relate to the recovery of a critical terminal, following a severe weather event.
- The frequency at which BCP should be updated (annually).
- The location where the port intends to store copies of its BCPs and supporting documentation. This will enable easy access and retrieval when needed.
- The immediate consequences of a disruption, such as the welfare of individuals and other key stakeholders, the prevention of further loss, and whether there has been any environmental impact. These are important for the port's reputation as stakeholders expect ports to do the right thing.
- When in doubt about the right level of detail to include in a BCP, ports should aim to provide more detail and reliably document any aspect or issue that would be useful in a crisis.