Below are the basic roles involved with planning and executing the firm’s BC & DR plan. Assing each role to an individual in your firm. While smaller firms may combine multiple roles to suit firm management and available resources, each responsibility should still be explicitly assigned to someone.
2.1 Executive Sponsor
- Provides senior leadership, authority, and organizational support for the BC & DR program
- Typically the Managing Partner, CEO or COO
Key Responsibilities
- Endorses the BC & DR strategy and ensures it aligns with firm goals
- Approves scope, priorities, and funding
- Ensures regulatory, ethical, and professional obligations are considered
- Acts as final escalation point for major decisions during a declared disaster
- Champions BC & DR awareness and participation throughout the firm
2.2 BC & DR Coordinator
- Owns the BC & DR program and serves as the central point of coordination before, during, and after incidents
- Typically the operations manager, IT manager or office administrator
Key Responsibilities
- Coordinates development and maintenance of the BC & DR plan
- Ensures risk assessments, business impact analyses, and recovery objectives are completed and updated
- Maintains plan documentation, contact lists, and supporting appendices
- Coordinates training, tabletop exercises, and recovery testing
- Serves as the primary incident coordinator during disruptions
- Has authority to declare a disaster and invoke the BC & DR plan
2.3 BC & DR Team (Incident Response Team)
- Executes the plan during disruptions and supports recovery of business operations and systems
- Typically a cross-functional group representing operations, technology, compliance and administration (sample participants below).
IT Infrastructure
Key Responsibilities
- Restores systems, applications, and data in line with RTO and RPO targets
- Manages backups, recovery procedures, and failover processes
- Coordinates technical response to cyber incidents, outages, or data loss
- Verifies integrity and security of restored systems before return to normal operations
Practice Groups (multiple people)
Key Responsibilities
- Identify critical business functions and service priorities
- Validate business impact assessments and recovery objectives
- Coordinate workarounds to maintain client service during disruptions
- Confirm when restored services meet operational requirements
Compliance & Privacy
Key Responsibilities
- Assesses impacts to client confidentiality and personally identifiable information (PII)
- Ensures applicable privacy, ethical, and regulatory obligations are met
- Coordinates invocation of breach response or notification procedures when required
- Advises on acceptable use of alternate tools or processes during continuity operations
Communications
Key Responsibilities
- Manages internal communications to staff during disruptions
- Coordinates external communications with clients, vendors, and stakeholders
- Ensures messaging is timely, accurate, and consistent
- Advises leadership on reputational considerations
Office Administration
Key Responsibilities
- Manages physical access issues, alternate work locations, and logistics
- Coordinates temporary workspace arrangements or remote work enablement
- Maintains inventories of physical assets and key supplies
- Supports staff safety and well-being during office disruptions