Ten practical steps to draft a business continuity policy