Business Continuity Management
In these turbulent times when the business environment is uncertain & fraught with risks, companies have to plan for contingencies & emergencies. The disaster preparedness that companies exhibit goes a long way in making them adjust to the changing circumstances when disaster strikes. Around the world, different countries have different risks & companies have to ensure that their disaster preparedness is according to the specific risk that the location & the region in which they are based carries. This is particularly true for multinationals that operate in several countries & where they have to tailor their business continuity plans according to the location.
You cannot schedule disaster but you can plan to mitigate their effects. Whether it’s natural or man-made disasters, criminal acts, terrorism, server crashes, viruses, hacking attacks or even stock market crashes, you need to have a plan in place for resiliency & recovery.
Business continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012)
BC is receiving increasing attention world-wide as the frequency of incidents increases within an interdependent world, associated with a need to counter threats to the organisation that could cause a severe impact to business operations.
Business continuity management (BCM) is a framework for identifying an organization’s risk of exposure to internal & external threats. The objective of BCM is to provide the organization with the ability to effectively respond to threats such as natural disasters, man-made disasters, criminal acts, terrorism, cyber-attacks & protect the business interests of the organization.
The biggest failure in BCM is the inability to exhaustively evaluate the risks & manage them.
BCM includes disaster recovery, business recovery, crisis management, incident management, emergency management & contingency planning. It does not stop once the disaster has abated and the emergency over. Instead, there is more work to be done and only when the entire process is taken care of, can corporates breathe easy and congratulate themselves for doing a great job.
A business continuity plan (BCP) is a working document that reflects the business as it is. The procedures state what tasks should be done, but not necessarily how to carry them out. Specifics are avoided because in any successful BCP, there must be some flexibility to be creative & not be encumbered by strict compliance & detailed procedures. A BCP should identify decisions to be made during a disaster.
A BCP is a blueprint to help ensure that business processes can continue during a time of emergency or disaster. Businesses need to look at all such potential threats & devise BCPs to ensure continued operations should the threat materialize.
Briefly, a BCP involves the following:
- Analysis of threats. When developing a BCP all threats that could disrupt regular business should be determined.
- A list of the primary tasks required to keep the organization operations going. Who are the necessary people & what are the tools & information needed to continue operations?
- Explanation of where personnel should go if there is a disastrous event.
- Information on data backups & organization site backup.
- Collaboration among all facets of the organization/buy-in from C-Suite.
A comprehensive & updated list of people in management & their contact information must be included in the BCP. These people should have each other’s contact information at home. If it is not possible to get into the office, they should be able to contact each other & make plans for resuming operations, at both home offices & offsite locations. This includes use of data backup & disaster recovery plans.
AIP will work with the client to create a business impact analysis that identifies the client’s critical assets, systems & processes as well as quantifies the cost of downtime or interruption to those things. A good analysis will not only identify critical components of the enterprise but will likely shed light on how valuable those assets really are to the client’s business. As such, our consultants are focused on the identification of critical assets & business processes, mapping dependencies & the prioritization of planning & recovery based on the expected impact to the company if that asset or process is rendered partially or completely unavailable.