Business Continuity Management (BCM) aims to protect the business interests of an organization while providing it with an ability to effectively respond to threats that take place naturally or deliberately. The Business Continuity Management Planning (BCMP) concept gives out the process for both assessing the risks and addressing them to help continue business while defining the duties for planning and implementing business continuity plans (BCPs).These Plans are developed depending on the classification of the level of criticality to the organization.
Testing, maintaining and re-assessing business continuity management plans:
In order to ensure that the Business Continuity Management plans are up to date and effective, they must be regularly tested and updated without any delays. The critical business processes are protected by Business Continuity Management plans from major problems or disasters impacting (IT) information systems. These plans that include elements of disaster recovery must be developed and maintained across the organization and this requires a management process. Once the threats are identified, the risks associated with them will be minimized by following the Business Continuity Management Plans.
At the time of planning for business continuity an important factor to be considered is the entire infrastructure including staffing requirements, electrical supply, transport facilities, telephone services etc. This consideration plays a key role in keeping all critical business processes and support services running.
The “Stay in Business” BCMP ensures the timely resurgence of businesses to an organization.
1.Scope of business continuity management planning:
It will be required to assess the longest time period for which the entire system could not be available in order to analyze the criticality of that particular system.
- For a high criticality situation, Business can continue using manual processes for up to two working days and a alternative for a unsuccessful system must be in place within two days.
- For a medium criticality situation, Business can continue using manual processes for up to one week and a replacement for a failed system must be in place within one week.
- For a low criticality situation, Business can continue using manual processes for up to twelve weeks and a replacement for any failed system is expected to be in place within twelve weeks.
- In the continuity of information systems the role of purchasing and insurance strategies is incorporated.
- A process should be developed targeting business continuity management. Later it must be maintained throughout the organization for business continuity that addresses the information security needs.
As part of business continuity management planning, risk assessment examines the nature of those unexpected occurrences along with their potential impact and the possibility of these incidents becoming serious incidents. The formal Business Continuity Plan can protect the business only if the financial human resources are sufficiently allocated. All the security incidents whether short or medium have to be considered in order to build a suitable BCP.
2. Risk assessment for business continuity management planning:
For any business continuity the first step would be to identify the events that may cause interruptions, along with the probability and later would be to identify the impact of those interruptions and their consequences.
For all the systems risk assessment should be undertaken which form part of the organization’s infrastructure. The classification of the systems criticality level determined according to the impact of failure of that system would be the outcome of risk assessment process. If the systems that failed are having high impact on people or property will fall under high criticality situation and with low impact on them will fall under low criticality situation.
3. Developing the BCMP:
The developed plans should be implemented in order to maintain the operations and to restore them while ensuring the availability of information at the required level in required time scales.
The plan should be given in detailed and must be simple for everyone to be able to understand. It is expected to consist of critical steps to be taken at the time of any disaster for an organization to swing back and continue its business.
4. Business continuity management planning framework:
A single framework of BCMP must be maintained in order to ensure that all plans are consistent. This framework helps out in identifying all the priorities for both testing and maintenance along with information security requirements. Business continuity management plans should be modular and task oriented.
Each and every plan should specify the conditions clearly for it to be activated and also specify the individuals who are responsible for the execution of its components. The new BCM plans should be consistent to the existing computer services, telecommunications and accommodation along with fallback arrangements. Different levels of plan may be required involving different recovery teams depending on the focus points.
Each plan should have four main components:
- Emergency procedures should be followed as a first step describing actions to be taken promptly at times of major disaster that might jeopardize business operations.
- Plan should contain Fallback procedures which describe the immediate actions to be taken to shift essential business tasks or the support facilities to some temporary locations.
- Plan should also contain Resurgence procedures which describe appropriate actions to be taken to bring back the business to its normal functions at the actual site.
- Plan should consist of Test schedule that states how the plan should be tested.
Each individual plan should be under the control of an individual assigned to it and all the copies of Business Continuity Management Plans should be kept away from the main site.
5.Testing the BCMP:
Testing is an important aspect once the BCMP is developed. It not only assesses the viability but also ensures that the entire staff is familiar with the procedures. If the BCMP testing is not able to provide favorable conditions then the value of such testing is understood to be limited
6. Testing business continuity management plans:
Business continuity management plans must be always tested prior to their implementation. The test must have a schedule which indicates how each element of the plan should be tested and when. Whatever feedback we get from these early tests are very helpful in updating the business continuity management plans.
7. Training and staff awareness on BCMP:
For a BCMP to be executed successfully, each and every person in an organization must be aware of the entire plan and its procedures. Not only should this but the individuals must also know their responsibilities and duties to be performed at the time of an event. There is a chance of seeing failure if an individual is not trained enough.
8. Maintaining and updating the BCMP:
The business continuity management plan should always be kept up to date and retested periodically. If this is not followed the BCMP will fail and its purpose is not survived. When the actual need for BCMP arises and suppose it does not exist or not been tested yet and fails when activated, then the organization will never be able to recover from the mishap.
Updating business continuity management plans:
With continuous changes in any business, their continuity plans become obsolete and this is the reason why business continuity plans needed to be updated in a regular basis. Management of such plans is very essential in order to protect the investment in developing the initial plan which otherwise may result in negative impact to the organization. Business owner is supposed to be highly responsible in identifying and applying changes to the plan. Any individual changes should be made periodically and the complete plan should be reviewed at least annually.
Advantages of SIB’s BCMP solutions are:
- Remote accessibility ensured by cloud-based solutions
- Clear-cut chain of command with all aspects of the business covered
- BCM plan is very flexible and adaptable to various scenarios
- An inbuilt emergency communication center is provided
- SIB’s BCMP is very cost-effective
- Easy to adopt
- Coordinated response is ensured due to optimum resource allocation
- Optimum resource allocation which ensures coordinated response