Business Continuity Management (BCM) is more than just setting up procedures to control significant risks facing an organisation. It needs to be part of the organisation's drive for success, and continued success, even in adverse conditions.

Business Continuity Management is an essential element in the successful management of any organisation. Disciplines of BCM can be already found in many functional areas, including:

Risk Management, Business Continuity and Disaster Recovery Planning, Facilities Management, Supply Chain Management, Quality Management, Knowledge Management, Security, Crisis Communications Management and Public Relations.

 

Risk Management

The Risk Vulnerability Analysis workshop provides the high-level processes required to identify, evaluate, and control (eliminate, mitigate or offset) significant risks facing an organisation.

The objective is to manage these risks in order to maximise the probability of the organisation’s success. Managing risks involves identifying threats to an organisation and determining their impact and levels of severity. Some threats require extensive controls while others require very little.

Identified risks can affect tangible assets such as facilities, equipment, records and staff, or intangible assets such as reputation (public or industry perception and/or confidence), brand name and knowledge.

There are five generic options in Risk Management:

  Risk Taking

premeditated decision to speculate on a risk

  Risk Acceptance

acceptance (knowingly or unknowingly) of a specific risk

  Risk Deduction

implementation of specific measures to deduce potential exposure to specific risks.

  Risk Transfer

insurance

  Risk Avoidance

premeditated decision to forgo a venture due to excessive potential for high impact risks occurring

Consider the number of risks facing any organisation and the range of options available to manage these risks.

 

Business Continuity Planning

While prevention or mitigation is the most cost-effective way of managing risks, it is also essential to prepare for the risks that cannot be directly controlled. Preparation for these events is the only sensible strategy to adopt. For example, nothing can be done to prevent a significant earthquake. However, if your business or parts of your business must continue to operate in spite of an earthquake, then it would be prudent to prepare for the occurrence of a significant earthquake.

Business Continuity Planning arose from Disaster Recovery Planning in the Information Technology sector. Organisations had plans in place to deal with the recovery of IT services, but there was initially, no planning for the timely resumption of their business operations. Business Continuity Planning was developed to address this issue.

The key steps in developing a BCP are:

  Scope Project and Obtain Commitment

  Identify and Establish Resumption Teams

  Perform a Risk Vulnerability Analysis

  Develop Strategies and Document Plans

  Perform Set-up Tasks and Test Plans

  Implement Plan Maintenance and Testing Program

 

Disaster Recovery

Many organisations are now so automated (through computer systems and specialised plant machinery and instruments) that they would find it very difficult, if not impossible to operate should all or part of these systems suddenly become unavailable. Without automated equipment, many organisations would experience a rapid decline in operational efficiency. In some cases, this decline could be so severe, that the very survival of the organisation is threatened.

Disaster Recovery Planning develops and documents the procedures for the restoration of specialised or automated equipment within critical timeframes. Disaster Recovery Plans also detail alternative (usually manual) procedures that enable critical tasks to continue - albeit in a reduced capacity - during the period where these systems are unavailable.

Components of a Disaster Recovery Plan are:

  Recovery Strategies

  Equipment specifications

  Prioritised recovery list

  Recovery Instructions

  Roles and Responsibilities

  Contact List and Vendor Agreements

  Alternative Processing Procedures

  Testing and Maintenance Procedures

 

BCP and DRP Maintenance and Testing

Regular BCP maintenance and testing is a vital component of a successful Business Continuity Management Programme and produces the following benefits:

  training for Resumption Team Members

  validation of all recovery procedures

  BCM awareness through the Organisation

XACTAS' BCP Maintenance Procedures include:

  Monthly Checks (performed by the Resumption Team)

  BCP Reviews

  Risk Vulnerability workshop

Disaster Recovery Plan maintenance involves reviews of:

  Recovery Strategy, Requirements and Procedures

  Vendor and Service Provider Agreements

  Roles, Responsibilities and Contact Lists

BCP and DRP Testing Programmes vary depending on the organisation and the recovery requirements within that organisation. XACTA works with the organisation to ensure a comprehensive Testing Programme is developed.

XACTA performs the following BCP Tests:

  Call Tree Test

  Desktop Workshop

  Structured Walk Through Test

  Alternative Site Activation

  Disaster Declaration and Recovery Exercises

Disaster Recovery tests are often quite specific and unique. XACTA works with the organisation to scope a meaningful test, including explicit measures of success for the overall test, and for key recovery phases.

 

Business Continuity and Disaster Recovery Plan Audit

XACTA offers structured Business Continuity and Disaster Recovery Audit Processes, which examine all aspects of the Business Continuity or Disaster Recovery Plan.

Key Audit checks are:

  that the Plan contains all required information and is in a format, which is easy to follow

  all procedures are in place and all required resources are available to enable critical operations to be resumed/continued within specified timeframes