By Kenny Seow
The time when disaster strikes, is not, for most people, the time to start creating a response plan. Taking the time to prepare a plan before a disaster occurs provides an opportunity for you to identify the things that are critical for the survival of your business and determine workable solutions to get your business operational in the quickest time possible following a disruption.
Business Continuity Management (BCM) is the process of preparing your business for potential threats that may disrupt your normal business activities. To implement BCM, you will need to consider the following questions:
- What are the key products and services of your organisation?
- How long can you stop providing these products and services before the business impact becomes unacceptable to you, your clients and stakeholders?
- What are the activities and resources required to deliver these products and services?
- What are the threats and vulnerabilities of these activities?
- How will you recover and maintain continuity of these activities when disruptions occur?
Implementing a BCM programme involves the following key activities:
Business impact analysis and risk assessment
The business impact analysis (BIA) prioritises business activities for recovery and identifies the resources that are required to support these activities for business continuity purposes. This involves assessing the potential business impact on the organisations should key business activities be disrupted, determining the timeframes within which these business activities must be resumed, and identifying the resources required for business continuity.
The risk assessment process involves identifying vulnerabilities to the organization, assessing the level of risks and identifying appropriate risk control measures to manage the risks.
Determine business continuity strategies
This involves the identification and assessment of strategies (response options) to meet the organisation’s requirements for business continuity, covering people, IT systems and networks, premises and facilities, and data backup and offsite storage.
Develop and implement response plans
This involves putting in place a response team structure, developing processes for incident notification and escalation, and documenting the business continuity action plans. The purpose of the action plans are to provide guidance on you should call, where you should go and what you should do when disaster strikes. This is also when implementation of the response option is carried, such as procurement of backup equipment and commissioning of alternate facilities.
Train, Exercise and Maintain
This step ensures that the response plans that have been developed and documented will actually work to enable the organisation to continue delivering critical business activities when a crisis arises. This involves training relevant employees on the use of the plan, conducting exercises to validate the completeness and accuracy of the plan, and putting in place a schedule for the on-going maintenance of the plan.