Professional Documents
Culture Documents
Business continuity is about making sure that you have prepared your
business for the unexpected, so that when your business is affected by
some form of disruption you can continue to operate and get it back to a
normal level of operation as quickly as possible.
BCP involves defining any and all risks that can affect the company's
operations, making it an important part of the organization's risk
management strategy. Risks may include natural disasters—fire, flood,
or weather-related events—and cyber-attacks. Once the risks are
identified, the plan should also include:
f. State the benefits of BCM and relate them to the entity’s mission,
objectives and operations.
g.Explain executive management's/leadership’s role, including their
accountability and liability within the BCM Process.
• What does a new member of staff need to know when they join
the organization?
• Then you’ll decide what steps these people will take and what
resources they will need.
The specific types of teams required, The size of each team, specific
team titles, hierarchy designs are all based on the systems taken into
consideration.
Personnel should be chosen to staff these teams based on their skills and
knowledge. Ideally, teams would be staffed with the personnel
responsible for the same or similar operation under normal conditions.
Team members must understand not only the BCDR plan purpose, but
also the procedures necessary to execute the recovery strategy. Teams
must be sufficient in size to remain viable if some members are
unavailable to respond or alternate team members may be designated.
• operating environment;
• activities; and
“The only way a company can assure that its BCMS arrangements are
validated is through exercises. The main purpose of the exercising stage
in the BCMS is to ‘validate the business continuity strategy, activities,
assumptions regarding times (MTPD, RTO), procedures and work
instructions specified in the business continuity plan,
Gaps and weaknesses within the plan are identified at this stage. The
idea is very simple: it is highly desirable to find the gaps and
shortcomings during an exercise rather than to discover them during a
real crisis situation. BCMS arrangements have to be practiced and, as a
consequence, will be reviewed and kept up to date. A company that
does not have records to show that its BCMS arrangements have been
tested and are ready to be implemented cannot assure it has a reliable
BCMS.
MAINTENANCE PROCESS
Once the business continuity arrangements have been tested, the role of
the maintenance stage becomes critical. Frequent internal and external
changes are common occurrences for business. Most of these changes
can potentially invalidate the business continuity plan unless it is
continually adjusted and modified to reflect these changes.
The main objective of this stage is to ensure that the BCMS always
remains current, complete, accurate and in a ready–state for execution.
Monitor changes
Step one of the plan´s change management process represents the task
of constant monitoring of changes in the organization to identify
potential impacts of the plan. As presented in figure four changes to the
organization can occur at multiple levels in the main categories of
process, people and resources.
• The hot site vendor has recently upgraded its mainframe system
to accommodate additional customers. This has resulted in
certain configuration changes.
step two: review compiled changes, test results and audit results
The main purpose of this step is to review information that can
potentially affect the business continuity arrangements’ accuracy and
validity, and cause the organization to issue BCMS change requests.
There are three main sources of input to this step. The first source of
input is the compiled changes from step one; the second source is the
result of business continuity arrangements exercises or testing; and the
third source is the results of any business continuity plan audits. A
change manager, responsible for coordinating the processing of change
requests with business continuity teams, reviews the information from
these three sources in order to determine if it affects the plan. After this
review, one or more change requests are issued corresponding to the
information affecting the plan.
Thank You
Dr. Naseem Twaissi