Disasters can take many forms; some are natural and some man-made. They may be accidental or deliberate acts. Regardless of the cause, the impact is an interruption to business operations. As the statistics demonstrate, few organisations that are inadequately prepared for such an event survive.
|
Every business is vulnerable, yet the very word ‘disaster’ probably encourages many organisations to procrastinate. But the fact is, disasters happen all the time. So, consider for a moment that the unthinkable has happened. How would your organisation cope with a disaster? How long could your business tolerate a loss of output, loss of revenue and increased costs?
From the moment an ‘incident’ occurs, your business can lose customers and suppliers, resulting in lost revenues and profits. But the impact to your business can be minimised by implementing a Business Continuity Plan (BCP). A well-constructed BCP addresses all aspects of business operations, including People, Processes and Technology. It provides a framework for the continuation of your business in adverse operational conditions.
A BCP Framework
1. Risk Assessment and Control
Assess the events and environmental conditions that could adversely affect your business and its facilities; determine the damage such events could cause and what controls are needed to minimise potential losses. Such controls need to be analysed in terms of cost/benefit to the business. 2. Business Impact Analysis Undertake a detailed assessment of the business impact of disruption on all areas of the business. Identify critical business functions, the recovery priorities and the interdependencies between functions. Use this information to determine the Maximum Acceptable Outage (MAO) period for the business. 3. Business Continuity Strategy Development Establish the appropriate strategies for recovery of the business and information systems to achieve the required recovery timeframe whilst maintaining business critical functions. 4. BCP Development and Implementation Design and implement operational procedures for reacting to an incident and stabilising the situation. Establish the conditions for activating the plans and identify an appropriate ‘Operations Centre’ for managing and co-ordinating efforts during an emergency situation. 5. Training Develop a training program to increase awareness and skills to maintain and implement the BCP. 6. BCP Testing Plan and execute exercises to evaluate the effectiveness of the BCP. Integrate with a review process to feedback learning and refine the processes. Testing is vital as an untested plan may be worse than no plan at all. BCP and ISO17799 Business Continuity Planning also forms one of the ten key sections of the ISO17799 security standard which was based on the original BS7799 standard. As a result of undertaking a risk assessment and business impact analysis as part of preparing a BCP, many organisations take steps to improve business security to minimise the risks of a business interruption. The ISO security standard provides comprehensive coverage of the security issues for organisations. Compliance with this standard is the ultimate goal of security conscious businesses. Implementing a practical plan Make no mistake about it—developing and implementing a BCP is a substantial undertaking and requires the full commitment and support of the senior management team. The BCP framework outlined here is a useful starting point. But unfortunately developing an effective BCP is not as simple as collating information into a predefined format. Every business is different. Each has its own operational structure and risk tolerance. The challenge is to develop a BCP that forms a practical solution for your business and integrates seamlessly with your operational practice—not a cumbersome document that sits on a shelf gathering dust. As you read this you may be nodding in agreement or thinking ‘yes we really should do something about this when we get a chance’. But what is the risk of a business crisis occurring before you have had a ‘chance’ to develop a Business Continuity Plan? Can your business afford to wait? Umer Ayub is a Senior Consultant with Mason Communications and has extensive experience of developing Business Continuity Plans for European businesses.
Subscribers 0
Fans 0
Followers 0
Followers