During the last 3 years the economies and companies operate in a crisis environment. Many observers even predict that our society is in some stage of the total collapse of the capitalistic system. This article won’t provide a solution for the global issues, but it describes how to establish a solid Business continuity framework that will navigate your organization in case of emergency. What elements and tools are vital for the solid and successful Business Continuity plan and how we can help organizations that have never had the resources or expertise to create one or perhaps it's out of date and you're not sure it contains the right information
Element 1: Set up a solid BCM Programme Management structure
Programme management is at the centre of the BCM process and it establishes the approach to business continuity. The participation of top management is of key importance to ensuring that the BCM process is correctly introduced, adequately supported and established as part of the company’s culture. Programme management includes three steps:
- Assigning Roles and Responsibilities (Governance)
Business unit management is ultimately responsible for the continuity of the business under adverse circumstances and accountable to ensure appropriate processes are implemented in the business unit.
Business unit management must appoint a person with appropriate seniority and authority to be accountable for BCM policy and implementation.
Business unit management must appoint a team to implement and maintain a BCM programme.
- Implementing Business Continuity in the organisation by communication of the BCM programme to stakeholders, arrangement of appropriate training for staff and exercising of the business continuity capability
- On-going Management activities must ensure that business continuity is embedded in the organisation. Each component and process of the business unit’s capability must be regularly reviewed, tested and updated.
Element 2: Understand your organization
The aim of this phase is to establish an understanding of the business through the identification of its key products, services, critical activities and resources that support them. The key activities during this phase are: Business Continuity Risk Assessment; Business Impact Analysis and determination of continuity requirements.
Element 3: Determine BCM Strategy
As a result of the previous analysis, the business unit will be able to choose the appropriate continuity strategies to enable it to meet its recovery objectives.
The following items must be included as part of the strategy:
- Staff
- Premises (alternative working arrangements)
- Technology
- Information
- Suppliers
- Stakeholders
You have to answer the following questions per critical process: how likely is it that a critical asset or process will fail and what are the consequences.
Element 4: Develop and implement a BCM Response
This phase of the lifecycle is concerned with the development and implementation of appropriate plans and arrangements to ensure continuity of critical and other activities and the management of an incident. An Event/Incident/Crisis (E/I/C) response structure and plan must be documented and in place to enable an effective response and recovery from disruption. Such response plans include Business Continuity Plans, Technology Recovery Plans and Crisis Management Plans
Element 5: Test, Maintain, Audit and Review BCM Arrangements
This phase ensures that the BCM arrangements are validated, that documentation is a reflection of the current business environment and that the plans are up to date. Key activities are:
- Testing and exercising Business Continuity Plans including Call Trees and Crisis Management Plans
- Maintenance of Business Continuity Plans (and all BCM documentation match current business requirements)
- Review of, and adherence to BCM Policies & Standards
Element 6: Embed BCM in your organisation.
This phase focuses on the need for business continuity to become part of the regular management effort, regardless of the size or type of Business Unit. Development of a BCM culture is supported by:
- Leadership from management at all levels;
- Assignment of BCM responsibilities;
- BCM Awareness raising;
- BCM Skills training;
- Exercising Business Continuity Plans and Crisis Management Plans;
- Ensuring that Business Continuity requirements are included in strategic and investment decision-making.
Effective Business Continuity Management strives to:
- Protect staff and shareholder interests
- Continue operations/services and minimise impact of disruption
- Adhere to Legal and Regulatory requirements
- Maintain company’s reputation
- Embed BCM in business activities
This is achieved through:
- Identification and analysis of business continuity risks
- Assessing the impact of the disruption of business critical processes
- Formulating a BCM Strategy for the recovery of operations
- Timely and effective crisis management
________________________________________________________________________________
We in the GlobalRisk Community have just literally scratched the surface of what you can achieve. We analyzed dozens of best practices, policies and procedures of both leading financial institutuions and corporates and we created the GRC Business Continuity toolkit.
GRC Business Continuity Tool Box empowers you to plan for any crisis.
Included in the tool kit:
* A Business Impact Analysis questionnaire. 11 pages
* BCP template. 20 pages
* BCRA questionnaire. 6 pages
* BIA for corporates. 4 pages
* BIA procedures. 8 pages
* BC Risk analysis template. 2 pages
* Crisis management plan. 10 pages
* Sample vulnerabilities chart. A complete scoring methodology
* Technology recovery assessment. 5 pages
* Technology recovery plan. 13 pages
* BC glossary. 13 pages
Zero Risk - 100% Satisfaction Guarantee!
You have absolutely nothing to lose because this package comes with a full Money Back Guarantee.
If you don't like what you get and if you're not 100% satisfied, you can get every penny back. You've got a full 30-days to decide.
But this offer is limited, so CLICK the link below to get to the offer page.
GRC Business continuity toolkit
Meets compliance requirements SOX, ITIL, FFIEC, BS25999, ISO 17799/27001 and more
In case of any questions please contact me directly at borisagranovich@globalriskconsult.com.
Many of our members have already bought the tool kit and we encourage them to share their feedback and recommendations on how to improve the tool kit further.
Replies
Boris Agranovich said:
Stephen, this is a very good remark.
I think that the businesses first have to be able to restore some normality of operations. The analysis of the reasons of the disaster is indeed very important but comes only second. A disaster can stop a business in its tracks if it does not have a recovery plan in place. However, some companies especially SMEs are often forced to compromise business continuity and disaster recovery as they struggle with risng cost of businesses and shortage of human resources.
You will never know when you will need them, but just like insurance, having Business Continuity Plan in place is one of you safest bet against a business disruption and crises. A recent example, the Japan earthquake has attested to how activation of the Business Continuity Plan became a vital factor in minimising losses in crises.
Business Continuity Plan accounts for losses be it in terms of financial and non-financial, thus, its best interest is to protect its' organizations' people, processes and infrastructure in order for a continuity in its business operations.
The GRC Business Continuity toolkit does not mean that you just have to copy and paste it to all companies and industries. In most cases you have to review and adjust it according to your circumstances.
It also meets Compliance Requirements (SOX, ITIL, FFIEC, BS25999, ISO 17799/27001 and more)Erin, BCM acronym means Business continuity management
Business Continuity Management. As defined by the Business Continuity Institute www.thebci.org .
erin o'connell said:
While standard practice and procedural reviews like BCM do this, they may not be appropriate dependent on the size and needs of the company. Customized solutions are almost always more effecient and more effective, as long as an appropriate level of rigour to the review process is applied.
In short there is no magic pill for disaster..or growth...but there are proven practices and needed procedural reviews that will always need to be implemented at a company, especially one that has had a disaster.