In order to implement and continually improve a healthy Business Continuity Management Program, the following program attributes and processes are essential:
Structure & Policy
All organizations should maintain a management structure that has clear and documented roles and responsibilities. The structure should support the development of a program that is aligned to the organizations Business Continuity Management Policy.
A common structure includes a Sponsor, a Business Continuity Manager, and a Crisis Management Team that consists of members of the organizations Senior Management.
Business Impact Analysis (BIA's)
BIA's should be conducted on all of the organizations business units or areas. This analysis will determine the level of planning that is required for each identified critical function, as well as define the maximum period of time the organization can tolerate the critical function not being performed. The BIA will provide the cost / impact justification necessary to support the implementation of the various continuity strategies.
Threat and Risk Assessment
The organization should undergo formal risk assessments of both Physical and Operational Risks on an on-going basis. Once identified, potential risk points are to be assessed for either mitigation or acceptance. Acceptance of risk points should occur at the Senior Executive level.
Continuity Strategies
Strategies should be developed which reflect the requirements identified in the BIA's. Strategies are to be reviewed on an on-going basis to ensure that they continue to remain effective in light of changing business requirements.
Business Continuity Plans
Plans are to be developed, documented and maintained to ensure that business continuity strategies can be readily actioned. The plans are to enable the resumption of critical business functions at an alternate location(s) within agreed time periods.
Testing & Exercising, Maintenance and Audit
Ongoing testing of the contingency capability should be carried out in order to prove its overall fitness for purpose as defined by the BIA process, as well as to identify errors and issues with existing plans, documentation, and procedures. It is generally accepted that a BCP should be tested at least annually.
Activate and Execution
The recovery capability is to be maintained in a constant state of readiness so as to provide the best possible means of recovering from a catastrophic incident affecting any of the organizations locations.
Structure & Policy
All organizations should maintain a management structure that has clear and documented roles and responsibilities. The structure should support the development of a program that is aligned to the organizations Business Continuity Management Policy.
A common structure includes a Sponsor, a Business Continuity Manager, and a Crisis Management Team that consists of members of the organizations Senior Management.
Business Impact Analysis (BIA's)
BIA's should be conducted on all of the organizations business units or areas. This analysis will determine the level of planning that is required for each identified critical function, as well as define the maximum period of time the organization can tolerate the critical function not being performed. The BIA will provide the cost / impact justification necessary to support the implementation of the various continuity strategies.
Threat and Risk Assessment
The organization should undergo formal risk assessments of both Physical and Operational Risks on an on-going basis. Once identified, potential risk points are to be assessed for either mitigation or acceptance. Acceptance of risk points should occur at the Senior Executive level.
Continuity Strategies
Strategies should be developed which reflect the requirements identified in the BIA's. Strategies are to be reviewed on an on-going basis to ensure that they continue to remain effective in light of changing business requirements.
Business Continuity Plans
Plans are to be developed, documented and maintained to ensure that business continuity strategies can be readily actioned. The plans are to enable the resumption of critical business functions at an alternate location(s) within agreed time periods.
Testing & Exercising, Maintenance and Audit
Ongoing testing of the contingency capability should be carried out in order to prove its overall fitness for purpose as defined by the BIA process, as well as to identify errors and issues with existing plans, documentation, and procedures. It is generally accepted that a BCP should be tested at least annually.Activate and Execution
The recovery capability is to be maintained in a constant state of readiness so as to provide the best possible means of recovering from a catastrophic incident affecting any of the organizations locations.
No comments:
Post a Comment