Home BCM Framework

This section is adapted from A Manager's Guide to SS540.

 

SS540 established a BCM framework to guide the processes used to identify, establish and maintain an appropriate plan to deal with the items in each of the BCM Issues.  
BCM Areas

This framework divides BCM into six broad areas:

Risk Analysis and Review
The potential threats and risks to an organization can be uncovered via a risk analysis and review of its internal operations and external operating environment.  Examples of risks due to internal operations include malfunction of critical manufacturing processes, failure of Information Technology (IT) systems and fire which destroys plant facilities.

Business Impact Analysis (BIA)
The potential impacts of risks actually occurring to an organization and affecting its ability to achieve its business operation and service can be obtained by conducting a business impact analysis.  The later would include, where possible, quantifying the loss impact from both a number of days of business disruption and a financial standpoint.

Strategy
Based on these potential loss impacts the organization would deliberate and select the appropriate strategy or strategies to safeguards its interests.  These strategies can be preventive or pre-emptive in nature.

BC Plan
From the selected strategies a detail business continuity plan (BC Plan) should be instituted in place to respond to risks which can occur and impact its business operation and service.  The BC Plan would specify and allocate the resources and thereby building up the capability of the organization to respond to risk occurrences.

Tests and Exercises
An established BC Plan should be subject to verification via Tests and exercises.  Tests and exercises expose probable errors and omissions in carrying out the established plan.  It examines if the resources committed are accessible, available and adequate for undertaking the recovery efficiently and effectively.  It checks if staff in the organization are familiar with recovery procedures.  Overall Tests and exercises validate if the BC Plan indeed meet its recovery objectives.

Program Management
Besides an established and thoroughly tested BC Plan the organization should demonstrate commitment in maintaining the currency of its plan through regular and systematic review of its risks and business impacts, realigning of its BCM strategies and revalidating of its BC Plan on a continuous basis.  BCM should become an integral part of the organization’s operations, audit, testing, quality assurance, change management and culture.  Ownership of BCM becomes embedded in individual business units where BCM risks reside.
 
BCM Components

BCM activities in each of the six areas identified above therefore can be further examined in terms of the following four BCM components:

Policies
Executive Management of the organization needs to stipulate policies to guide BCM efforts to be carried out by staff in the organization.  Policies underlie the process events and people involvement in BCM activities.

Processes
These processes are set of activities with defined outcomes, deliverables and evaluation criteria to attain BCM policies on an ongoing basis.  They include formal change control and documentation processes.  For example, changes to keep the BC Plan current should be controlled and documented in a formal manner.  In addition, BCM efforts go towards reducing the risks and their impacts on the operation processes in the organization.

People
Participation and the skill sets of participants in various BCM activities are crucial to the success of BCM in an organization.  For example, a steering committee comprising representatives from various business units and headed by a member of Executive Management should be established to oversee BCM efforts in the organization.  In addition, BCM efforts go towards reducing the risks and their impacts on staff in the organization.

Infrastructure
The organization should allocate resources to support critical business functions against risk events.  This invariably requires a good understanding and application of available technology and equipment, and physical facilities to respond to risk occurrences.
 
 
The BCM Framework

 

BCM Components

Policies

Processes

People

Infrastructure

BCM Area

Risk Analysis and Review

 

 

 

 

 

Business Impact Analysis

 

 

 

 

 

Strategy

 

 

 

 

 

BC plan

 

 

 

 

 

Tests and exercises

 

 

 

 

 

Programme Management

 

 

 

 

 

\
 


About The Author

Dr Goh Moh Heng, PhD, BCCE,DRCE
Member of the Technical Committee for SS540 Singapore Standard

Platinum Sponsors

Banner
Banner
Banner