|
This section is adapted from A Manager's Guide to SS540. SS540 established a BCM framework to guide the processes used to identify, establish and maintain an appropriate plan to deal with the items in each of the BCM Issues.
|
|
This framework divides BCM into 7 broad areas: Project Management
The project to establish the BC Plan for the organization needs the approval from Executive Management at the onset and ongoing support thereafter till completion. Foremost Executive Management needs to be convinced of the importance and need for business continuity. The reader may noticed that this phase is not part of the standard. The reason will be explained later as the standard assumed that the BC plan is written and hence the project management phase is completed. Risk Analysis and Review
The potential threats and risks to an organization can be uncovered via a risk analysis and review of its internal operations and external operating environment. Examples of risks due to internal operations include malfunction of critical manufacturing processes, failure of Information Technology (IT) systems and fire which destroys plant facilities. Business Impact Analysis (BIA)
The potential impacts of risks actually occurring to an organization and affecting its ability to achieve its business operation and service can be obtained by conducting a business impact analysis. The later would include, where possible, quantifying the loss impact from both a number of days of business disruption and a financial standpoint.
Recovery Strategy Selection
Based on these potential loss impacts the organization would deliberate and select the appropriate strategy or strategies to safeguards its interests. These strategies can be preventive or pre-emptive in nature. Business Continuity Plan
From the selected strategies a detail business continuity plan (BC Plan) should be instituted in place to respond to risks which can occur and impact its business operation and service. The BC Plan would specify and allocate the resources and thereby building up the capability of the organization to respond to risk occurrences.
Tests and Exercises
An established BC Plan should be subject to verification via Tests and exercises. Tests and exercises expose probable errors and omissions in carrying out the established plan. It examines if the resources committed are accessible, available and adequate for undertaking the recovery efficiently and effectively. It checks if staff in the organization are familiar with recovery procedures. Overall Tests and exercises validate if the BC Plan indeed meet its recovery objectives. Program Management
Besides an established and thoroughly tested BC Plan the organization should demonstrate commitment in maintaining the currency of its plan through regular and systematic review of its risks and business impacts, realigning of its BCM strategies and revalidating of its BC Plan on a continuous basis. BCM should become an integral part of the organization’s operations, audit, testing, quality assurance, change management and culture. Ownership of BCM becomes embedded in individual business units where BCM risks reside. |
|
|
BCM activities in each of the 7 areas identified above therefore can be further examined in terms of the following 4 BCM components: Policies
Executive Management of the organization needs to stipulate policies to guide BCM efforts to be carried out by staff in the organization. Policies underlie the process events and people involvement in BCM activities.
Processes
These processes are set of activities with defined outcomes, deliverables and evaluation criteria to attain BCM policies on an ongoing basis. They include formal change control and documentation processes. For example, changes to keep the BC Plan current should be controlled and documented in a formal manner. In addition, BCM efforts go towards reducing the risks and their impacts on the operation processes in the organization. People
Participation and the skill sets of participants in various BCM activities are crucial to the success of BCM in an organization. For example, a steering committee comprising representatives from various business units and headed by a member of Executive Management should be established to oversee BCM efforts in the organization. In addition, BCM efforts go towards reducing the risks and their impacts on staff in the organization. Infrastructure
The organization should allocate resources to support critical business functions against risk events. This invariably requires a good understanding and application of available technology and equipment, and physical facilities to respond to risk occurrences.
|
| | BCM Components | | Policies | Processes | People | Infrastructure | | BCM Area | Project Management | | | | | | | Risk Analysis and Review | | | | | | | Business Impact Analysis | | | | | | | Strategy | | | | | | | Business continuity plan | | | | | | | Tests and exercises | | | | | | | Programme Management | | | | | | |
|
|
|
|
|
BCM Framework
