The day-to-day operations of most businesses depend on a series of routine procedures and systems. Business Continuity Management (BCM) is a process that enables an organization to minimize the disruption to a business in the event that one or more critical procedures or systems are temporarily interrupted as a result of a natural disaster, an accident, or sabotage.
The definition of "critical process" varies from one business to another depending on the extent to which procedures and systems are relied upon to achieve the client's business objectives. However, the reliance usually includes information systems, voice and data communications, and the primary activities of key business functions or departments (departments directly involved in the business of the company). The business continuity planning process helps management identify critical functions and systems and develop a cost-effective approach to ensuring business continuity when a critical resource or service is interrupted.
Our approach
The Blue Lab Consulting approach to assisting our clients with Business Continuity assignments has always been to ensure we have a broad and detailed understanding of the environment in which the organization operates its critical business functions. Our approach enables our consultants, together with key client staff, to obtain the necessary information required for a comprehensive overview of the critical factors relevant to the organization for BCM consideration.
The approach outlined here is a guide to performing BCM engagements. Each organization has a different environment and differing expectations about our work. To provide the most responsive service to our clients, we will work with them to modify the general nature of the methodology so the resulting engagement is responsive to the client specific environment and objectives. In this way, we can provide value to our clients by applying the methodology supported by our experience and knowledge of organizations and industries. The aim of our methodology is to be as flexible as possible.
While no organization's business continuity or recovery procedures will be able to cater for every disaster circumstance (scenarios), the Blue Lab Consulting approach to Business Continuity Management provides a structured and comprehensive framework. This framework focuses on identifying the critical threats and risks that exist within the IT and business environment that need to be mitigated within the overall Business Continuity or Crisis Management Procedures. It is important to define the critical Business Continuity Management Plans / Procedures that clients typically use in the event of a disaster situation:
- Crisis Management Plans (CMP) – designed to facilitate an organization's initial response to a disaster / emergency situation and focuses on mitigating the potential impact of damage to both human life and the organizations assets. This plan facilitates the activation of the other respective BCM procedures and includes other sub-plans such as the Communications Strategy and Emergency Procedures in coordination with the respective Emergency Services.
- Business Continuity Plans (BCP) – facilitate the continuity of critical business processes through alternate means and locations, depending on the severity of a disaster, to ensure that the core drivers of the business are able to continue operation at minimum required levels. These plans are typically designed after the conduct of the Threat and Risk Assessment and Business Impact Assessments as the results for these phases enable the incorporation of critical timeframes an organization must resume operations (Maximum Tolerable Outages), business process interdependencies, resource dependencies, regulatory requirements and other specific risks that could otherwise impact the ability of the organization to continue the operation of its business processes.
- IT Disaster Recovery Plans (IT DRP) – IT systems typically enable and support the operation of critical business processes. The ability of an organization to continue operations in the medium to longer term depend on the ability of an organization to recover its IT systems and infrastructure in a timely manner. These timeframe are determined by the business stakeholders in terms of MTO's, which are based on the ability of an organization to extend its ability to continue business operations through the use of BCP's. Depending on the complexity of the organization's IT systems, including business process interdependencies, the organization may need to adopt one or more IT DRP Strategies that allow for the most efficient recovery of its operations across a number of alternative locations.
|