Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html.

Business Continuity

Information security - Business continuity
Business continuity is the mechanism by which an organization continues to operate its critical business units, during planned or unplanned disruptions that affect normal business operations, by invoking planned and managed procedures.

Not only is business continuity simply about the business, but it also an IT system and process. Today disasters or disruptions to business are a reality. Whether the disaster is natural or man-made, it affects normal life and so business. Therefore, planning is important.

The planning is merely getting better prepared to face it, knowing fully well that the best plans may fail. Planning helps to reduce cost of recovery, operational overheads and most importantly sail through some smaller ones effortlessly.

For businesses to create effective plans they need to focus upon the following key questions. Most of these are common knowledge, and anyone can do a BCP.

Should a disaster strike, what are the first few things that I should do? Should I call people to find if they are OK or call up the bank to figure out my money is safe? This is Emergency Response. Emergency Response services help take the first hit when the disaster strikes and if the disaster is serious enough the Emergency Response teams need to quickly get a Crisis Management team in place.

What parts of my business should I recover first? The one that brings me most money or the one where I spend the most, or the one that will ensure I shall be able to get sustained future growth? The identified sections are the critical business units. There is no magic bullet here, no one answer satisfies all. Businesses need to find answers that meet business requirements.

How soon should I target to recover my critical business units? In BCP technical jargon, this is called Recovery Time Objective, or RTO. This objective will define what costs the business will need to spend to recover from a disruption. For example, it is cheaper to recover a business in 1 day than in 1 hour.

What all do I need to recover the business? IT, machinery, records...food, water, people...So many aspects to dwell upon. The cost factor becomes clearer now...Business leaders need to drive business continuity. Hold on. My IT manager spent $ last month and created a DRP (Disaster Recovery Plan), whatever happened to that? a DRP is about continuing an IT system, and is one of the sections of a comprehensive Business Continuity Plan. Look below for more on this.

And where do I recover my business from... Will the business center give me space to work, or would it be flooded by many people queuing up for the same reasons that I am.

But once I do recover from the disaster and work in reduced production capacity since my main operational sites are unavailable, how long can this go on. How long can I do without my original sites, systems, people? this defines the amount of business resilience a business may have.

Now that I know how to recover my business. How do I make sure my plan works? Most BCP pundits would recommend testing the plan at least once a year, reviewing it for adequacy and rewriting or updating the plans either annually or when businesses change.

Cloud computing security - Business continuity and data recovery
Cloud providers have business continuity and data recovery plans in place to ensure that service can be maintained in case of a disaster or an emergency and that any data loss will be recovered. These plans are shared with and reviewed by their customers.

Risk management - Risk management and business continuity
Risk management is simply a practice of systematically selecting cost-effective approaches for minimising the effect of threat realization to the organization. All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks.

Risk management - Risk management and business continuity
Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to deal with the consequences of realised residual risks

Business continuity planning

A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime

Any event that could impact operations is included, such as supply chain interruption, loss of or damage to critical infrastructure (major machinery or computing/network resource). As such, risk management must be incorporated as part of BCP.

In 2007, the BSI published BS "Specification for Business Continuity Management", which specifies requirements for implementing, operating and improving a documented business continuity management system (BCMS).

BS :2007 business continuity management is the British Standard for business continuity management across all organizations

This document was superseded in November 2012 by the British standard BS ISO22301:2012. (British Standards Institution, 2012)

In 2004, following crises in the preceding years, the UK government passed the Civil Contingencies Act 2004 (The Act). This provides the legislation for civil protection in the UK.

The Act was separated into two distinct parts: Part 1 focuses on local arrangements for civil protection, establishing a statutory framework of roles and responsibilities for local responders. Part 2 focused on emergency powers, establishing a modern framework for the use of special legislative measures that might be necessary to deal with the effects of the most serious emergencies.

The Act is telling responders and planners that businesses need to have continuity planning measures in place in order to survive and continue to thrive whilst working towards keeping the incident as minimal as possible. (Cabinet Office, 2004)

Business continuity planning - Business impact analysis (BIA)
A Business impact analysis (BIA) differentiates critical (urgent) and non-critical (non-urgent) organization functions/activities. Critical functions are those whose disruption is regarded as unacceptable. Perceptions of acceptability are affected by the cost of recovery solutions. A function may also be considered critical if dictated by law. For each critical (in scope) function, two values are then assigned:

Recovery Time Objective (RTO) – the acceptable amount of time to restore the function

The recovery point objective must ensure that the maximum tolerable data loss for each activity is not exceeded. The Recovery Time Objective must ensure that the Maximum Tolerable Period of Disruption (MTPoD) for each activity is not exceeded.

Next, the impact analysis results in the recovery requirements for each critical function. Recovery requirements consist of the following information:

The business requirements for recovery of the critical function, and/or

The technical requirements for recovery of the critical function

Business continuity planning - Threat and risk analysis (TRA)
After defining recovery requirements, each potential threat may require unique recovery steps. Common threats include:

The impact of an epidemic can be regarded as purely human, and may be alleviated with technical and business solutions. However, if people behind these plans are affected by the disease, then the process can stumble.

During the 2002–2003 SARS outbreak, some organizations grouped staff into separate teams, and rotated the teams between primary and secondary work sites, with a rotation frequency equal to the incubation period of the disease. The organizations also banned face-to-face intergroup contact during business and non-business hours. The split increased resiliency against the threat of quarantine measures if one person in a team was exposed to the disease.

Business continuity planning - Impact scenarios
After defining threats, impact scenarios form the basis of the business recovery plan. In general, planning for the most wide-reaching impact is preferable. A typical impact scenario such as "building loss" encompasses most critical business functions. A BCP may document scenarios for each building. More localized impact scenarios – for example loss of a specific floor in a building – may also be documented.

Business continuity planning - Recovery requirement
After the analysis phase, business and technical recovery requirements precede the solutions phase. Asset inventories allow for quick identification of deployable resources. For an office-based, IT-intensive business, the plan requirements may cover desks, human resources, applications, data, manual workarounds, computers and peripherals.

Business continuity planning - Recovery requirement
Other business environments, such as production, distribution, warehousing etc. will need to cover these elements, but likely have additional issues.

Business continuity planning - Solution design
The solution design phase identifies the most cost-effective disaster recovery solution that meets two main requirements from the impact analysis stage. For IT purposes, this is commonly expressed as the minimum application and data requirements and the time in which the minimum application and application data must be available.

Outside the IT domain, preservation of hard copy information, such as contracts, skilled staff or restoration of embedded technology in a process plant must be considered. This phase overlaps with disaster recovery planning methodology. The solution phase determines:

telecommunication architecture between primary and secondary work sites

applications and data required at the secondary work site, and

physical data requirements at the secondary work site.

Business continuity planning - Implementation
The implementation phase involves policy changes, material acquisitions, staffing and testing.

Business continuity planning - Testing and organizational acceptance
The purpose of testing is to achieve organizational acceptance that the solution satisfies the recovery requirements. Plans may fail to meet expectations due to insufficient or inaccurate recovery requirements, solution design flaws or solution implementation errors. Testing may include:

Crisis command team call-out testing

At minimum, testing is conducted on a biannual schedule.

The 2008 book Exercising for Excellence, published by The British Standards Institution identified three types of exercises that can be employed when testing business continuity plans.

Business continuity planning - Tabletop exercises
Tabletop exercises typically involve a small number of people and concentrates on a specific aspect of a BCP. They can easily accommodate complete teams from a specific area of a business.

Another form involves a single representative from each of several teams. Typically, participants work through simple scenario and then discuss specific aspects of the plan. For example, a fire is discovered out of working hours.

The exercise consumes only a few hours and is often split into two or three sessions, each concentrating on a different theme.

Business continuity planning - Medium exercises
A medium exercise is conducted within a "Virtual World" and brings together several departments, teams or disciplines

Business continuity planning - Medium exercises
A medium exercise typically lasts a few hours, though they can extend over several days. They typically involve a "Scenario Cell" that adds pre-scripted "surprises" throughout the exercise.

Business continuity planning - Complex exercises
A complex exercise aims to have as few boundaries as possible. It incorporates all the aspects of a medium exercise. The exercise remains within a virtual world, but maximum realism is essential. This might include no-notice activation, actual evacuation and actual invocation of a disaster recovery site.

Business continuity planning - Complex exercises
While start and stop times are pre-agreed, the actual duration might be unknown if events are allowed to run their course.

Business continuity planning - Maintenance
Biannual or annual maintenance cycle maintenance of a BCP manual is broken down into three periodic activities.

Confirmation of information in the manual, roll out to staff for awareness and specific training for critical individuals.

Testing and verification of technical solutions established for recovery operations.

Testing and verification of organization recovery procedures.

Issues found during the testing phase often must be reintroduced to the analysis phase.

Business continuity planning - Information/targets
The BCP manual must evolve with the organization. Activating the call tree verifies the notification plan's efficiency as well as contact data accuracy. Types of changes that should be identified and updated in the manual include:

Organization structure changes

Communication and transportation infrastructure such as roads and bridges

Business continuity planning - Technical
Specialized technical resources must be maintained. Checks include:

Business continuity planning - Technical
Application security and service patch distribution

Business continuity planning - Testing and verification of recovery procedures
As work processes change, previous recovery procedures may no longer be suitable. Checks include:

Are all work processes for critical functions documented?
Business continuity planning - Testing and verification of recovery procedures Are all work processes for critical functions documented?

Have the systems used for critical functions changed?
Business continuity planning - Testing and verification of recovery procedures Have the systems used for critical functions changed?

Are the documented work checklists meaningful and accurate?
Business continuity planning - Testing and verification of recovery procedures Are the documented work checklists meaningful and accurate?

Business continuity planning - Testing and verification of recovery procedures
Do the documented work process recovery tasks and supporting disaster recovery infrastructure allow staff to recover within the predetermined recovery time objective?

Business continuity planning - Notes
Jump up ^ Elliot, D.; Swartz, E.; Herbane, B. (1999) Just waiting for the next big bang: business continuity planning in the UK finance sector. Journal of Applied Management Studies, Vol. 8, No, pp. 43–60. Here: p. 48.

Jump up ^ Intrieri, Charles (10 September 2013). "Business Continuity Planning". Flevy. Retrieved 29 September 2013.

Jump up ^ British Standards Institution (2006). Business continuity management-Part 1: Code of practice :London

Jump up ^ British Standards Institution (2012). Societal security – Business continuity management Systems – Requirements: London

Jump up ^ Cabinet Office. (2004). overview of the Act. In: Civil Contingencies Secretariat Civil Contingencies Act 2004: a short. London: Civil Contingencies Secretariat

Business continuity planning - Bibliography
Business Continuity Planning, FEMA, Retrieved: June 16, 2012

Continuity of Operations Planning (no date). U.S. Department of Homeland Security. Retrieved July 26, 2006.

Purpose of Standard Checklist Criteria For Business Recovery (no date). Federal Emergency Management Agency. Retrieved July 26, 2006.

NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs — PDF (2010). National Fire Protection Association.

United States General Accounting Office Y2k BCP Guide (August 1998). United States Government Accountability Office.

Business continuity planning - International Organization for Standardization
ISO/IEC 27001:2005 (formerly BS :2002) Information Security Management System

ISO/IEC 27002:2005 (renumerated ISO17999:2005) Information Security Management – Code of Practice

ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity

ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management

ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services

ISO 22301:2012 Societal security - Business continuity management systems - Requirements

ISO 22313:2012 Societal security - Business continuity management systems - Guidance

Business continuity planning - British Standards Institution
BS :2006 Business Continuity Management Part 1: Code of practice

Business continuity planning - Others
"A Guide to Business Continuity Planning" by James C. Barnes

"Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L Fulmer

"Business Continuity Plan Design, 8 Steps for Getting Started Designing a Plan" By Richard Kepenach

"Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell

Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down.

Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32–34.

Exercising for Excellence (Delivering successful business continuity management exercises) by Crisis Solutions

Business continuity If there is no Business Continuity plan implemented and the organization in question is facing a rather severe threat or disruption -that may lead to bankruptcy, the implementation and outcome, if not too late, may strengthen the organization's survival and its continuity of business activities (Gittleman, 2013).

Business continuity It is also sometimes confused with Work Area Recovery (due to loss of the physical building which the business is conducted within); which is but a part of business continuity.

Business continuity The term Business Continuity describes a mentality or methodology of conducting day-to-day business, whereas business continuity planning is an activity of determining what that methodology should be. The business continuity plan may be thought of as the incarnation of a methodology that is followed by everyone in an organization on a daily basis to ensure normal operations.

Business continuity - Standards
This section provides references to a number of worldwide BC/BCM standards (content pulled from SDO’s website):

ISO - On 15 May 2012, ISO published the International Standard ISO 22301:2012, "Societal security -- Business continuity management systems --- Requirements". A second International Standard ISO 22313, "Societal security -- Business continuity management systems – Guidance", is in the Draft International Standard (DIS) phase and is expected to be published in late 2012 or early 2013.

In 2011, ISO published the International Standard ISO/IEC 27031:2011, Information security - Security techniques — Guidelines for information and communication technology [ICT] readiness for business continuity." This provides guidance for organization's implementing the ICT component of business continuity management. It also provides guidance in support of the business continuity elements of the information security standards, ISO/IEC and ISO/IEC 2002.

The second, “BS :2007 Specification for Business Continuity Management”, specifies requirements for implementing, operating and improving a documented business continuity management system (BCMS), describing only requirements that can be objectively and independently audited

North America – Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs.

North America - ASIS/BSI BCM.01:2010 published Dec 2010

ANSI/ASIS SPC Organizational Resilience: The ANSI/ASIS SPC Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use American National Standard is under consideration for inclusion in the DHS PS-Prep, a voluntary program designed to enhance national resilience in an all hazards environment by improving private sector preparedness.

Australia – Published by Standards Australia HB : A practitioners guide to business continuity management HB : Executive guide to business continuity management In 2010, Standards Australia introduced their Standard AS/NZS 5050 that connects far more closely with traditional risk management practices. This interpretation is designed to be used in conjunction with AS/NZS covering risk management.

Business continuity - Program
Ongoing management-level process to ensure that necessary steps are regularly taken to identify probable accidents, disasters, emergencies, and/or threats. It also involves (1) assessment of the probable effect of such events, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. See also business impact analysis

Business continuity - Policies
Policies are those things mandated by the management of an organization that will always be performed according to a preset design plan, and supporting all business functions within an organization.

Business continuity - BC/BCM plan
The components of the business continuity methodology required for manifestation into a documented plan include:

Business continuity - BC/BCM plan
Set of documents, instructions, and procedures which enable a business to respond to accidents, disasters, emergencies, and/or threats without any stoppage or hindrance in its key operations. Also called business resumption plan, disaster recovery plan, or recovery plan.

Business continuity - BC/BCM planning
Task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of a firm's key operations in the event of an accident, disaster, emergency, and/or threat. It involves (1) risk mitigation planning (reducing possibility of the occurrence of adverse events), and (2) business recovery planning (ensuring continued operation in the aftermath of a disaster).

Business continuity - Guidelines
Guidelines are those things which are recommended to be performed according to a preset design plan. However depending upon the needs and requirements of the target business function, these items may or may not be performed, or may be altered during implementation.

Business continuity - Procedures
British Standard and other standards identified above provide a specification for implementing a business continuity management system within an organization.

Business continuity - Business impact analysis (BIA)
The entire concept of business continuity is based on the identification of all business functions within an organization, and then assigning a level of importance to each business function. A business impact analysis is the primary tool for gathering this information and assigning criticality, recovery point objectives, and recovery time objectives, and is therefore part of the basic foundation of business continuity.

The BIA can be used to identify extent and timescale of the impact on different levels of an organization. For instance it can examine the effect of disruption on operational, functional and strategic activities of an organization. Not only the current activities but the effect of disruption on major business changes, introducing new product or services for example, can be determined by BIA.

Most standards require that a business impact analysis should be reviewed at defined intervals appropriate for each organization and whenever any of the following occur:

Significant changes in the internal business process, location or technology

Significant changes in the external business environment – such as market or regulatory change

Business continuity - Security management
In today's global business environment, security must be the top priority in managing Information Technology. For most organizations, security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. Failure to pass security audits can have financial and management changing impacts upon an organization.

Business continuity - Document management
In large information technology environments, personnel turnover is inevitable and must be planned as part of business continuity

Business continuity - Change management
Regulations require that changes to business functions be documented and tracked for auditing purposes and is designated as "change control". This brings a level of stability to the business functions by requiring the support personnel to document and coordinate proposed changes to the underlying systems. As this process becomes more and more automated, the emphasis will be less upon personnel control, and more upon regulatory compliance.

Business continuity - Audit management
One of the goals of business continuity is data center automation, which includes audit management

Business continuity - Audit management
Automation is often associated with the idea of centralized management - in area of data storage and data management. Solutions based on storage consolidation can ensure data safety, efficiency, high availability, reliability and convenience.

Business continuity - Service level agreements (SLA)
The interface between management and information technology is the Service level agreement (SLA). This provides a written contract stipulating the expectations of management with regard to the availability of a necessary business function, and the deliverables that information technology provides in support of that business function.

Business continuity - Communications systems
In order to avoid some of the potential problems associated with disrupted communication channels, the business continuity plan should include a lead manager who will be in charge of all communications in that area, the cooperation of executives and public relations people, and scheduled exercises to put the plan into practice.

Business continuity - Other components
Disaster recovery planning occurs as a subset of defining the business continuity procedures.

The following is a list of physical and logical entities within an information technology environment which require the application of a business continuity Methodology. Applying the methodology should include the definition of things such as policies, guidelines, standards, procedures, etc., for each item in the list:

Logical Volumes / Disk Partitions

Journaling Filesystems Log

Group names and GID numbers

Business continuity - Planning
Planning, prevention, and preparation are a key part of any business continuity management system and have direct read across from civil contingencies planning. The activity begins with understanding the business to identify potential risks and threats to critical business activities both internally and from the external environment. It is also advisable to examine the resilience of suppliers.

EC-Council - Disaster Recovery and Business Continuity
EC-Council Disaster Recovery Professional (EDRP)

Disaster recovery and business continuity auditing

Disaster recovery (DR) and business continuity refers to an organization’s ability to recover from a disaster and/or unexpected event and resume operations. Organizations often have a plan in place (usually referred to as a "Disaster Recovery Plan", or "Business Continuity Plan") that outlines how a recovery will be accomplished. The key to successful disaster recovery is to have a plan (emergency plan, disaster recovery plan, continuity plan) well before disaster ever strikes.

Given ever-changing business objectives, one common need in disaster recovery is to perform an audit of the disaster recovery capacity of an organization

Disaster recovery and business continuity auditing - Metrics
Some of the key metrics to be measured in a disaster recovery environment are the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is a metric that measures the time that it takes for a system to be completely up and running in the event of a disaster. RPO measures the ability to recover files by specifying a point in time restore of the backup copy.

Disaster recovery and business continuity auditing - Mission statement
A disaster recovery mission statement is used to identify the purpose and goals of the disaster recovery plan. The mission statement can also help an auditor obtain a better understanding of the organization’s environment. An auditor examined the mission statement to determine the objectives, priorities, and goals of the disaster recovery plan.

Disaster recovery and business continuity auditing - The DR committee and auditor
The organization appoints individuals responsible for designing and implementing the disaster recovery plan when needed

An auditor is assigned to examine and assess the project manager and deputy project manager’s training, experience, and abilities as well as to analyze the capabilities of the team members to complete assigned tasks and that more than one individual is trained and capable of doing a particular function. Tests and inquiries of personnel can help achieve this objective.

Organizations, particularly large organizations, ordinarily assign the task of determining, on an ongoing basis, if the procedures stated in the disaster recovery plan are actually consistent with real practice to a specific individual within the organization

Disaster recovery and business continuity auditing - Documentation
To maximize their effectiveness, disaster recovery plans are documented in written form and in a manner that is easily understood by those who will need to use it

Disaster recovery and business continuity auditing - Site designation
A hot/cold site is a location that an organization can move to after a disaster if the current facility is unusable

Disaster recovery and business continuity auditing - Site designation
The auditor can verify this through paper and paperless documentation and actual physical observation. Testing of the backups and procedures is also performed to confirm data integrity and effective processes. The security of the storage site is also confirmed.

Disaster recovery and business continuity auditing - Data backup
Data backups are central to any disaster recovery plan. An audit of backup processes determines if (a) they are effective, and (b) if they are actually being implemented by the involved personnel. Some techniques that are used to accomplish this include direct observation of the processes in question, analyzing and researching the backup equipment used, conducting computer-assisted audit techniques and tests, examining of paper and paperless records.

Disaster recovery and business continuity auditing - Data backup
The continual backing up of data and systems can help minimize the impact of threats. Even so, the disaster recovery plan also includes information on how best to recover any data that has not been copied. Controls and protections are put in place to ensure that data is not damaged, altered, or destroyed during this process. Information technology experts and procedures need to be identified that can accomplish this endeavor. Vendor manuals can also assist in determining how best to proceed.

Disaster recovery and business continuity auditing - Drills
Practice drills conducted periodically to determine how effective the plan is and to determine what changes may be necessary. The auditor’s primary concern here is verifying that these drills are being conducted properly and that problems uncovered during these drills are addressed and procedures designed to deal with these potential deficiencies are implemented and tested to determine their effectiveness.

Disaster recovery and business continuity auditing - Backup of key personnel
A disaster recovery plan includes clearly written policies and specific communication with employees to ensure that both regular and replacement personnel is selected, documented, and informed should a disaster occur

Disaster recovery and business continuity auditing - Insurance issues
The auditor determines the adequacy of the company's insurance coverage (particularly property and casualty insurance) through a review of the company's insurance policies and other research

Disaster recovery and business continuity auditing - Insurance issues
Effective DR plans take into account the extent of a company's responsibilities to other entities and its ability to fulfill those commitments despite a major disaster

Disaster recovery and business continuity auditing - Communication issues
Good disaster recovery planning ensures that both management and the recovery team have disaster recovery procedures which allow for effective communication

Disaster recovery and business continuity auditing - Emergency procedures
Procedures to sustain staff during a round-the clock disaster recovery effort are included in any good disaster recovery plan

Disaster recovery and business continuity auditing - Environmental issues
Disaster recovery plans may also involve procedures that take into account the possibility of power failures or other situations that are of a non-IT nature

TRAC (ISMS) - Business Continuity Program
The Business Continuity Program module provides a framework for conducting a Business Impact Analysis as well as creating a full Business Continuity Plan.

Resilience (organizational) - Business Continuity and Competitiveness
Many corporations are adopting resilience and business continuity initiatives and sharing best practices.[ Building A Resilient Nation: Enhancing Security, Ensuring a Strong Economy]

Resilience (organizational) - Business Continuity and Competitiveness
Many experts and leaders see resilience as a vital component to a comprehensive homeland security strategy.Katherine McIntire Peters

Crisis management - Business continuity planning
Business Management: Top tips for effective, real-world Business Continuity Management)

Each critical function and or/process must have its own contingency plan in the event that one of the functions/processes ceases or fails, then the business/organisation is more resilient, which in itself provides a mechanism to lessen the possibility of having to invoke recovery plans (Osborne, 2007)

A note of caution when planning training scenarios, all too often simulations can lack ingenuity, an appropriate level of realism and as a consequence potentially lose their training value

Following a simulation exercise, a thorough and systematic debriefing must be conducted as a key component of any crisis simulation. The purpose of this is to create a link and draw lessons from the reality of the simulated representation and the reality of the real world. (Borodzicz, 2005).

The whole process relating to business continuity planning should be periodically reviewed to identify any number of changes that may invalidate the current plan. (Osborne, 2007).

Facility management - Business continuity planning
All organisations should have in place a continuity plan so that in the event of a fire or major failure the business can recover quickly. In large organisations it may be that the staff move to another site that has been set up to model the existing operation. The facilities management department would be one of the key players should it be necessary to move the business to a recovery site.

Information risk management - Risk management and business continuity
Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to deal with the consequences of realised residual risks

Business continuity management
A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime

Business continuity management
In 2007, the BSI published BS Specification for Business Continuity Management, which specifies requirements for implementing, operating and improving a documented business continuity management system (BCMS).

Business continuity management - Business impact analysis (BIA)
* Recovery Time Objective (RTO) – the acceptable amount of time to restore the function

* The business requirements for recovery of the critical function, and/or

* The technical requirements for recovery of the critical function

Information security policies - Business continuity
# Should a disaster strike, what are the first few things that I should do? Should I call people to find if they are OK or call up the bank to figure out my money is safe? This is Emergency Response. Emergency Response services help take the first hit when the disaster strikes and if the disaster is serious enough the Emergency Response teams need to quickly get a Crisis Management team in place.

# What parts of my business should I recover first? The one that brings me most money or the one where I spend the most, or the one that will ensure I shall be able to get sustained future growth? The identified sections are the critical business units. There is no magic bullet here, no one answer satisfies all. Businesses need to find answers that meet business requirements.

# How soon should I target to recover my critical business units? In BCP technical jargon, this is called Recovery Time Objective, or Recovery time objective|RTO. This objective will define what costs the business will need to spend to recover from a disruption. For example, it is cheaper to recover a business in 1 day than in 1 hour.

# What all do I need to recover the business? IT, machinery, records...food, water, people...So many aspects to dwell upon. The cost factor becomes clearer now...Business leaders need to drive business continuity. Hold on. My IT manager spent $ last month and created a DRP (Disaster recovery|Disaster Recovery Plan), whatever happened to that? a DRP is about continuing an IT system, and is one of the sections of a comprehensive Business Continuity Plan. Look below for more on this.

# And where do I recover my business from... Will the business center give me space to work, or would it be flooded by many people queuing up for the same reasons that I am.

# But once I do recover from the disaster and work in reduced production capacity since my main operational sites are unavailable, how long can this go on. How long can I do without my original sites, systems, people? this defines the amount of business resilience a business may have.

# Now that I know how to recover my business. How do I make sure my plan works? Most BCP pundits would recommend testing the plan at least once a year, reviewing it for adequacy and rewriting or updating the plans either annually or when businesses change.

Disaster recovery plan - Relationship to the Business Continuity Plan
The Institute further states that a Business Continuity Plan (BCP) consists of the five component plans:[ The Disaster Recovery Plan.] Chad Bahan

* Business Resumption Plan

* Continuity of Operations Plan

The Institute states that the first three plans (Business Resumption, Occupant Emergency, and Continuity of Operations Plans) do not deal with the IT infrastructure

The Disaster Recovery Institute International states that disaster recovery is the area of business continuity that deals with technology recovery as opposed to the recovery of business operations.Disaster Recovery Institute International. Course BCLE Participant Guide: Professional Practice 6. Page

Certified Business Continuity Professional
'Certified Business Continuity Professional' ('CBCPDisaster Recovery Institute International. Certification CBCP. (accessed June 3, 2011).') is internationally recognized professional certification issued by the Disaster Recovery Institute for Business continuity planning|business continuity management. A certified expert must pass a detailed exam consisting of ten domains and prove his/hers experience in at least five domains for minimum two years.

Coordinated Incident Management System - Business Continuity / Crisis Management
In recent years, CIMS has also been recognised as best practice for implementing management structures for response and recovery

Facilities management - Business continuity planning
All organizations should have in place a continuity plan so that in the event of a fire or major failure the business can recover quickly. In large organizations it may be that the staff move to another site that has been set up to model the existing operation. The facilities management department would be one of the key players should it be necessary to move the business to a recovery site.

Emergency procedure - Business Continuity Planning
Business continuity planning may also feed off of the emergency procedures, enabling an organization to identify points of vulnerability and minimise the risk to the business by preparing backup plans and improving resilience. The act of producing the procedures may also highlight failings in current arrangements that if corrected, could reduce the risk levels.

For More Information, Visit:
The Art of Service

Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html.

Similar presentations

Presentation on theme: "Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html.

Similar presentations

Presentation on theme: "Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html."— Presentation transcript:

Similar presentations

About project

Feedback