Business Continuity Management
Posted 04 Mar, 2020
Author - Abidemi Owolabi
Business Continuity Management
Business continuity management is defined as the advanced planning and preparation of an organization to maintaining business functions or quickly resuming after a disaster has occurred. It also involves defining potential risks including fire, flood or cyber-attacks.
Business leaders plan to identify and address potential crises before they happen. Then testing those procedures to ensure that they work, and periodically reviewing the process to make sure that it is up to date.
Business Continuity Management Framework
Business Continuity Management Framework (BCM Framework) outlines the planning process of developing prior arrangements and procedures to enable organisations to respond to an event in such a manner that critical business functions can continue within planned levels of disruption.
1.       Policies and Strategies
Continuity management is about more than the reaction to a natural disaster or cyber-attack. It begins with the policies and procedures developed, tested, and used when an incident occurs.
The policy defines the program’s scope, key parties, and management structure. It needs to articulate why business continuity is necessary and Governance is critical in this phase.
Knowing who is responsible for the creation and modification of a business continuity plan checklist is one component. The other is identifying the team responsible for implementation. Governance provides clarity in what can be a chaotic time for all involved.
The scope is also crucial. It defines what business continuity means for the organization.
2.       Risk Assessment
Risk comes in many forms. A Business Impact Analysis and a Threat & Risk Assessment should be performed.
Threats can include bad actors, internal players, competitors, market conditions, political matters (both domestic and international), and natural occurrences. A key component of your plan is to create a risk assessment that identifies potential threats to the enterprise.
Risk assessment identifies the broad array of risks that could impact the enterprise.
·       Identifying potential threats is the first step and can be far-reaching. This includes:
·       The impact of personnel loss
·       Changes in consumer or customer preferences
·       Internal agility and ability to respond to security incidents with a plan
·       Financial volatility
Regulated companies need to factor in the risk of non-compliance, which can result in hefty financial penalties and fines, increased agency scrutiny and the loss of standing, certification, or credibility.
Validation and Testing
The risks and their impacts need to be continuously monitored, measured and tested. Once mitigation plans are in place, those also should be assessed to ensure they are working correctly and cohesively.
Incident Identification
With business continuity, defining what constitutes an incident is essential. Events should be clearly described in policy documents, as should who or what can trigger that an incident has occurred. These triggering actions should prompt the deployment of the business continuity plan as it is defined and bring the team into action.
Disaster Recovery
Difference between business continuity and disaster recovery is that the former is the overarching plans that guide operations and establish policy. Disaster recovery is what happens when an incident occurs.
Disaster recovery is the deployment of the teams and actions that are sprung. It is the net results of the work done to identify risks and remediate them. Disaster recovery is about specific incident responses, as opposed to broader planning.
Role of Communication & Managing Business Continuity
Communication is an essential component of managing business continuity. Crisis communication is one component, ensuring that there are transparent processes for communicating with customers, consumers, employees, senior-level staff, and stakeholders. Consistent communication strategies are essential during and after an incident. Messaging must be consistent, accurate, and coming from a unified corporate voice.
Crisis management involves many layers of communication, including the creation of tools to indicate progress, critical needs, and issues. The types of communication may vary across constituencies but should be based on the same sources of information.
Resilience and Reputation Management
The risks of not having a business continuity plan are significant. The absence of preparing means the company is ill-prepared to address pressing issues.
These risks can leave a company flat-footed and can lead to other significant problems, including:
·       Downtime for cloud-based servers, systems, and applications. Even minutes of downtime can result in the loss of substantial revenue.
·       Credibility loss to reputation and brand identity. Widespread, consistent, or frequent downtime can erode confidence with customers and consumers. Customer retention can plummet.
·       Regulatory compliance can be at risk in industries such as financial services, healthcare, and energy. If systems and data are not operational and accessible, the consequences are severe.
Share this post
teapotNG is an online trading platform of Teaplant Nigeria Limited. RC 1411634