|
Great
business continuity management goes beyond the writing of a
business
continuity plan or disaster recovery plan. It is the proactive approach whereby an organisation provides the
critical resources to ensure that the critical business objectives continue to be met irrespective of the
type, or severity of a disruption to normal operations.
The key benefits of strong business continuity management and a disaster
recovery program include:
-
Detailed understanding of what your business absolutely must achieve (the
critical objectives).
-
An understanding of what interruptions may be faced in trying to achieve
these critical objectives.
-
Able to predict the probable outcome of controls and other mitigation
strategies.
-
Procedures the business can follow to achieve the critical objectives
should interruptions take place.
-
Understanding the criteria or triggers for implementing crisis and
disaster recovery procedures.
-
All staff are aware of their roles and responsibilities when a major
disruption occurs.
-
A clear understanding throughout the organisation of what accountabilities
and responsibilities are in place when business continuity and disaster recovery response are in
effect.
-
Consensus and commitment to the requirements, implementation and
deployment of disaster recovery measures.
Commencement
When you first get started with your business continuity project, the key
questions that you need to ask yourself are:
Determine the need:
To be successful you must start well! You'll need to clearly state your
scope, objectives and desired outcomes of your project.
Suggested activities:
-
Utilize the critical business objectives identified in business
strategies, business plans, and performance management tools
-
Consider geographical locations, functional units, client groups,
essential plant/assets that may require continuity coverage.
-
Agree on a budget! Also consider any time constraints and
deadlines.
-
Consider if you'll develop your continuity plan in-house,
use an expensive expert consultant, or use a cost effective template (See
Disaster Recovery and Business Continuity Plan Template)
Business Impact Analysis
A good business impact analysis will allow you to determine what the maximum
amount of time can elapse without critical resources.
The questions that you'll be asking yourself and the key stakeholders will
include:
-
What are our critical business resources?
-
What continuity procedures are in place at the moment?
-
What are the 'likely' scenarios that would effect our
business ability to operate?
Above you'll notice that likely is listed in quotes. This is to highlight
the importance of keeping it real. Risk level is subjective by nature, however by keeping your continuity
planning efforts focused on scenarios that are feasible will strengthen your project.
Impacts from a disruption can be categorised as either
quantitative or qualitative. Quantitative impacts are losses that
are identified in quantities, percentages, or factors of standard that can be described in monetary
terms.
Qualitative impact instances are intangible losses that can
impact operationally, but cannot easily be quantified in monetary terms. Some examples of potential impacts
in the event of a disaster are as follows:
|
QUANTITATIVE IMPACTS
|
QUALITATIVE IMPACTS
|
|
-Opportunity cost
-Loss of clients
-Penalties & fines
-Increased operating costs
-Reduced capital value
-Loss due to physical damage
-Loss due to injuries
-Revenue and income
-Increase in expenses during recovery efforts
-Market Share
|
-Reduced operational efficiency
-Reputation
-Staff morale and well being
-Loss of management control
-Inter-departmental relationships
-Legal, contractual or regulatory liabilities
-Intellectual property, knowledge and data
-Comment and regulatory attention
-External relationships
-Client satisfaction
|
The table below is an example of the impact to a businesses operations over
varying durations. The table allows for normal times, when operations are at stable levels, and also
critical times when business activities may be increased - this may be due to a number of factors however a
good generic example is end of financial month/year processing.
The legend is located below the table. Illustrating the impact in this
manner helps stakeholders agree on an appropriate recovery time objective.
|
Outage Time
|
Normal Times
|
Critical Times
|
|
1 hour
|
0
|
0
|
|
½ day
|
1
|
2
|
|
1 day
|
2
|
3
|
|
2 days
|
3
|
4
|
|
3 - 4 days
|
4
|
5
|
|
5 - 8 days
|
5
|
5
|
|
9 - 14 days
|
5
|
5
|
|
15 - 30 days
|
5
|
5
|
|
0 - 60 days
|
5
|
5
|
|
Over 60 days
|
5
|
5
|
0 = No
Interruption
1 =
Minor Interruption - problem easily handled
2 = Moderate Interruption - business activity
continues
3 = Major
Interruption - business activity continues but with some difficulty
4 = Severe Interruption - continuation of business
activity extremely difficult
5 =
Complete Interruption - business activity ceases.
In the example above, it is safe to assume that a 2 to 3 day
recovery time objective would be appropriate.
Next Process - Risk Analysis
|
dark.jpg)
