Upload
cva-kumar
View
217
Download
0
Embed Size (px)
Citation preview
8/10/2019 Business continuityPlaning
1/5
Business continuity encompasses a loosely-defined set of planning, preparatory and related
activities which are intended to ensure that an organization's critical business functions will
either continue to operate despite serious incidents or disasters that might otherwise have
interrupted them, or will be recovered to an operational state within a reasonably short period. As
such, business continuity includes three key elements:
.Resilience: critical business functions and the supporting infrastructure are designed and
engineered in such a way that they are materially unaffected by most disruptions, for e!ample
through the use of redundancy and spare capacity"
2. Recovery: arrangements are made to recover or restore critical and less critical business
functions that fail for some reason.
#. Contingency: the organization establishes a generalized capability and readiness to cope
effectively with whatever ma$or incidents and disasters occur, including those that were not, and
perhaps could not, have been foreseen. %ontingency preparations constitute a last-resort response
if resilience and recovery arrangements should prove inade&uate in practice.
f there is no Business %ontinuity plan implemented and the organization in &uestion is facing a
rather severe threat or disruption that may lead to bankruptcy, the implementation and outcome,
if not too late, may strengthen the organization's survival and its continuity of business activities.
(he management of business continuity falls largely within the sphere of risk management, with
some cross-over into related fields such as governance, information security and compliance.
)isk is a core consideration since business continuity is primarily concerned with those business
functions, operations, supplies, systems, relationships etc. that are critically important to achieve
the organization's operational ob$ectives. Business mpact Analysis is the generally accepted risk
management term for the process of determining the relative importance or criticality of those
elements, and in turn drives the priorities, planning, preparations and other business continuity
management activities.
(he foundation of business continuity are the standards, program development, and supporting
policies" guidelines, and procedures needed to ensure a firm to continue without stoppage,
irrespective of the adverse circumstances or events. All system design, implementation, support,
and maintenance must be based on this foundation in order to have any hope of achievingbusiness continuity,disaster recovery,or in some cases, system support.
http://en.wikipedia.org/wiki/Disaster_recoveryhttp://en.wikipedia.org/wiki/Disaster_recoveryhttp://en.wikipedia.org/wiki/Disaster_recoveryhttp://en.wikipedia.org/wiki/Disaster_recovery8/10/2019 Business continuityPlaning
2/5
Model Approach:
Business %ontinuity *anagement can be a comple! process. (his has been recognised by the
Business %ontinuity nstitute who have established a + - point model for developing effective
business continuity management strategies:
Project Initiation and Management
(o establish the need for a business continuity plan B%, including obtaining
management support and organizing and managing the pro$ect to completion, withinagreed time and budget limits.
8/10/2019 Business continuityPlaning
3/5
RiskEvaluation and Control
(o determine the events and environmental surroundings that can adversely affect theorganization and its facilities with disruption as well as disaster, the damage such events
can cause, and the controls needed to prevent or minimize the effects of potential loss.
rovide cost-benefit analysis to $ustify investment in controls to mitigate risk.
usiness Impact Analysis
(o identify the impacts resulting from disruptions and disaster scenarios that can effect
the organization and techni&ues that can be used to &uantify and &ualify such impacts./stablish critical functions, their recovery priorities, and inter-dependencies so that
recovery time ob$ectives can be set.
!eveloping usiness Continuity "trategies
(o determine and guide the selection of alternative business recovery operating strategiesfor recovery of business functions and ( within the recovery time ob$ectives, while
maintaining the organization0s critical functions.
Emergency Response and #perations
1evelop and implement procedures for responding to and stabilizing the situation
following an incident or event, including establishing and managing an /mergency2perations %entre, to be used as a command center during the emergency.
!eveloping and Implementing usiness Continuity Plans
(o design, develop and implement the B% that provides recovery within the recovery
time ob$ective.
A$areness and %raining Programs
(o prepare a program to create corporate awareness and enhance the skills re&uired todevelop, implement, maintain and e!ecute the B%.
Maintaining and E&ercising usiness Continuity Plans
(o pre-plan and co-ordinate plan e!ercises, and evaluate and document plan e!ercise
results. 1evelop processes to maintain the currency of continuity capabilities and the plandocument in accordance with the organization0s strategic direction. 3erify that the plan
will prove effective by comparison with a suitable standard, and report results in a clear
and concise manner.
Pu'lic Relations and Crisis Co(ordination
(o develop, co-ordinate, evaluate and e!ercise plans to handle the media during crisissituations. (o develop, co-ordinate, evaluate and e!ercise plans to communicate with and,as appropriate, provide trauma counseling for employees and their families, key
customers, critical suppliers, owners4stockholders and corporate management during
crisis. /nsure all stakeholders are kept informed on an as-needed basis.
Co(ordination $ith Pu'lic Authorities
(o establish applicable procedures and policies, for coordinating continuity and
8/10/2019 Business continuityPlaning
4/5
restoration activities with local authorities while ensuring compliance with applicable
statutes or regulations.
B%* is also a key topic when talking about the concept of organisational resilience,
where an organisation is able to effectively handle changes, challenges and stress. An
important element of B%* is developing effective Business %ontinuity lans B%s toenable organisations to continue key operations during and after a disruption. B%* can
include the following elements:
5prevention and mitigation
5crisis4incident management
5emergency planning and management
5business continuity planning.
6hat are the benefits of a Business %ontinuity *anagement program7
1eveloping and maintaining business continuity plans are re&uirements for governmentagencies. Beyond compliance, effective B%* can:
5 *inimize legal liability : 2rganizations are e!pected to act reasonably in the
event of disasters. )eviews, in&uiries and in&uests can shine the spotlight onorganizations which do not manage disasters effectively and can result in significant
damage to the organization and persons involved.
5 rotect or enhance reputation oor responses to crises and emergencies can
destroy or impair reputations. 2n the other hand, an organization that respondseffectively can improve its reputation.
5 8elp achieve the organization0s ob$ectives and goals.A &uick return to operations
and services can ensure goals are reached and compliance is upheld.
5 %ontributes to organizational resilience
(he B%* process and framework can help embed a strong risk-aware and continuous-improvement culture. t can give the organization the fle!ibility to adapt to adverse
circumstances. 9ome characteristics of resilience might include: - preparing and training
staff for minor and ma$or business disruptions - enhancing coordination and governanceduring a disruption - reducing the cost of operating during a disruption, freeing up
resources to focus on opportunities - protecting public value through the continuation of
key services.
8/10/2019 Business continuityPlaning
5/5
)hat is usiness Continuity Planning *CP+,
A proactive process that identifies and prioritizes the critical
functions and the likely threats to those functions. rom this information, plans and
procedures are developed through a regular program of personnel training, plan testing,and maintenance. (hese management disciplines, processes, and techni&ues provide
business continuity for critical business functions under the circumstances and limits set
by senior management.
(hese circumstances and limits include:
1efining worst-case scenarios used for business continuity planning.
Approving the funding and staffing of the company's B% rogram.
)hy "hould $e do usiness Continuity Planning *CP+,
ts done:t is the right thing to do for our patients, staff, and communities
t ensures compliance with our ever increasing regulatory re&uirements
t enhances our ability to avoid:
o nterruptions to patient care delivery
o inancial losses
o )egulatory fines
o 1amage to e&uipment
Phases o- Continuity Planning:
s