Continuity Compliance

A Guide to Business Continuity Management, Planning, and Disaster Recovery Citing Sample Template, Software and Solution For Business Continuity Plans

Business Continuity Is More Than Just Picking Up The Pieces

The spate of devastating earthquakes in several parts of the world, the increasing incidence of flooding in the Midwest and in many corners of the globe, and the unusual weather conditions and phenomena that threaten lives, infrastructure, properties, resources, and businesses remind business owners and managers of the importance of having a certain strategy to ensure that the business can get back on its feet after going through a disaster. How do you think can corporate organizations in Japan recover various data critical to their business after being shaken by a massive earthquake and washed off by tsunami? When a fire razes your office, are your business documents and other resources safe and intact to allow continuation of operations? What did organizations in Chicago, Illinois do when the flu pandemic threatened their businesses? How should a Toyota car dealer cope with the impact of massive recall? What contingency does a bank have to ensure the continuance of its services in the event of a major terroristic act? Any unpredictable crisis can grip and put an end to companies, making the process of business continuity planning an essential practice for any business entity.

The Definition of Business Continuity Planning

Business continuity planning or BCP is the process of formulating a detailed blueprint of how an organization can remain in business following a disaster, such as the ones mentioned above and any incidents which threaten to interrupt the business causing losses or its closure, including happenings that affect things upon which the business relies on. Examples of these are loss of a crucial network of infrastructure; loss of source of supply, or in the event of theft or vandalism. The definitio of the program includes proactively identifying the vulnerability of a company to internal and external risks, and integrating hard and soft assets to provide effective solutions to help prevent or recover from an unfortunate event. All these are done while staying competitive and cohesive. With this nature, BCP encompasses risk management and is considered as an inexpensive insurance any company can obtain against unwanted interruptions. Although many companies have taken this planning seriously, even composing their respective business continuity statement, but not all companies have taken the steps to formulate this important plan.

Differentiating Business Continuity, Disaster Recovery

Do not confuse business continuity vs. disaster recovery. Disaste recovery is just the getting back on one’s feet part, and is only the reactive half of the business continuity equation. In comparison, business continuity plan embraces both this reactive approach and a proactive strategy that is formulated to identify, avoid or minimize risks, retain some level of service while resuscitating the business back to normal operations. For example, part of a company’s BCP to mitigate risks in the IT department and the various data it takes care of must be preventive measures, such as using a safe programming language (PL) to protect it from cyber attacks, or through virtualizatio. A business continuit plan is often formulated for implementation in the entire organization, rather than per business unit (BU) or department.

Should You Get A Certification for Your Organization's Business Continuity Management System?

The British Standards Institution is the standard certifying body in the UK. Its current counterpart in the US is the National Fire Protection Association. Getting your company certified with the Business Continuity Management standard, BS 25999, shows your clientele, suppliers, personnel and investors that you abide by the best practices highly respected by the industry, hence giving you a competitive advantage. The certificati is proof that your BCM system has sailed through a strict objective evaluation.

Do not rush your business to be certified. You may need to polish up your system before it can pass the assessment. Consider referring to or using BSI's BCM tools available online to help evaluate your BCM plan and policy, and document and report compliance so that you gain confidence in applying for certification. The BSI site also includes a checklist tool that you can use to appraise the capacity of your business to deal with interruptions, giving you a score once you finish answering questions regarding your company's practices.

There are many more sources of information on business continuity. You can find a good white paper on the topic, courses, conferences and training programs online. One example is the Business Continuity Institute’s BCI Endorsed Training. You can also check out the schedules of business continuity conferences through the BSI website. One concluded conference was held in Korea last December 2010.

Who Formulates and Implements Business Continuity Plans?

The challenging task of formulating and implementing a business continuity plan opens up an avenue of jobs and a career path for people in a related profession. A good candidate for the position of business continuity manager or planner could either be a consultant or a permanent employee of the organization. This key person can be a home grown employee who has been in a consulting role for some years already, with a broad view of the company’s processes and possesses the analytical skill to identify critical aspects of the business, the aptitude to orchestrate the whole framework, and the ability to broker the plan to the various departments. Given the assortment of certifications and training for continuing education, it would be worth grooming someone from within the company to be a trailblazer in this career path, provided that the company has the wherewithal to train the employee and could find a mentor to guide him through the course and the methodology.

The company can also hire someone whose education is already in line with this specific field, as there are already courses offered for this profession, such as Boston University's (BU) Master of Science in Management, Specialization in Business Continuity, Security and Risk Management. Another option would be to outsource the job to a business continuity planner or consultant who can provide the specialized service on a consultancy basis. With the wide acceptance of business continuity planning among businesses, you can find numerous consultants and planners already specializing in this field.

Things To Consider When Formulating a Business Continuity Plan

Scope of the Plan. The first thing to do in creating this plan is to work out its breadth, which can be done by evaluating the very essential facets of the organization that must be shielded from any cataclysms.

Impact of Events. Gauge the impact of various unwanted events that could possibly happen on the usual operation of the company.

Severity of Repercussions. Besides their impact, the organization must also identify and note down and prioritize preventive action for events that are more likely to happen and those that pose more serious repercussions.

Maximum Tolerable Downtime. The organization must be able to estimate the maximum length of time that the organization can endure before it gives in to irreversible termination of operation to be able to come up with a disaster recovery plan that will work within the maximum tolerable downtime.

Communication and Dissemination. Since it is sort of an emergency kit for an organization, the compiled information and strategies must be cascaded down to the different departments for them to acquire awarene, deliberate and fro them to provide helpful comments. Once these are finalized, copies of the report must be furnished to key personnel and some copies must be kept offsite, such as at home, in a data center or data server, safety deposit box and other secure places. It would also be good to put the plan to the test since periodic testing helps to gauge its relevance with the changing environment.

Some Forms of Business Continuity Solution

Since the scope of a business continuity plan encompasses all the processes of an organization, there can be many systems and forms of solutions that can be used in the plan to ensure its continuous operation. It could take care of either the hard assets, such as buildings, machinery and equipment, or soft assets, such as data and other information vital to the operations and continuance of the organization. A simple sample of a BC solution for hard assets is a fire insurance which may be considered as part of a disaster recovery plan as it entitles the organization compensation for the property lost in the fire. The organization may also opt to get business interruption insurance to cover for the loss or damage to the income of a business due to an interruption.

Although hard assets, such as buildings razed by fire can be reconstructed, soft assets like data lost to fire or flood may no longer be recovered. This threat can be addressed by virtualization and the use of offsite data centers where you can back up important data in a remote place. Zenith Infotech Ltd. and ICM are two examples of providers of IT infrastructure, data servers for backups and business continuity plans.

The Business Continuity Plan Template

Formulating a BCP is a daunting undertaking. It is a good thing there are tools available to help facilitate the task. This includes templates that the business continuity planner can conveniently fill up to note down the necessary details and information for business continuity and help define the program. There are business continuity templates that you can download or print for free.

The Business Continuity Software

Another tool to facilitate in the development of a business continuity plan is the business continuity software, which is somewhat similar to the template where you simply key in certain data that the tool asks for, but is computer-based. These tools hasten the creation of the BCP because planners will not have to start from scratch, but are already provided with a guiding framework.

Another tool helpful in the formulation of BCP is the disaster recovery toolkit, which is a collection of essential items and documents that helps ensure the continuance of an organization in the event of a grave disaste. It is usually dispatched either as RTF or PDF, and includes a contingency audit questionnaire, a dependency analysis documents with guide questions, a business impact analysis questionnaire, and a checklist of actions and framework for disaster recovery and business continuity planning. This tool is helpful in guiding you assess the total scope of business continuity and disaster planning. An example would be the Business Continuity Maturity Model.

A business continuity plan is an essential contingency measure for any organization against unforeseen crisis. A dedicated business continuity manager or planner must be tasked to formulate, test and periodically re-evaluate the plan so that when a disaster occurs, the organization can mitigate risks and can back on its feet, allowing to continue business as usual.