In recent years the adoption by organisations of sound corporate governance processes to meet requirements laid down by the Combined Code, Sarbanes Oxley and Basel II has dictated the need to implement business continuity management. Even for those organisations which do not need to comply with such directives and legislation, there is a moral and ethical imperative to ensure that staff welfare is safeguarded and the future of the business is secured should the unthinkable happen in today’s uncertain world.
Definition of Business Continuity Management
According to the Business Continuity Institute (BCI UK):
Business Continuity Management is “an holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities”
Business Continuity Objective
The overall business continuity aim of an organisation is to maintain production and operations in a safe and environmentally responsible manner, where feasible.
The general objectives of the Plan are to ensure that in the event of an incident or crisis situation:
The Plan will address the following planning priorities:
It is the policy of an organisation to: –
Business Impact Analysis
Critical business processes have been identified and required resources determined to keep these processes running effectively. This analysis will be maintained over time to take account of the changing business.
An assessment of the threats which could prevent key offices being utilised has been conducted and appropriate, cost justified controls have been put in place to manage those threats should they occur and to reduce the likelihood of them happening in the first place.
Business Continuity Strategy & Plans
Operations can continue to be supported in the event of a complete loss of a single office, contents and infrastructure through utilizing a combination of unaffected offices and data centres together with business recovery site seating secured under a contract agreement.
Formal emergency response and business continuity plans exist to allow incidents to be managed effectively and for return to business as usual status in the optimum time. This includes a technical plan for recovering IT systems, telephones and data communications. Plans are tested at least annually and reviewed at least quarterly to provide confidence that they would work in practice should they need to be used in earnest.
Emergency Response and Crisis Management Teams are in place, comprising a mix of key individuals and managers from across the business, to oversee the appropriate response to any adverse situation, supported by a clear and fast escalation process to ensure that incidents are assessed quickly and dealt with correctly.