advertisement
Business Continuity Management
With constant changes in the Business Landscape, it has become a necessity to manage the inherent risks that come with…
With constant changes in the Business Landscape, it has become a necessity to manage the inherent risks that come with a business’ existence to ensure continued running.
Every Business by the very nature of its existence in the environment makes it prone to disruptions (Natural or Man-Made) which if not treated could lead to a disaster. In this case, in order for a business to ensure continued operation under these unplanned outages or disruptions, there is need to establish a Business Continuity Management (BCM) programme.
Besides the obvious recovery of the ICT systems, critical business processes also need to be recovered and continued in order to service the company’s customer base. In an ideal situation, an alternate recovery site, fully equipped recovery sitting facility, essential staff and services can be moved at minimum notice. The recovery site is pre-configured with all the necessary IT infrastructure, network and voice connectivity, office furniture and other amenities needed to operate a production environment at short notice.
advertisement
BCM was and in some instances still remains the domain of the ICT department whose responsibility to recover any failure or technical breakdown – is often known as Disaster Recovery.
When Business Continuity becomes part of a business’ daily operations
As businesses progress and learn from the mistakes of the past, BCM is now understood to be a more holistic process that includes the critical business processes, primarily those that rely on the underlying technology to support it and not visa-versa.
advertisement
Business operations and day to day functional continuity needs to be managed because a company’s risk profile keeps changing, as do its business processes and staff – all of these factors need to be assessed regularly, the necessary mitigation measures put in place, exercised and tested. Within the organisation, managers need to be able to identify critical staff, processes, systems and what their impact on the business would be in the event of a loss.
The BCM lifecycle
Business Continuity lifecycles are not only about business impact assessments and risk assessments, but also about plans, documents, infrastructure, systems and processes.
advertisement
There are 6 stages in the BCM lifecycle and they can be described as follows:
Policy and Programme Management – this focuses on BCM governance, policy and the encompassing BCM programme.
Analysis – Business Impact Analysis and Risk Assessments to understand the organization’s priorities, impacts of non-delivery and its environment.
Design – Determining BCM recovery strategies which include ICT Disaster Recovery strategies and strategies that include all the resources needed to recover the business.
Implementation – Developing ICT Disaster Recovery plan, Business Continuity Plans, Emergency Response Plans; Crisis Management Plan.
Validation – Testing conducted for implemented plans and maintenance structures.
Embedding BCM – Initiatives and documentation in place to support BCM training and awareness activities aimed at organisational BCM awareness.
A Business Impact and Continuity Requirement Analysis helps you establish which components of business are critical for the survival of the company. This serves as the foundation on which the whole BCM process is built. It identifies, quantifies and qualifies the business impacts of a loss, interruption or disruption of business activities on an organization and provides the data from which appropriate continuity strategies can be determined.
The Business Impact Analysis (BIA) documents the impacts over time that would result from a business interruption, identifying both the urgency of product and service delivery and the activities which enable that delivery to allow mitigation measures on the most urgent activities within an organisation.
The BCM lifecycle methodology is represented in the diagram (Extracted from the GPG2013)
The Cloud as a key driver of BCM
Whilst considering the resumption of normal business operations and access to systems, it is essential that all of the critical applications are accessible and no matter what happens, if you can’t run the front ends to get to the data, it further beats the purpose of a BCM plan in the first place.
Increasingly, as businesses continue to adopt cloud-based technologies as a way of service provision as and when needed whilst it is also deliverable within specific pre-defined operational parameters, the cloud avails a platform to host and operate all the elements of BCM.
For instance, in geographically segmented disasters the cloud offers access to services and applications without geographic limitations and with most businesses migrating their operations to the cloud, this makes BCM adaptable into the day to day daily operations, strategies and policies of any organisation. Other benefits conferred by a cloud-based BCM include the elimination of Capex (conversion of Capex to Opex) and the fact that cloud can be scaled without disruptions; the ability of a cloud based BCM to be scaled up further without interfering with normal business operations to accommodate new risks to the business.
Overall, the operational and investment costs required by any business to build, manage and scale up BCMs are easily eliminated owing to the fact that Cloud is an easily outsourced service.
Conclusively, it is only timely that businesses start viewing the BCM process as not just an ICT related function but a business critical operation that must be embedded and adopted by all functions of the business. In order for organisations to achieve Continuity, there is a need to put in place a systematic process to prevent, predict and manage disruption and incidents which have the potential to disrupt the entire business.
(The writer, Joel Gachanja, is the CTO at AccessKenya).