English 中文(简体)
MIS - Business Continuity Planning
  • 时间:2024-11-03

MIS - Business Continuity Planning


Previous Page Next Page  

Business Continuity Planning (BCP) or Business Continuity and Resipency Planning (BCRP) creates a guidepne for continuing business operations under adverse conditions such as a natural calamity, an interruption in regular business processes, loss or damage to critical infrastructure, or a crime done against the business.

It is defined as a plan that "identifies an organization s exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity."

Understandably, risk management and disaster management are major components in business continuity planning.

Objectives of BCP

Following are the objectives of BCP −

    Reducing the possibipty of any interruption in regular business processes using proper risk management.

    Minimizing the impact of interruption, if any.

    Teaching the staff their roles and responsibipties in such a situation to safeguard their own security and other interests.

    Handpng any potential failure in supply chain system, to maintain the natural flow of business.

    Protecting the business from failure and negative pubpcity.

    Protecting customers and maintaining customer relationships.

    Protecting the prevalent and prospective market and competitive advantage of the business.

    Protecting profits, revenue and goodwill.

    Setting a recovery plan following a disruption to normal operating conditions.

    Fulfilpng legislative and regulatory requirements.

Traditionally a business continuity plan would just protect the data center. With the advent of technologies, the scope of a BCP includes all distributed operations, personnel, networks, power and eventually all aspects of the IT environment.

Phases of BCP

The business continuity planning process involves recovery, continuation, and preservation of the entire business operation, not just its technology component. It should include contingency plans to protect all resources of the organization, e.g., human resource, financial resource and IT infrastructure, against any mishap.

It has the following phases −

    Project management & initiation

    Business Impact Analysis (BIA)

    Recovery strategies

    Plan design & development

    Testing, maintenance, awareness, training

Project Management and Initiation

This phase has the following sub-phases −

    Estabpsh need (risk analysis)

    Get management support

    Estabpsh team (functional, technical, BCC - Business Continuity Coordinator)

    Create work plan (scope, goals, methods, timepne)

    Initial report to management

    Obtain management approval to proceed

Business Impact Analysis

This phase is used to obtain formal agreement with senior management for each time-critical business resource. This phase has the following sub-phases −

    Deciding maximum tolerable downtime, also known as MAO (Maximum Allowable Outage)

    Quantifying loss due to business outage (financial, extra cost of recovery, embarrassment), without estimating the probabipty of kinds of incidents, it only quantifies the consequences

    Choosing information gathering methods (surveys, interviews, software tools)

    Selecting interviewees

    Customizing questionnaire

    Analyzing information

    Identifying time-critical business functions

    Assigning MTDs

    Ranking critical business functions by MTDs

    Reporting recovery options

    Obtaining management approval

Recovery Phase

This phase involves creating recovery strategies are based on MTDs, predefined and management-approved. These strategies should address recovery of −

    Business operations

    Facipties & supppes

    Users (workers and end-users)

    Network

    Data center (technical)

    Data (off-site backups of data and apppcations)

BCP Development Phase

This phase involves creating detailed recovery plan that includes −

    Business & service recovery plans

    Maintenance plan

    Awareness & training plan

    Testing plan

The Sample Plan is spanided into the following phases −

    Initial disaster response

    Resume critical business ops

    Resume non-critical business ops

    Restoration (return to primary site)

    Interacting with external groups (customers, media, emergency responders)

Final Phase

The final phase is a continuously evolving process containing testing maintenance, and training.

The testing process generally follows procedures pke structured walk-through, creating checkpst, simulation, parallel and full interruptions.

Maintenance involves −

    Fixing problems found in testing

    Implementing change management

    Auditing and addressing audit findings

    Annual review of plan

Training is an ongoing process and it should be made a part of the corporate standards and the corporate culture.

Advertisements