Business Continuity Management

Business Continuity Management

Business Continuity Management is an holistic

management process that identifies potential

impacts that threaten an organisation and provides a

framework for building resilience and the capability

for an effective response that safeguards the

interests of its key stakeholders, reputation, brand

and value creating activities.

“I am often asked what single piece of advice I can

recommend that would be most helpful to the business

community. My answer is a simple, but effective,

business continuity plan that is regularly reviewed and

tested” Eliza Manningham-Buller, Director-General

MI5.(UK)

Layout of the Guidelines

The Good Practice Guidelines (2007) and this

pocket guide follow the Business Continuity

Management Life described in BS 25999-1.

Though this model demonstrates how the stages fit

together intellectually, in practice the experienced

practitioner will not necessarily follow this

progression strictly. However progress should

always be measured against the whole life cycle and

across the whole organisation.

1. BCM Policy and Programme

Management

The BCM Policy of an organisation provides the

framework around which the BCM capability is

designed and built. It is a documented statement by

the organisation’s executive of the level of

importance that it places on BCM. Its describes the

scope of the programme and assigns

responsibilities.

An effective BCM programme will involve the

participation of various managerial, operational,

administrative and technical disciplines that need to

be co-ordinated throughout its life cycle using

procedures such as those outlined in these

Guidelines and within the framework contained in

the organisation’s BCM Policy document.

Though Business Continuity Management is

primarily a planning activity, it is inevitable that the

BC team will be expected be ready to respond and

ready to provide a lead during incident response.

2. Understanding the organisation

To be able to develop an appropriate Business

Continuity Management programme you must first

understand your organisation and the urgency with

which activities and processes need to be resumed if

they are disrupted.

These questions need to be asked:

• What are the objectives of the organisation?

• How are the business objectives achieved?

• What are the products/services of the

organisation?

• Who is involved (both internally and externally)

in the delivery of products/services ?

• What are the time imperatives on their

delivery?

2.1 Business Impact Analysis

The Business Impact Analysis is the foundation on

which the whole BCM process is built. It identifies,

quantifies and qualifies the business impacts of a

loss, interruption or disruption of business processes

so that management can determine at what point in

time these become intolerable (after an interruption).

This is called the ‘Maximum Tolerable Period of

Disruption’ (MTPD). It therefore provides the data

from which appropriate continuity strategies can be

determined.

2.2 Risk Assessment

In the context of BCM, a Risk Assessment looks at

the probability and impact of a variety of specific

threats that could cause a business interruption.

Risk Assessment activity should be focussed on the

most urgent business functions identified during the

BIA process.

3. Determining BC Strategies

This section is about determining and

...