A Business Continuity Management (BCM) Policy should define your Organizations strategy in relation to maintaining what is considered the Key Processes of a robust business continuity program.
The BCM Policy will confirm the organizations commitment to define and document all of the procedures and processes that must be implemented, maintained and tested in order to achieve the levels of resilience and recover-ability required by the business.
The BCM Policy should enable your organization to:
* Prevent or reduce the likelihood of unscheduled disruptions to the business functions and critical services by the consideration of prudent levels of protection and redundancy for its business processes; and
* Provide the information, procedures and processes required to achieve the recovery of key business functions to alternate premises within the required timeframes.
The BCM Policy scope should always include coverage for all the business functions and units of your organization.
Key Policy Attributes:
The following policy attributes should be specifically mandated:
* The Business Continuity Management Structure is to manage the program on an ongoing basis. This structure is to include a Sponsor from within Senior Management, a Business Continuity Manager, and a Crisis Management Team that consists of members of the Senior Management.
* Business Impact Analyses (BIA's) are to be conducted on all business units. These analyses will determine the level of continuity planning that is required by each unit, as well as define the period of time after which outages of business process become unacceptable. The BIA will provide the cost / impact justification necessary to support the implementation of the various continuity strategies.
* Potential Areas of Risk are to be Identified as a component of their continuity programs. Potential risk points are to be assessed for either mitigation or acceptance. Acceptance of risk points will occur at the Senior Management level. The mitigation or elimination of potential risk points will be cost justified by the potential impact of the failure of the particular risk point.
* Strategies are to be Developed which reflect the requirements identified in the BIA's. Strategies are to be reviewed on an on-going basis to ensure that they continue to remain effective taking into consideration changing business requirements.
* Continuity Plans are to be developed, documented and maintained to ensure that strategies can be readily actioned. The plans are to enable the resumption of critical business processes at alternate locations within the time periods specified in the BIA process.
* Education and Training is to be provided to all staff on the overall response to a disaster incident. The education should be performed regularly so that all staff are reminded of what will happen and what will be expected of them in a disaster or crisis situation. All new staff should be exposed to the education as part of their induction program
* Ongoing Testing of Continuity Capability will be carried out in order to prove its overall fitness for purpose as defined by the BIA process, as well as to identify errors and issues with existing plans, documentation, and procedures.
* The Recovery and Continuity Capability is to be maintained in a constant state of readiness so as to provide the best possible means of recovering from a catastrophic incident affecting any of business locations.
About the Author:
Jake Whistlle is part of the Customer Services team at Disaster Recovery Services Pty Ltd (DRS). DRS is a certified Business Continuity Services provider. DRS offer a a large variety of tools and contingency management related templates to enable any organization develop and maintain a professional business continuity program.
Article Source: http://EzineArticles.com/?expert=Jake_Whistle
The BCM Policy will confirm the organizations commitment to define and document all of the procedures and processes that must be implemented, maintained and tested in order to achieve the levels of resilience and recover-ability required by the business.
The BCM Policy should enable your organization to:
* Prevent or reduce the likelihood of unscheduled disruptions to the business functions and critical services by the consideration of prudent levels of protection and redundancy for its business processes; and
* Provide the information, procedures and processes required to achieve the recovery of key business functions to alternate premises within the required timeframes.
The BCM Policy scope should always include coverage for all the business functions and units of your organization.
Key Policy Attributes:
The following policy attributes should be specifically mandated:
* The Business Continuity Management Structure is to manage the program on an ongoing basis. This structure is to include a Sponsor from within Senior Management, a Business Continuity Manager, and a Crisis Management Team that consists of members of the Senior Management.
* Business Impact Analyses (BIA's) are to be conducted on all business units. These analyses will determine the level of continuity planning that is required by each unit, as well as define the period of time after which outages of business process become unacceptable. The BIA will provide the cost / impact justification necessary to support the implementation of the various continuity strategies.
* Potential Areas of Risk are to be Identified as a component of their continuity programs. Potential risk points are to be assessed for either mitigation or acceptance. Acceptance of risk points will occur at the Senior Management level. The mitigation or elimination of potential risk points will be cost justified by the potential impact of the failure of the particular risk point.
* Strategies are to be Developed which reflect the requirements identified in the BIA's. Strategies are to be reviewed on an on-going basis to ensure that they continue to remain effective taking into consideration changing business requirements.
* Continuity Plans are to be developed, documented and maintained to ensure that strategies can be readily actioned. The plans are to enable the resumption of critical business processes at alternate locations within the time periods specified in the BIA process.
* Education and Training is to be provided to all staff on the overall response to a disaster incident. The education should be performed regularly so that all staff are reminded of what will happen and what will be expected of them in a disaster or crisis situation. All new staff should be exposed to the education as part of their induction program
* Ongoing Testing of Continuity Capability will be carried out in order to prove its overall fitness for purpose as defined by the BIA process, as well as to identify errors and issues with existing plans, documentation, and procedures.
* The Recovery and Continuity Capability is to be maintained in a constant state of readiness so as to provide the best possible means of recovering from a catastrophic incident affecting any of business locations.
About the Author:
Jake Whistlle is part of the Customer Services team at Disaster Recovery Services Pty Ltd (DRS). DRS is a certified Business Continuity Services provider. DRS offer a a large variety of tools and contingency management related templates to enable any organization develop and maintain a professional business continuity program.
Article Source: http://EzineArticles.com/?expert=Jake_Whistle
No comments:
Post a Comment