HOW TO PREPARE A BUSINES CONTINUITY MANAGEMENT PROGRAM?
The previous articles have mentioned the need for a business continuity management program and the components of a typical business continuity plan. This article looks at how to prepare your organization for emergencies and the steps that are needed to be taken to prepare for contingencies.
For starters, the business continuity program that your company wishes to put in place must be detailed and exhaustive covering all aspects of the contingency planning.
The key point to note is that attention to detail is paramount because when emergency strikes, the little things make all the difference. For instance, if your backup site does not have adequate power to provide for smooth operation, the whole purpose of the business continuity program is lost. This is just one example of how the finer aspects of the business continuity program make all the difference between success and failure.
The next thing of importance in preparing a business continuity program is to ensure that employees are not left dumbfounded by the emergency. Instead, there must be a mechanism in place to take into account the disaster readiness of the workforce. The overarching thing to note is that the feedback loops and the lines of communication should not breakdown during an emergency. Only when the communication is well oiled and works smoothly can there be an effective response to disasters.
The third point to note about preparing for a disaster is the absence of laid back attitudes and complacency. Many companies simply prepare a BCM without taking into account whether the attitude in an emergency is one of panic or the other extreme which is complacency. Both should be avoided and instead, for business as usual to prevail, a no-nonsense attitude and a sense of purpose must be the guiding factors. Overall, the human element is crucial as to how a BCM can succeed and hence, priority must be given to prepare the employees to face emergencies without panicking or at the same time without taking things for granted.
While preparing for a disaster, attention must be given to the response time of the organization to continue the BAU or the Business As Usual. This can be done if the organization replicates the exact structure and facilities that it employs in its everyday practice to the backup plan. The key point is that services must not be curtailed in an emergency and even if it is not possible to provide full service, the culling of non-essential services must be planned and accounted for. The critical success factor during emergencies is how well the organization picks up the pieces and resumes its operations. So, care must be taken to minimize disruptions and restore normal business as soon as possible.
Finally, BCM is all about anticipating the kind of emergencies and preparing for them. Risk management specialists can be hired to identify potential risks and quantify the impact of these risks on the business. In this manner, the risk management matrix that lists the risks, as well as the action plan for mitigating each risk, is crucial to ensure the success of the BCM plan. So, adequate effort and time must be given to preparing the risk management plan. In conclusion, when disaster strikes, the organizations and the employees must not be caught like Deer blinded by the lights of an automobile and instead, they must be like the ants who prepare for a rainy day.
BRCCI – Business Resilience Certification Consortium International (www.brcci.org)
We are thankful to the author for allowing us to post this insightful article on our website. BRCCI provides a comprehensive training and certification program in business resiliency, continuity and IT disaster recovery planning:
1. 3-day CBRM (Certified Business Resilience Manager) is a comprehensive, all-in-one, 3-day Business Continuity Planning and Management Training and Certification course which is designed to teach practical methods to develop, test, and maintain a business continuity plan and establish a business continuity program.
2. 3-day CBRITP (Certified Business Resilience IT Professional) is a comprehensive training on how to assess, develop, test, and maintain an information technology (IT) Disaster Recovery Plan for recovering IT and telecommunications systems and infrastructure in the event of a disaster or business disruption. The training provides a step-by-step methodology to ensure a reliable and effective IT disaster recovery and continuity plan consistent with the industry’s standards and best practices.
3. 2-day CBRA (Certified Business Resilience Auditor) It provides 2 days of intensive, Business Continuity Audit training to enable students to determine the effectiveness, adequacy, quality and reliability of an organization’s Business Continuity Program. Students will learn an audit methodology to evaluate compliance of Business Continuity and IT Disaster Recovery Programs with the current industry’s best practices and standards including:
- ISO 22301: Business Continuity Management Systems – Requirements
- NFPA: Standard on Disaster/Emergency Management and Business Continuity Programs
- ITIL: Information Technology Infrastructure Library