Business continuity

src: www.siagroup.com

Business continuity is a concept that refers to company planning and preparation to ensure it overcomes serious incidents or disasters and resumes normal operations in a relatively short period of time. This concept includes the following three key elements:

Resilience : essential business functions and supporting infrastructure should be designed so that they are materially unaffected by relevant disturbances, for example through the use of redundancy and backup capacity;

Recovery : settings must be made to recover or restore important and non-critical business functions that fail for some reason.

Contingency : the organization establishes the ability and general readiness to effectively address any major and catastrophic incidents that occur, including those that do not, and may not occur. Contingency preparation is the final response if resilience and recovery arrangements should prove to be inadequate in practice.

Common disasters that occur are business continuity covering natural disasters including fire, flood, accident caused by important people, server crash or virus infection, key supplier inability, negative media campaign, and market turmoil (eg, stock market crash). The disaster site and the real estate company may be independent.

Video Business continuity

Management

Business continuity management is largely within the scope of quality management and risk management, with some cross-over to related areas such as governance, information security and compliance. Risk management is an essential tool for business continuity as it provides a structured way to identify sources of business disruption and assess its possibilities and losses. It is expected that all business functions, operations, inventories, systems, relationships, etc. What is critical to achieving the operational goals of the organization is analyzed and incorporated into the business continuity plan. Business Impact Analysis is a generally accepted term of risk management for the process of determining the relative importance or criticality of those elements, and in turn promotes priority, planning, preparation, and other business continuity management activities.

If no business continuity plan is implemented and the organization is facing serious threats or disturbances that may result in bankruptcy, implementation and results, if not late, may strengthen the organization's viability and sustainability of its business activities.

Maps Business continuity

Standard

One important way to achieve business sustainability is the use of international standards, program development, and support policies. These standards ensure that proven methods and concepts for business continuity are used. As with many quality management standards, key tasks to identify relevant disaster potentials, making plans for evacuation, buying backup machines and servers, backing up and taking them offsite, assigning responsibilities, training, educating employees and being alert can not replaced by adherence to standards. Thus, the management's commitment to seeing business continuity as an important topic and assigning people to it, remains the most important step in building business continuity.

Several business continuity standards have been issued by various standards bodies:

ISO - ISO 22301: 2012, "Community security - Business continuity management system - Requirements", defines the management system to manage the organization's business sustainability settings. It's formal in style to facilitate audit and certification of compliance. This is supported by ISO 22313: 2012, "Public security - business continuity management system - Guidance" which provides more pragmatic advice on business continuity management. ISO/IEC 27031: 2011, "Information security - Security techniques - Guidelines for information and communication technology [ICT] readiness for business continuity" offer guidance on ICT aspects of business sustainability management.

United Kingdom - British British Standard 25999 is a two-part business continuity management standard. "BS 25999-1: Business Continuity Management 2006. The Code of Practice" offers a pragmatic implementation guide, but is withdrawn in 2012 when ISO 22313 replaces it effectively. "BS 25999-2: 2007 Specification for Business Continuity Management" formally sets out a set of requirements for a business continuity management system. It was also withdrawn in 2012 when it (in effect) was replaced by ISO 22301.

North America - Published by National Fire Protection Association NFPA 1600: Standards on Disaster Management/Emergency and Business Sustainability Programs.

North America - ASIS/BSI BCM.01: 2010 published in December 2010

ANSI/ASIS SPC.1-2009 Organizational Resilience: ANSI/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness and Sustainability Management System - Requirements with Guidance for Use of the American National Standard are being considered for inclusion in DHS PS -Prep, volunteering designed to improve national resilience in all hazard environments by enhancing private sector preparedness.

Professional Practices for Business Continuity Management Published by DRI International (nonprofit continuity educational institution and education institution)

Australia - Published by Australian Standards HB 292-2006: Practitioner's guide to business continuity management HB 293-2006: Executive guides for business sustainability management In 2010, the Australian Standard introduced their associated US/NZS 5050 Standard much closer to traditional risk management practices. This interpretation is designed to be used in conjunction with AS/NZS 31000 which includes risk management.

src: www.securitymagazine.com

Program

An ongoing process of management level to ensure that necessary steps are taken regularly to identify possible accidents, disasters, emergencies, and/or threats. It also involves (1) assessment of possible effects, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. See also business impact analysis

src: previews.123rf.com

Policy

Policies are matters mandated by the management of the organization that will always be done in accordance with the design plan that has been set, and support all business functions within an organization.

src: www.tonex.com

BC/BCM plan (BCP)

The components of the business continuity methodology required for manifestation into a documented plan include:

The set of documents, instructions, and procedures that enable businesses to respond to accidents, disasters, emergencies, and/or threats without interruption or bottlenecks in its main operations. Also called business continuity plans, disaster recovery plans, or recovery plans.

It should also include: the objectives, scope, objectives and assumptions used to develop the plan. Key accountability includes the authority to apply, after-demand instructions, and detailed communication plans should be included in the plan to ensure efficient return of operations.

src: www.dri-italy.it

BC/BCM Planning

The task of identifying, developing, obtaining, documenting, and testing procedures and resources will ensure the sustainability of the company's primary operations in case of accidents, disasters, emergencies, and/or threats. This involves (1) risk mitigation planning (reducing the likelihood of adverse events), and (2) business recovery planning (ensuring continued operations after a disaster).

src: www.thebci.org

Guidelines

Guidelines are the recommended things to do in accordance with the design plans that have been set. However depending on the needs and requirements of the target business function, these items may or may not be performed, or may be modified during implementation.

src: www.thebci.org

Procedures

British Standard 25999-2 and other standards identified above provide specifications for implementing a business continuity management system within an organization.

src: www.mountainsizerecords.com

Business impact analysis (BIA)

The whole concept of business continuity is based on identifying all business functions within an organization, and then setting the level of importance for each business function. Business impact analysis is the primary tool for collecting this information and establishing criticality, the purpose of recovery points, and the timing of recovery, and therefore part of the basic foundation of business continuity.

BIAs can be used to identify the level and time scale of impacts at different levels of an organization. For example, it can check the interference effect on the operational, functional and strategic activities of an organization. Not only the current activities but the disruptive effects on major business changes, introducing new products or services for example, can be determined by the BIA.

Most standards require that business impact analyzes be reviewed at defined intervals for each organization and each time the following occurs:

• Significant changes in internal business processes, locations or technologies
• Significant changes in external business environments - such as market or regulatory changes

src: www.ra.ac.ae

Security management

In today's global business environment, security should be a top priority in managing Information Technology. For most organizations, security is mandated by law ^{Citation? The only security law is HIPAA} , and compliance with the mandate is regularly investigated in the form of ^{Citation? The only mandate that should be audited every year is PCI-DSS and PCI-DSS is self-reporting. There is no law enforcement.} . Failure to pass a security audit can have an impact on financial change and management in an organization.

src: www.nakivo.com

Document management

In a large information technology environment, personnel switching is unavoidable and should be planned as part of business continuity. The solution to the change-related problem is the most complete and up-to-date documentation. This ensures that new personnel will have the information they need to quickly become knowledgeable and productive with respect to the business functions they are assigned to support. It also implies that the documentation related to business functions is mostly generated (not written) from existing systems and is managed automatically.

src: thumbs.dreamstime.com

Change management

The rules require that business function changes be documented and tracked for audit purposes and designated as "change controls". This brings a level of stability to business functions by requiring support personnel to document and coordinate proposed changes to the underlying system. As this process becomes more and more automatic, the emphasis will be reduced on personnel control, and more on regulatory compliance.

src: previews.123rf.com

Audit management

One of the most expensive aspects of information technology management and spending time dealing with auditors. One of the goals of business sustainability is data center automation, which includes audit management. All modern business functions must be designed with concepts that automatically generate the necessary audit compliance information and documentation as part of doing business day-to-day. This dramatically reduces the time and costs associated with making this information manually.

src: expertbeacon.com

Service level agreement (SLA)

The interface between management and information technology is the Service level agreement (SLA). It provides a written contract that sets management expectations regarding the availability of the required business functions, and the results given by information technology to support such business functions.

src: autobcm.com

Communications system

Another component of business continuity is communication in coercion. Members of the disaster recovery team should be able to communicate effectively among themselves as well as with managers, directors, customers, partners, and even with the media. To avoid some potential problems associated with the communication channel being disrupted, the business continuity plan should include a key manager who will be responsible for all communications in the area, executive co-operation and public relations staff, and a scheduled exercise to put the plan into practice.

src: www.metricstream.com

Other components

Disaster recovery planning occurs as part of defining business continuity procedures.

The following is a list of physical and logical entities in an information technology environment requiring the adoption of a business continuity methodology. Implementing the methodology should include definitions of things like policies, guidelines, standards, procedures, etc., For each item in the list:

• Frames and managed systems
• Firmware and microcode
• Internal and external disk storage
• Naming system computing
• Hardware management console and console access
• Virtualization
• Network design
• VLAN
• TCP/IP subnet
• Resources or services group
• Workload management
• Volume group
• Logical volume/disk partition
• Logs the filesystem log
• Fileystem mount point
• Username and UID number
• Group name and GID number
• Security
• High availability
• Compute the system installation
• Calculates system monitoring
• Patch management

Planning

Planning, prevention, and preparation are an important part of the business continuity management system and have been read directly from civil contingency planning. This activity begins by understanding the business to identify potential risks and threats to critical business activities both internally and from the external environment. It is also advisable to check the resilience of suppliers.

See also

• Business continuity planning
• Advanced Operations
• Crisis management
• Digital continuation
• Disaster Risk Reduction
• Disaster Recovery
• Risk management
• Resilience (organization)

References

External links

National Institute of Science and Technology (NIST) Special Publication 800-34: Contingency Planning Guide for Information Technology Systems

Gittleman, Stuart (2013) US regulator urges companies to improve business continuity and disaster recovery plans [online]. Reuters. Available from: http://blogs.reuters.com/financial-regulatory-forum/2013/08/21/us-regulators-urge-firms-to-improve-business-continuity-and-disaster-recovery-plans/[ Retrieved November 4, 2013].

What is Business Continuity Management? Special Publications by Disaster Recovery Institute International

Source of the article : Wikipedia