Business Continuity

BUSINESS CONTINUITY

To ensure Business Continuity in  the event of  interruptions, whether due to catastrophic events, serious breakdowns or minor incidents, is a fundamental requirement for any organization. The ISO 22301, the world’s first standard for Business  Continuity  Management (BCM),  was  developed  to  help companies minimize the risk of similar  interruptions.  Putting in place the basic elements of a management system for Business Continuity, companies  can maintain Business Continuity even in  more  problematic and unforeseen  circumstances,  safeguarding  staff and  the  company’s  reputation  allowing  it  to continue  to  produce  and  sell.  The methodology,  in  particular  the  ISO  22301  was developed by a group of experts, representing major  industrial  sectors  and  the  public administration,  to  determine  the  process, principles  and  terminology  of  Business Continuity  Management.

The management of Business Continuity is  a  prerogative  of  any organization, large or small, of any industry. It is  particularly  recommended  for  organizations operating  in  high -risk  areas,  such  as  finance, telecommunications, transport public administration and healthcare, where  the  ability to ensure the continuity of operations is critical to  the  organization,  its  customers  and stakeholders.

The difference between Disaster Recovery e Business Continuity

We  must  pay  attention  to  one  aspect:  the  term “Business  Continuity”  is  sometimes  confused  with  the term “Disaster Recovery”, but the two terms are used in the same way. Nothing more wrong. Disaster Recovery has  to  deal  with  the  emergency  in  case  of  an  event which makes technology unavailable.  Business  continuity  takes  account  of  all  events  that have  economic  impacts,  regulatory  compliance  or reputational  on  company,  both  due  to  the  lack  of  technological  support  or  lack  of  infrastructure  or personnel. Despite these differences, the two terms are often associated under the initials BC/DR due to their many common considerations.

The Business Continuity Plan

The  Business  Continuity  Plan  (BCP)  is  the  result  of  a  process  that  helps organizations prepare for disruptive events. Such events might be: a hurricane, a power outage caused by an excavator in the parking lot, flood offices or staff shortages due to a strike by public transport. The Business Continuity Plan is the result of collaboration of different roles. The involvement in this process can  range  from  the  design  of  the  emergency  measures  plan  supervision,  to provide input and support or be an active participant in the execution of the plan  during  an  emergency.

Main steps

1. Define, share and get approval on corporate Business Continuity with strategic and tactical rules to draw the plan, the roles and the responsibilities, all the internal and external resources and the suppliers involved in the plan, the time and the cost for the project.
2. Mapping the company organizational structure to conduct a Business Impact Analysis (BIA). This will locate the company’s most critical services in terms of economic impact that a critical event would have  on  the  company    The  greater  potential  impact,  must  have  shorter  actions  to  quickly restore a system or a process.
3. Risk assessment:  higher  risks  on  a  process require to  pay  more attention in creating emergency measures to restore the process. Therefore the two elements,  impact and risk, must be identified for each critical business process or service.
4. Create emergency measures (also known as contingency plans) for each business process in relation to each event: unavailable site, unavailable technology, unavailable personnel, legal infrastructure, and so on.