Business Continuity Planning Report

Business Continuity Planning Report

CIS502 Theories of Security Management

Business continuity management is described by the International Organization for Standardization as the foundation for building the resilience of an organization, which would allow an organization to respond accordingly, in a way that protects the business, its reputation, internal/external customers and most importantly its stakeholders. A complete plan for business continuity should be comprised of four main types of Business Continuity Plans:

Crisis management plan

Crisis communication plan

Business recovery plan

IT Disaster Recovery plan

An organization would want to build the resilience of its organization should an event happen, equipping the business, so it is still able to continue to grow, bigger and stronger than ever. The process of BCM or business continuity management should include key activities which would identify the appropriate business continuity plan such as:

The identification and analysis of key products and services of the business

The identification and analysis of the most urgent activities and processes of the business

The identification of potential threats, and their impacts on business operations

Devising of plans and strategies for quick and effective recovery from any disruption or downtime, and the continuation of business operations

A Business Continuity Plan aimed at anticipating and addressing potential disaster recovery efforts that would not only be prepared to restore the organization’s IT Infrastructure but all things that are the business. A Business Continuity Plan places an organization in a proactive role enabling it to be able to fulfill obligations, deliver its critical products and services as smoothly as possible during an event.

A Business Continuity Plan can and often does produce enormous gains such as:

The increased trust from internal and external customers, a favorable image to the general public.

Growing the morale of the employees and in-turn their loyalty, they feel as if the company is honest and has their backs creating a feeling of pride and ownership.

Deepening relationships the organization has with its shareholders will increase their trust which will, in turn, lead to future collaboration and investing, understanding that the organization is ready for any surprises.

A well-drawn Business Continuity Plan has the potential to improve the efficiency overall of an organization, in the moment of an active event which results in downtime or disruption of some kind within. The Business Continuity Plan should allow the company to come together and respond seamlessly, expeditiously and appropriately, minimizing loss and costs to the organization.

Due to the nature of potential damage to an organization’s business continuity, a complete Business Continuity Plan should address how to handle most if not all potential risks or threats such as:

Natural disasters (force majeure, or “acts of God”), such as hurricanes or typhoons, storm surges or tsunamis, floods, earthquakes, bushfires, blizzards, sandstorms

Man-made disasters with environmental repercussions, such as oil spills, hazardous materials spills, pollution, improper disposal of chemical and other industrial wastes

Accidents brought about by fortuitous events, such as factory fires and similar incidents in the workplace

Failure of utility and other similar service providers to deliver their services, such as when power and energy providers shut down, water services are interrupted, and communication lines go out of order

Results of sabotage and similar crimes (to put the business at risk), such as arson

Cybersecurity attacks, with the information system of the business falling prey to a hacker and other similar intrusive activities

An organization’s ability to address these threats will require a very diverse team of heroes who will have a deep understanding of the organization and the authority to make decisions regarding the organization. The Business Continuity Plan team should be comprised of a Business Continuity Steering Committee team made up of the COO, CFO, CIO, and internal auditors.

An organization’s legal counsel has the dubious task of protecting its employees, corporate assets/shareholder value and stakeholders internal and external. Counsel is responsible for ensuring all recovery work is done following regulatory and compliance requirements working with the designated impact analysis team to develop a workable Recovery Point Objective (RPO) or data restoration, the time in which an organization operation must be restored following a disruptive and Recovery Time Objective (RTO) which is the maximum time necessary to restore critical functions following a disruptive event

The Business Continuity Plan team should include a Program Sponsor to oversee the day-to-day management and leads the effort, a program manager is the foot soldier responsible for performing the day-to-day program activities and most importantly the business continuity planner who is responsible for their wealth of knowledge to develop and maintain the organizations response and recovery under the direction and guidance of the program manager.

Counsel is responsible for ensuring all recovery work is done following regulatory and compliance requirements working with the designated impact analysis team to develop a workable Recovery Point Objective (RPO) or data restoration, the time frame in which an organization operation must be restored following a disruptive and Recovery Time Objective (RTO) which is the maximum time necessary to restore critical functions following a disruptive event.

And the final part is to have a workable and do-able business continuity plan which includes planned strategies that have been tested in addition to cross-training for the organization’s personnel. Training increases opportunities for the success of the Business Continuity Plan, ensuring everyone will understand what is expected and will track towards the same goal.

My recommendation would be to initiate the establishment of the Business Continuity steering committee team made up of the COO, CFO, CIO, and internal auditors, to include legal counsel to begin to formulate a suitable business continuity plan for the organization. In conclusion, business continuity is the intended outcome of a well-executed Business Continuity Plan and Disaster Recovery strategy together will help the organization identify and prioritize the processes which would impact the business’ financial and operational functions.