As the world didn’t end on Dec 21, 2012, how about considering a proper business continuity plan for 2013?
ISO22301:2012 (ISO22301) Business Continuity Management Systems (BCSMS) – Requirements is the international business continuity standard.
Launched in May 2012 it replaced British Standard BS25999-2 and set outs the requirements for a Buisiness Continuity Management System (BCMS). ISO22301 is based on the ‘Plan-Do-Check-Act’ model as found in other management system standards.
“BCP is the creation and validation of a practiced logistical plan for how organization will recover and restore partially or completely interrupted critical functions within a predetermine time after a disaster or extended disruption”
The first step in business continuity process is to consider the potential impact of each disaster or disruption. Next step is to determine the likelihood of the disruption or how likely this disruption will occur within a year and how many times. Both impact and likelihood will determine the risk to the organization critical asset in a sense if impact of the disruption is high the risk is high or if likelihood of the incident is high the risk is high. High risk disruption will attract more attention during planning process.
• Understand the function of probabilities and risk reduction
• Identify potential risks to the organization
• Identify outside expertise required
• Identify vulnerabilities / threats / exposures
• Identify risk reduction / mitigation alternatives
• Identify credible information sources
• Interface with management to determine acceptable risk levels
• Document and present findings
• Understand clear objectives, available alternatives, their advantages, disadvantages, and cost ranges, including mitigation as a recovery strategy
• Identify viable recovery strategies with business functional areas
• Consolidate strategies
• Identify off-site storage requirements and alternative facilities
• Develop business unit consensus
• Present strategies to management to obtain commitment
Assessing the Effectiveness of a BCP Plan for an Individual Business Unit:
Business unit contingency planning was never more important than now. The success of BCP planning depends upon the feasibility and appropriateness of the plan. However, only comprehensive TESTING of the contingency plans could validate that and everyone hates testing. It is important that the Contingency Plan clearly identify those responsible for declaring a disaster and executing the plan. ISO22301 is the specification for implementing, establishing, and improving a business continuity management system (BCMS) within an organization.
The requirements in the standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature of business. The extent of application of these requirements depends on the organization’s operating environment and complexity. ISO22301 can be used by internal and external parties, including certification bodies, to assess an organization’s ability to meet its own business continuity needs, as well as any customer, legal or regulatory needs.