There are 6 steps that should be followed by organizations if they want to establish a Business Continuity Management System.

The Business Continuity Policy should be established by the top management and should:
• Be appropriate to the purpose of the organization
• Provide a framework for setting business continuity objectives
• Include a commitment to satisfy applicable requirements
• Include a commitment to continual improvement of the BCMS

A Business Continuity Framework illustrates the way (processes, steps and parameters) the Business Continuity Management System (BCMS) elements of an organization are implemented and managed, as part of a BCMS Life Cycle. This includes Business Impact Analysis, Risk Assessment, Strategy and Solution Design, Implementation, Training, Exercising & Testing, Maintenance.

The Business Impact Analysis is a systematic process to determine and evaluate the criticality of business activities and associated resource requirements to ensure operational resilience and continuity of operations during and after a disaster, incident or emergency. The outcome is a business impact analysis report which describes the business continuity requirements.

The Risk Assessment process:
• Identifies the risks an organization is exposed to
• Identifies the probability of risks
• Evaluates the impacts if these risks develop into an emergency
• Provides direction for the prioritization and management (including mitigation through business continuity planning) of the risk factors, to be taken proactively
• Contributes to greater resilience to disruptive events

The Business Continuity Strategies are the summary of strategies for mitigation, crisis response and recovery, that an organization adopts to respond to an incident, or disaster or crisis so lives and assets are protected and normal operations are restored.

The Business Continuity Plan is the document that describes how the organization will respond to and continue to operate during an unscheduled service outage, provides guidance and information to help teams respond to downtime and recovery, and contains contingencies for business processes, assets, human resources, third parties and any stakeholder that might be affected.

This article was written by the SIGMA BUSINESS NETWORK team.