Business Continuity Plan

By : Asharul Akhmal Bin Md. Jamil (2014424562)

Abstract

Business Continuity Planning (BCP) is a program which primarily assesses existing operations, risks to these operations and the organizational preparedness incase this operations are disrupted. It develops an integrated approach to ensure that critical operations and processes continue to function after interruption e.g. due to an incident or disaster.

Keywords Business Continuity Plan (BCP), Business

Introduction

Business Continuity Planning (BCP) is a program which primarily assesses existing operations, risks to these operations and the organizational preparedness incase this operations are disrupted. It develops an integrated approach to ensure that critical operations and processes continue to function after interruption e.g. due to an incident or disaster.

The Business Continuity Plan (BCP) serves as an essential component of an organization’s response planning (Barbara, 2014). Thus, an effective BCP details out the manner in which a business entity shall operate in the event of an incident; including the different ways it expects to return to “normal business operations” in the most optimum and quickest period possible (Beck, 2010). Further, a BCP does not require to have specific modalities like for terrorists incidences but rather ought to make application of any potential major disruptions like incidences of fire, power fault or flooding (Botha, 2004). A BCP plan by and of itself forges an agreed framework for ensuring disruptive events are kept under control; ensures critical and appropriate resources are reinstated to maintain and sustain critical business functions; and also facilitates the staffing process to ensure there right personnel required to coordinating activities are on board (Pitt, 2004).

A BCP must be clear and well-presented so as to avoid vagueness and be in a way that all persons can understand its content and act in what is expected of them (Ogilvy, 2012).

To have a good framework for BCP a few considerations must be fulfilled; key would be an evaluation of the roles and individuals that are fundamental in meeting the business needs and commitments. It is also important to perform an assessment of the equipment, IT, or logistics measures et cetera that the staff need to sustain operations. It would also be important to review the degree to which a business can function prior to undertaking full restoration of disrupted operations. The evaluation of alternative resources is also important as well as the consideration of the departments that are vital in fulfilling specific and critical orders or contractual obligations. The final one would be the critical analysis of the suppliers including third parties that are considered integral to daily routines of the business

Further to the issues above is that a BCP should have sequential steps which staff members may follow during-post a disruptive event so as to maintain essential operations as well as return to “business as usual” in the shortest time possible. It is so the case that a

BCP is critical to any business and may vary widely depending on the kind of operations undertaken by an organization; the same may also vary given the location, however the following must be included (Reiss, 2010): plans, arrangements and measures geared towards ensuring the continuous delivery of major services or products, to recover its facility, assets and even data. The other inclusion criteria is the highlighting of necessary resources needed to boost business continuity even encompassing personnel, equipment, financial allocations, infrastructure, accommodations and protection (Ogilvy, 2012).

Challenges of Business Continuity Process

BCP faces a lot of challenges (Cook, 2015). Key challenges in the implementation of BCP include issues like lack of senior management commitment and involvement. In most organizations, BCP is left to middle and junior staffs that are not empowered to make decisions and do not even control budgets making the process fail. The other key challenge is the lack of thorough understanding of data dynamics and dependencies involved in data recovery by the BCP practitioners. This especially manifests itself when BCP does not consider all necessary components leading to a failure of the BCP. A good example would be preparing a good BCP for a system and forgetting dependencies such as a transmission link.

BCP also faces challenges of having a technology only approach to BCP when panning for organizational resilience. In such cases, other resources such as people are forgotten introducing a serious risk to the BCP. BCP process does also face a challenge of incorrect and/or inappropriate assumptions in formulating BCP. The implications of these challenges points directly to weak BCP plans which are not able to safeguard organizations against failures. Organizations end up losing opportunities as well as customers or having very dissatisfied customers.

Steps in the Business Continuity Plan Process

The implementation of the BCP process has several steps (Tittel, 2013). The first step would be to identify the main/real assets of an organization. By doing this the company aims at identifying those assets which it cannot do with or which it needs to always have running. When you mention assets, this would be either physical equipment or systems.

The second step would then be the identification of risks and threats with respect to these organizational assets. This essential mean a nose dive in to any event or occurrence that would lead to the unavailability or non-functionality of the assets.

The organization would then need to develop a BCP and implement it. This would assure that key business activities are not disrupted. But again developing the BCP is not enough, it has to be tested and the implementers are well trained. The BCP tests need to happen frequently and plans updated accordingly should that be deemed necessary.

The BCP does also require frequent monitoring and maintenance, what this essentially means is that with the BCP testing, observations on how well it serves need to be made and corrections made in areas that are deemed not to work appropriately and finally reviewing of the BCP need to be done frequently to assure that it is fit for purpose.

In the main dissertation upon approval of the current proposed study, the steps for BCP shall be analyzed more in-depth. Upon occurrence of an emergency, business continuity teams (BCT) start to implement BCP plans in order for the organization to resume normal business operations (Snedaker, 2012).

Teams involved in a Business Continuity Plan Process

In developing a BCP framework such cannot be done by a single person rather but from a group with BCP expertise. It needs team working to have a viable and comprehensive BCP (Reiss, 2001). The graph below has been reformulated based on the works by (Verman, 2011) which indicate the level of involvement of key personnel on BCP development.

The relevance of noting on the key personnel needed to take part in the development of BCP is because it anticipates sampling criteria to be proposed later in the study; by this indicate the most preferable sample that need to be targeted so as to unravel the BCP issues. In point of fact, the rationale for having the mentioned team is because it further tells the reader the existing facets of the organization upon which a solid BCP model may be about (Botha, 2004). Consider this case: IT department may give a solution to an identified problem which would also be considered to be good; however, the risk and safety team may regard it as futile due to the ensuing problems in the future; thus that would need the two teams to come together and advance their proposals so as to have a comprehensive and satisfactory BCP model. In this regard, BCP does not only underscore the risks there are and solutions therewith but that it enables companies to enhance their business processes as well as methods. Moreover, BCP renders an organization to validate its own positive achievements and weaknesses (Reiss, 2010). Noteworthy, BCP serves as a chain process and involves a number of steps as shown below (Ogilvy, 2012).

Conclusion

The study recommends that for entire BCP process to succeed the organization should include participation from all levels of an organization, including an organization’s board of directors, senior management, business and technology managers, and staff. There is also a need to continue capitalizing on the CEO's and consultants support for the process to enhance the benefits of BCP process in the company. The organizations should improve and support the training of employees on BCP as this does come out as a challenge to the BCP implementation.

References

Beck, E. (2010). Strategic planning for business continuity management. Journal of Business, Vol.3, No.6 (pp.23-45).

Barbara, M. (2014). Determining the critical success factor of an effective business continuity/ disaster recovery program post 9/11 world.

Botha, J. a. (2004). Information Management & Computer Security. A Cyclic Approach to Business Continuity Planning.

Cook, S. (2015). The Essential Guide to Employee Engagement: Better Business Performance through Staff Satisfaction. 2nd ed. London: Kogan Page Publishers

Ogilvy, J. (2012). Creating better futures: scenario planning as a tool for a better tomorrow. New York: Oxford University Press.

Reiss, C. L. (2010). Risk identification and analysis: a guide for small public entities. Fairfax, VA: Public Entity Risk Institute.

Snedaker, S. (2012). Business Continuity & Disaster Recovery for information. Syngress Publishing.

Tittel, K. L. (2013, November 14th). How to create an effective Busines Continuity Plan. Retrieved August 8th, 2015, from CIO: http://www.cio.com/article/2381021/bestpractices/how-to-create-an-effective-business-continuity-plan.html

Verman, A. G. (2011). Business Continuity Planning in the IT Age: A Railway Sector Case Study. Journal of Business Management, Vol.3, No.5 (pp.11-36)