Abstract
Business
Continuity Planning (BCP) is a program which primarily assesses existing operations,
risks to these operations and the organizational preparedness incase this operations
are disrupted. It develops an integrated approach to ensure that critical operations
and processes continue to function after interruption e.g. due to an incident or
disaster.
Keywords
Business Continuity Plan (BCP), Business
Introduction
Business Continuity
Planning (BCP) is a program which primarily assesses existing operations, risks
to these operations and the organizational preparedness incase this operations
are disrupted. It develops an integrated approach to ensure that critical operations
and processes continue to function after interruption e.g. due to an incident
or disaster.
The Business Continuity
Plan (BCP) serves as an essential component of an organization’s response
planning (Barbara, 2014). Thus, an effective BCP details out the manner in
which a business entity shall operate in the event of an incident; including the
different ways it expects to return to “normal business operations” in the most
optimum and quickest period possible (Beck, 2010). Further, a BCP does not
require to have specific modalities like for terrorists incidences but rather
ought to make application of any potential major disruptions like incidences of
fire, power fault or flooding (Botha, 2004). A BCP plan by and of itself forges
an agreed framework for ensuring disruptive events are kept under control;
ensures critical and appropriate resources are reinstated to maintain and
sustain critical business functions; and also facilitates the staffing process
to ensure there right personnel required to coordinating activities are on
board (Pitt, 2004).
A BCP must be clear and
well-presented so as to avoid vagueness and be in a way that all persons can
understand its content and act in what is expected of them (Ogilvy, 2012).
To have a good
framework for BCP a few considerations must be fulfilled; key would be an
evaluation of the roles and individuals that are fundamental in meeting the
business needs and commitments. It is also important to perform an assessment
of the equipment, IT, or logistics measures et cetera that the staff need to sustain
operations. It would also be important to review the degree to which a business
can function prior to undertaking full restoration of disrupted operations. The
evaluation of alternative resources is also important as well as the
consideration of the departments that are vital in fulfilling specific and
critical orders or contractual obligations. The final one would be the critical
analysis of the suppliers including third parties that are considered integral
to daily routines of the business
Further to the issues
above is that a BCP should have sequential steps which staff members may follow
during-post a disruptive event so as to maintain essential operations as well
as return to “business as usual” in the shortest time possible. It is so the
case that a
BCP is critical to any
business and may vary widely depending on the kind of operations undertaken by
an organization; the same may also vary given the location, however the following
must be included (Reiss, 2010): plans, arrangements and measures geared towards
ensuring the continuous delivery of major services or products, to recover its
facility, assets and even data. The other inclusion criteria is the highlighting
of necessary resources needed to boost business continuity even encompassing personnel,
equipment, financial allocations, infrastructure, accommodations and protection
(Ogilvy, 2012).
Challenges
of Business Continuity Process
BCP faces a lot of
challenges (Cook, 2015). Key challenges
in the implementation of BCP include issues like lack of senior management
commitment and involvement. In most organizations, BCP is left to middle and
junior staffs that are not empowered to make decisions and do not even control
budgets making the process fail. The other key challenge is the lack of thorough
understanding of data dynamics and dependencies involved in data recovery by
the BCP practitioners. This especially manifests itself when BCP does not
consider all necessary components leading to a failure of the BCP. A good example
would be preparing a good BCP for a system and forgetting dependencies such as
a transmission link.
BCP also faces
challenges of having a technology only approach to BCP when panning for
organizational resilience. In such cases, other resources such as people are
forgotten introducing a serious risk to the BCP. BCP process does also face a
challenge of incorrect and/or inappropriate assumptions in formulating BCP. The
implications of these challenges points directly to weak BCP plans which are
not able to safeguard organizations against failures. Organizations end up
losing opportunities as well as customers or having very dissatisfied
customers.
Steps
in the Business Continuity Plan Process
The implementation of
the BCP process has several steps (Tittel, 2013). The first step would be to
identify the main/real assets of an organization. By doing this the company aims
at identifying those assets which it cannot do with or which it needs to always
have running. When you mention assets, this would be either physical equipment
or systems.
The second step would
then be the identification of risks and threats with respect to these organizational
assets. This essential mean a nose dive in to any event or occurrence that would
lead to the unavailability or non-functionality of the assets.
The organization would
then need to develop a BCP and implement it. This would assure that key
business activities are not disrupted. But again developing the BCP is not enough,
it has to be tested and the implementers are well trained. The BCP tests need
to happen frequently and plans updated accordingly should that be deemed
necessary.
The BCP does also
require frequent monitoring and maintenance, what this essentially means is
that with the BCP testing, observations on how well it serves need to be made and
corrections made in areas that are deemed not to work appropriately and finally
reviewing of the BCP need to be done frequently to assure that it is fit for
purpose.
Teams
involved in a Business Continuity Plan Process
The relevance of noting
on the key personnel needed to take part in the development of BCP is because
it anticipates sampling criteria to be proposed later in the study; by this indicate
the most preferable sample that need to be targeted so as to unravel the BCP issues.
In point of fact, the rationale for having the mentioned team is because it
further tells the reader the existing facets of the organization upon which a
solid BCP model may be about (Botha, 2004). Consider this case: IT department
may give a solution to an identified problem which would also be considered to
be good; however, the risk and safety team may regard it as futile due to the
ensuing problems in the future; thus that would need the two teams to come
together and advance their proposals so as to have a comprehensive and
satisfactory BCP model. In this regard, BCP does not only underscore the risks
there are and solutions therewith but that it enables companies to enhance
their business processes as well as methods. Moreover, BCP renders an
organization to validate its own positive achievements and weaknesses (Reiss, 2010).
Noteworthy, BCP serves as a chain process and involves a number of steps as
shown below (Ogilvy, 2012).
Conclusion
The study recommends
that for entire BCP process to succeed the organization should include
participation from all levels of an organization, including an organization’s
board of directors, senior management, business and technology managers, and
staff. There is also a need to continue capitalizing on the CEO's and
consultants support for the process to enhance the benefits of BCP process in
the company. The organizations should improve and support the training of
employees on BCP as this does come out as a challenge to the BCP
implementation.
References
Beck,
E. (2010). Strategic planning for business continuity management. Journal of Business,
Vol.3, No.6 (pp.23-45).
Barbara,
M. (2014). Determining the critical success factor of an effective business continuity/
disaster recovery program post 9/11 world.
Botha,
J. a. (2004). Information Management & Computer Security. A Cyclic Approach
to Business Continuity Planning.
Cook,
S. (2015). The Essential Guide to Employee Engagement: Better Business Performance
through Staff Satisfaction. 2nd ed. London: Kogan Page Publishers
Ogilvy,
J. (2012). Creating better futures: scenario planning as a tool for a better tomorrow.
New York: Oxford University Press.
Reiss,
C. L. (2010). Risk identification and analysis: a guide for small public
entities. Fairfax, VA: Public Entity Risk Institute.
Snedaker,
S. (2012). Business Continuity & Disaster Recovery for information.
Syngress Publishing.
Tittel,
K. L. (2013, November 14th). How to create an effective Busines Continuity
Plan. Retrieved August 8th, 2015, from CIO: http://www.cio.com/article/2381021/bestpractices/how-to-create-an-effective-business-continuity-plan.html
Verman,
A. G. (2011). Business Continuity Planning in the IT Age: A Railway Sector Case
Study. Journal of Business Management, Vol.3, No.5 (pp.11-36)
No comments:
Post a Comment