BCM - Business continuity management Management of business continuity

In the conditions of difficult interdependent activity of divisions within the organization, dependence of the organizations on partners, availability of support systems of activity, ensuring smooth operation is one of the important tasks facing the management of many enterprises. Each of the organizations faced, anyway, the different reasons of interruption of working activity – as a result of failures in electricity feed-in, deliveries, functioning of information and communications systems, unavailability of office, leaving of key staff, deliberate actions or human errors and also the fires, technogenic catastrophes, etc.

BCM is complex approach

BCM is the complex approach in management directed to determination of potential threats for the organization, carrying out the analysis of their business impact in case of implementation. It provides a basis for deduction of the organization in a stable status and an opportunity for effective response to crisis situations with the purpose of protection of interests of owners and concerned parties, reputation and the most essential spheres of business of the company. BCM regulates processes of recovery after failures, training programs, testings, procedures of audit and review of actions, procedures and business continuity plans (Business Continuity Plan - BCP) for the purpose of confirmation of their compliance to the current conditions and requirements of the organization. Now fundamental standards in the field of IT and the information security (IS), including CobiT, ITIL, ISO-27001, contain the sections connected with ensuring business continuity: the first two are intended for IT, the third - cybersecurity. There is also a standard of BS ISO 25999 concerning management of business continuity. Among a set of standards, known in the world, including NFPA1600 (USA), HB221 and HB252 (Australia), SPRING TR19 (Singapore), etc.

Correct project

Approximately the "correct" BCM project of one of business processes in IT so looks.

The possible emergencies (E) in the section of IT, their effect are analyzed. The admissible timeout is defined. After that possible scenarios emergencies are developed, classes of importance of IT services and the strategy of their recovery are described. The sketch of the project is created.

The main postulate – business continuity, is provided without fail.

The schedule of project implementation is formed, the cost and time of execution of the project are calculated. According to plans upgrade of services IT is made, plans of disaster recovery and testing for several systems are formed.

Then test phase. Defects are revealed – it is necessary to correct and introduce amendments.

Afterwards business time comes: the hierarchy of reaction from three components - regular, incident managements and level of recovery of activity is formed. According to experts, only minimum necessary actions which need to be made after accident should be stated in these plans. After creation of reserve jobs complex testing with participation business and IT departments is held.

Here the example of the real project performed in Russia is given. It proceeded within two years. Experts consider, risks it is necessary to estimate, analyze their business impact, to define possible financial losses. These are not simple processes, but only it is so possible to optimize costs for the BCM organization further.

Essence of strategy of management not only in determination of general requirements - the reasonable balance is necessary: how many to spend and what to be protected from.

See Also

• CPM