creating an effective business continuity plan
DESCRIPTION
At first it is important to know that disasters can strike anytime. ISO 22301 - Societal security - Business continuity management systems is often described as Disaster survival plan. An effective Business Continuity plan can be the perfect option in providing the structure to enable the recovery time of critical activities detected. But what is the best way businesses could understand the importance of this ISO standard? For most of them this standard has proved the continuity of its operations: from large incidents, such as natural disasters, to accidents of technological and environmental aspects. The size of incidents should never be neglected. Any incident has a significant influence in business activities, hence this standard makes your business be survival of the fittest.TRANSCRIPT
www.pecb.org
Creating an Effective Business Continuity Plan
2
Protect, reduce, prepare, respond, and recover. Speaking in terms of business, these are the five words, each representing an action, that probably best describe Business Continuity in brief.
Businesses often face minor and major challenges, but how prepared companies are for the unexpected, and to what size or format they invest in a business continuity plan?
At first it is important to know that disasters can strike anytime. ISO 22301 - Societal security - Business continuity management systems is often described as Disaster survival plan. An effective Business Continuity plan can be the perfect option in providing the structure to enable the recovery time of critical activities detected. But what is the best way businesses could understand the importance of this ISO standard? For most of them this standard has proved the continuity of its operations: from large incidents, such as natural disasters, to accidents of technological and environmental aspects. The size of incidents should never be neglected. Any incident has a significant influence in business activities, hence this standard makes your business be survival of the fittest.
According to ISO, organizations already consider that this standard has a huge potential in the world. So far, numerous countries have started to adopt ISO 22301, including Singapore and United Kingdom to replace their existing national standards. There is already interest from business worldwide who wish apply good practice and obtain certification against this standard. This attests to its vast potential user base and expected benefits.
The popularity of this standard has had a great effect on many organizations prior to disaster. Having implemented this standard previous to the worst, other organizations have mostly followed the same route of being prepared and aware. They have looked at examples closely in order to ensure taking the same measures across their supply chains.
Before this route, or before anything else, the first step is prioritizing a hierarchy of locations that are critical to the operations of a company. Then it is usual to say that this plan intends to minimize operational risk, however, the key factors to the effectiveness of such a plan are people, infrastructure and processes. From these three, it is suggested that the primary focus is on the people.
To create a business continuity plan, several steps should be considered: identification of the plan scope, key business areas, critical functions, creation of plans for operations maintenance, etc. However, it is highly important this plan is tested several times (usually 2 to 4 times a year) to know if it's complete and whether it will fulfill its intended purpose or not. The last but not the least, revision and improvement of this plan are very important. Feedback from staff should always be considered before this step. Involvement of all departments in this review process makes this plan much more effective.
All plans should have the support from every level of the organization. Every management should have a representative when the plan is created or updated. Updating the business continuity plan makes it remain closer to the needs of the company. Awareness about this plan is also of key importance – when employees don’t know about the plan, they will not react in case of disasters and failure is of higher possibility. Communication of this plan, or better say training and awareness, to employees can be delivered by any unit, such as Human Resources, however, it is suggested that someone from the top management does it, so on that account the attention will be shifted to this plan.
Training about this standard at PECB is mostly focused on the acquisition of basics knowledge related to business continuity management, and not on the acquisition of an expertise in business continuity. To obtain more in-depth knowledge of the implementation and the management of a BCMS, it is recommended to take the Certified ISO 22301 Lead Implementer course, while for more in-depth knowledge of the audit techniques of a BCMS, it is recommended to take the Certified ISO 22301 Lead Auditor course.
PECB (Professional Evaluation and Certification Board) is a certification body for persons for a wide range of professional standards. Among other international standards, it offers also ISO 22301 training and certification services for professionals wanting to gain a comprehensive knowledge of the main processes of Business Continuity Management System, project managers or consultants wanting to prepare and support an organization in the implementation of an BCMS, auditors wanting to perform and lead BCMS certification audits, and staff involved in the implementation of the ISO 22301 standard.
ISO 22301 and Business Continuity Management System offered by PECB:• Certified ISO 22301 Lead Implementer (5 days)• Certified ISO 22301 Lead Auditor (5 days)• Certified ISO 22301 Foundation (2 days)• ISO 22301 Introduction (1 day)
ISO 22301 Lead Auditor, ISO 22301 Lead Implementer and ISO 22301 Master are three certification schemes accredited by ANSI ISO/IEC 17024.
3