To ensure Business Continuity in the event of interruptions, whether due to catastrophic events, serious breakdowns or minor incidents, is a fundamental requirement for any organization. The ISO 22301, the world’s first standard for Business Continuity Management (BCM), was developed to help companies minimize the risk of similar interruptions. Putting in place the basic elements of a management system for Business Continuity, companies can maintain Business Continuity even in more problematic and unforeseen circumstances, safeguarding staff and the company’s reputation allowing it to continue to produce and sell. The methodology, in particular the ISO 22301 was developed by a group of experts, representing major industrial sectors and the public administration, to determine the process, principles and terminology of Business Continuity Management.
The management of Business Continuity is a prerogative of any organization, large or small, of any industry. It is particularly recommended for organizations operating in high -risk areas, such as finance, telecommunications, transport public administration and healthcare, where the ability to ensure the continuity of operations is critical to the organization, its customers and stakeholders.
The difference between Disaster Recovery e Business Continuity
We must pay attention to one aspect: the term “Business Continuity” is sometimes confused with the term “Disaster Recovery”, but the two terms are used in the same way. Nothing more wrong. Disaster Recovery has to deal with the emergency in case of an event which makes technology unavailable. Business continuity takes account of all events that have economic impacts, regulatory compliance or reputational on company, both due to the lack of technological support or lack of infrastructure or personnel. Despite these differences, the two terms are often associated under the initials BC/DR due to their many common considerations.
The Business Continuity Plan
The Business Continuity Plan (BCP) is the result of a process that helps organizations prepare for disruptive events. Such events might be: a hurricane, a power outage caused by an excavator in the parking lot, flood offices or staff shortages due to a strike by public transport. The Business Continuity Plan is the result of collaboration of different roles. The involvement in this process can range from the design of the emergency measures plan supervision, to provide input and support or be an active participant in the execution of the plan during an emergency.
- Define, share and get approval on corporate Business Continuity with strategic and tactical rules to draw the plan, the roles and the responsibilities, all the internal and external resources and the suppliers involved in the plan, the time and the cost for the project.
- Mapping the company organizational structure to conduct a Business Impact Analysis (BIA). This will locate the company’s most critical services in terms of economic impact that a critical event would have on the company The greater potential impact, must have shorter actions to quickly restore a system or a process.
- Risk assessment: higher risks on a process require to pay more attention in creating emergency measures to restore the process. Therefore the two elements, impact and risk, must be identified for each critical business process or service.
- Create emergency measures (also known as contingency plans) for each business process in relation to each event: unavailable site, unavailable technology, unavailable personnel, legal infrastructure, and so on.