Professional Practices for Business Continuity
                         

Business Continuity Management is defined as a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and value creating activities.

The primary objective of Business Continuity Management is to allow the Executive to continue to manage business operations under adverse conditions, by the introduction of appropriate resilience strategies, recovery objectives, business continuity, operational risk management considerations and crisis management plans.

The sections within these standards are not presented in any particular order of importance or sequence, as it may be necessary to undertake or implement sections in parallel during the development of the BCM Program.


                              Summary of Subject Areas


1. Program Initiation and Management
Establish the need for a Business Continuity Management (BCM) Process or Function, including resilience strategies, recovery objectives, business continuity and crisis management plans and including obtaining management support and organizing and managing the formulation of the function or process either in collaboration with, or as a key component of, an integrated risk management initiative.

2. Risk Evaluation and Control
Determine the events and external surroundings that can adversely affect the organization and its resources (facilities, technologies, etc.) with disruption as well as disaster; the damage such events can cause, and the controls needed to prevent or minimize the effects of potential loss. Provide cost-benefit analysis to justify the investment in controls to mitigate risks.

3. Business Impact Analysis
Identify the impacts resulting from disruptions and disaster scenarios that can affect the organization and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be set.

4. Developing Business Continuity Management Strategies
Determine and guide the selection of possible business operating strategies for continuation of business within the recovery point objective and recovery time objective, while maintaining the organization's critical business functions.

5. Emergency Response and Operations
Develop and implement procedures for response and stabilizing the situation following an incident or event, including establishing and managing an Emergency Operations Center to be used as a command center during the emergency.

6. Developing and Implementing Business Continuity Plans
Design, develop, and implement Business Continuity Plans that provide continuity within the recovery time and recovery point objectives..

7. Awareness and Training Programs
Prepare a Program to create and maintain corporate awareness and enhance the skills required to develop and implement Business Continuity Management Program or process and its supporting activities.

8. Maintaining and Exercising Business Continuity Plans
Pre-plan and coordinate plan exercises, and evaluate and document plan exercise results. Develop processes to maintain the currency of continuity capabilities and the plan document in accordance with the organization's strategic direction. Verify that the Plan will prove effective by comparison with a suitable standard, and report results in a clear and concise manner.

9. Crisis Communications
Develop, coordinate, evaluate. And exercise plans to communicate with internal stakeholders (employees, corporate management, etc.), external stakeholders (customers, shareholders, vendors, suppliers, etc.), and the media (print, radio, television, Internet, etc.).

10. Coordination with External Agencies
Establish applicable procedures and policies for coordinating continuity and restoration activities with external agencies (local, regional, national, emergency responders, defence, etc.) while ensuring compliance with applicable statutes and regulations.