Abstract
The underlying concept of business continuity is that an organization must have the strategic and tactical capability to plan and respond to business incidents and interruptions, in order to continue business operations at an acceptable predefined level. This chapter proposed an approach to business continuity management in an organization through the definition and implementation of a set of four related phases. The authors integrate the main guidelines, based on the literature review and on good practices and concerns, referred to in the ISO standards and on ITIL, CMMI, and COBIT frameworks. This approach will allow organizations to address the most relevant activities for the development of a business continuity management program. By implementing each of the phase activities, the organization will have a systematic overview of the steps required for an optimized planning and response to business incidents and disruptions, supported by the strategy defined framed within their needs.
TopBusiness Continuity Management
Contingency planning and DR were, in the past, largely information technology-led responses to natural disasters and terrorism that affected businesses. Nowadays (Tangen & Austin, 2019), recognize that this needs to become a business-led process and encompass preparing for many forms of disruption, creating a discipline known as BCM.
Any incident has the potential to cause major disruption to the organization's operations and its ability to provide products and services. However, (Filho, 2016) states that implementing BCM before a disruption incident occurs, rather than waiting for something to happen, allows the organization to resume operations before unacceptable impact levels emerge.
Thus, BCM can prepare the organization to maintain the continuity of its services during a disaster by implementing a contingency plan (Syed & Syed, 2004).
As a starting point, (Hiles, 2011a) considers that it is useful to obtain a statement of support from the administration, stressing the importance of the BC project and that some of the benefits of BCM are:
Key Terms in this Chapter
Business Continuity: Capability of the organization to continue delivery of products at acceptable predefined levels following disruptive incident (ISO 22301:2012, 2012).
Disaster Recovery: Is an organization's method of regaining access and functionality to its IT infrastructure, to continue the delivery of services that support business processes, after a disruptive incident.
Life cycle: Is the sequence of phases that a project goes through from its initiation to its closure.
Business Continuity Plan: Business continuity plans are made up of documented procedures. Organizations use these procedures to respond to disruptive incidents, to guide recovery efforts, to resume prioritized activities, and to restore operations to acceptable predefined levels. Business continuity plans usually identify the services, activities, and resources needed to ensure that prioritized business activities and functions could continue whenever disruptions occur (ISO 22301:2012, 2012).
Critical Functions: The business process or activities that can disrupt the organization capability to ensure the delivery of products.
Risk Assessment: Overall process of risk identification, risk analysis and risk evaluation (ISO 22301:2012, 2012).
Service Delivery: Is the manner in which a corporation provides users access to IT services, which include applications, data storage and other business resources.