Business Continuity Lifecycle

The BCM lifecycle used and applied by Adviza is based upon the same six elements of the BS 25999 lifecycle developed by the British Standards Institute, the aim being to ensure that the approach to BCM is holistic, supports the business strategy and the business need, is regularly tested and maintained as part of a continuous improvement program.

In order to achieve certification against BS 25999, it is essential that the organisation can demonstrate it has not only implemented, but is also maintaining its business continuity capability for the appropriate products and services, in accordance with the BS 25999 lifecycle.

The BS 25999 lifecycle and individual elements are intended to be a continuous process. These form the foundation for review and assessment of current capability against the requirements defined within BS 25999-2.

The Business Continuity Management Lifecycle (Source: BS25999-1:2006)

BCM Programme Management

This activity comprises of three parts – firstly to develop & provide a policy that provides the foundation for the BCM capability, scope, development and implementation. Secondly to provide an ongoing management, co-ordination and governance process to ensure that all the BCM activities are conducted and implemented in an agreed manner. The third and fundamental element of a BCM programme is the need to continually monitor, evaluate, and assure the integrity of BCM performance against the programme objectives.

Understanding the Organisation

The Understanding Your Business stage is comprised of two parts – the first is to establish the critical business activities using BIA techniques. The BIA is an important process that defines the requirements that drive the whole BCM process. Its purpose is to analyse the organisation’s business critical activities and their dependencies, quantifying the financial and non-financial impact caused by their loss, interruption, or disruption. It further identifies the minimum level of resources required to enable an organisation to achieve the recovery of each business critical activity within an acceptable time period against an agreed level of functionality and operation.

Secondly to provide a Risk Assessment to identify, define, and evaluate the risks to an organisation in respect of their business critical activities in order to establish a risk appetite and prioritise subsequent BCM activities. The risks may either be internal or external to the organisation and are evaluated in terms of their impact to the business.

Determining BCM Strategy

In the context of BCM, ‘strategy’ concerns the determination and selection of alternative operating methods that could be used to maintain the organisations business critical actives after an incident to an acceptable level.

A BIA and risk assessment must be undertaken before consideration is given to setting an organisation’s Business Continuity Strategy. It is the interaction and cost benefit BIA and Risk Assessment and Business Continuity Strategy that informs the setting of the risk appetite.

Developing and implementing a BCM response

Within this section, we use the information gathered during the Business Impact and Risk Assessment coupled with our experience of similar programmes, to produce an implementation plan that includes DR and Crisis Management elements. The solutions we develop will be aligned to the business strategy and will be scalable and consistent in both layout and operation across the organisation. This allows flexibility and merging/splitting of plans as the organisation changes and evolves.

Exercising, Maintaining and reviewing

In this phase the following activities are undertaken and considered:

• Testing/exercising of the BCM plans and solutions implemented by the Bank (including linkages to crisis management, media handling, etc);
• Identification and implementation of procedures or mechanisms to collect and maintain information relating to the BCM programme (e.g. survey/questionnaire software to collect and collate the required BCM information);
• Development of maintenance procedures to ensure information, plans and solutions are kept up to date;
• Provision of Audit procedures to check capability against best-practice.

Embedding BCM in the Organisations Culture

In order to ensure that every member of the organisation understands their role in both the implementation and exercising of the plans, we:

• Operate several internal training awareness and skills transfer workshops throughout the programme (these both facilitate the general awareness of the programme whilst also ensuring that any information about existing plans or provision is identified, evaluated and included in the appropriate plan);
• Have developed a comprehensive BCM Intranet site which is typically a valuable and integral tool in any awareness and education programme to staff and are typically used to help promote, educate and communicate BCM to staff;
• Provide a number of communication, education and training materials to ensure organisations effectively communicate BCM facilities, plans and activities to staff, these include induction presentations for new staff, Computer Based Training modules/e-Learning modules and interactive ‘classroom’ training.

This stage of the lifecycle is very important as it enables ‘organisational plans to evolve into capability’ and staff talent to be developed and enriched to be able to proactively think about BCM and Crisis Communications.

Business Continuity History
Business Continuity Introduction
Adviza's approach to BCM
Why choose Adviza