Business continuity implies management processes and integrated plans which maintain the continuity of an organization’s critical processes – those processes which enable a business to deliver key services or products – in the case of a disruptive event. Business continuity encompasses all aspects of an organization which play a role in sustaining critical processes, namely: people, premises, suppliers, technologies, and data.
Business continuity vs IT service continuity
IT service continuity addresses the IT aspect of business continuity. In today’s economy, business processes increasingly rely on information and communication technology (ICT) and electronic data (e-data). ICT systems and e-data are, therefore, crucial components of the processes and their safe and timely restoration is of paramount importance. If such systems are disrupted, an organization’s operations can grind to a halt. If the interruption is serious enough, and no risk management planning has occurred, a firm may even go out of business.
Requirements of IT service and business continuity
Ensuring business and IT continuity requires a deep understanding of the possible threats to an organization’s network and information security (NIS) and having thorough plans in place, should the risk event actually occur, in order to mitigate the impact and allow the organization to maintain its operations or services. Business continuity is now recognized as an integral part of sound management practice and good corporate governance.
Process of developing a business continuity plan
The organization needs to understand three fundamental issues to maintain availability of IT and information:
1. Which processes are critical,
2· How quickly they must be restored; and
3· The IT and e-data required to keep these critical processes running.
In very simplified terms, these three steps are fundamental to the business continuity plan. As previously mentioned, there is no “one-size-fits-all” method but rather various standards, for different but closely-related disciplines, from around the world.
There are many standards which stem from different, but related, disciplines such as emergency planning, disaster recovery, incident management, risk management, IT service continuity management and business continuity management. It is very difficult to isolate each discipline related to planning for and recovering from a disruptive incident. Often one plan cannot be implemented without another.
For example, in the case of an evacuation, a business continuity plan would not be effective to restore critical activities if an emergency plan had not been put into action, staff were not accounted for, the area made secure and the damage assessed. Moreover, it would be difficult to restore critical business processes without implementing an IT service continuity plan to restore technology.
Organizations understand how to approach the process according to the state-of-the-art. Factors such as human resources, financial and technological limitations and regulatory constraints will shape the strategy and drive the eventual solution.
But the dominant and most respected BCM standard is the ISO22301, and those organizations who are certified to this standard are giving out a message to their customer that “You can rely on us! We won’t let you down!”
BCM market place
There are three main components i.e. training, consulting and BCM tools. In each of these domains there are a number of “players”. These players have different focus areas and have built their credibility in specific aspects of BCM life-cycle.
The “Trainers” in the field provide awareness and domain certification related training, where the IRCA accreditation helps in identifying the course to have met the quality standard.
The consulting aspect fulfills organization need to assess the current state of crisis readiness, setting up the BCM framework end-to-end and taking care of the PPT aspect of BCM (PPT : People, Process & Technology). This aspect in its matured state helps management in planning for resource optimization and managing technology costs.
There are a number of tools available in the market that fulfill the differing needs of the organizations while implementing and maintaining the BCM function. These tools help companies to define the BCM framework and also serve as a management tool to know the health of this function and also act as reminder to business owners for their specific To Do’s to be accomplished for an effective BCM regimen.
The benefit of BCM, IT Disaster Recovery and notification tools is that they significantly reduce the element of human error and therefore provide much needed reliability and assurance/confidence at all times.
Challenges of implementing BCM in Indian companies in the backdrop of current economic situation
India is one of the focus markets in the world today, both as a customer and as a supplier. While Indian companies are vying with the global conglomerates in reaching out to customers globally, it is becoming increasingly important that continuity of business be maintained in the light of factors like political situation, state of power and infrastructure sector , the laws relating to doing “clean business” and their implementation and an overall focus for growth of the economy.
There is also a growing realization that business continuity is not nice to have: but an imperative wherein adequate investment is required from the perspective of management time and effort.