Professional Documents
Culture Documents
Expect The Unexpected - Managing Your Continuity Risk
Expect The Unexpected - Managing Your Continuity Risk
Expect The Unexpected - Managing Your Continuity Risk
Expect the
unexpected:
Managing your continuity risk
Patrick Ow
T
he case for implementing ers the entire organisation, all haz-
Business continuity risks are strategies to manage business ards and all agencies, and it should
very real. According to a study continuity risk is therefore be community-focused. All parts of
compelling. the organisation must be involved in
by Marsh,
Risk management is concerned BCM, and the procedure must consid-
Q 43% of businesses experiencing with putting in place controls and er the organisation as part of the com-
major disasters never re-open, treatments that seek to prevent or munity it operates in. The primary
and 29% close within three years mitigate continuity risk, encompass- objective of BCM controls, strategies
ing the establishment of appropriate and plans is to ensure the uninter-
Q fewer than 50% of organisations
strategies and plans. rupted availability and resilience of
have business recovery plans, and
Business continuity management key or time sensitive resources and
at least 90% never test their plans
(BCM) is concerned with considering dependencies so that they support the
Q 75% of businesses would be what to do when it all goes wrong, organisation’s critical business proc-
unable to function without IT/ and making sure that customers and esses, operations and services.
telephony after 14 days other people are not inconvenienced BCM also seeks to protect the
or put at risk when something does go interests of key stakeholders and
Q recovery time is invariably
wrong. An organisation should under- maintain organisational reputation
underestimated
take BCM when it has to manage and brand and value-creating activi-
Q costs of recovery are not always its business and service continuity ties. Decisions on how organisations
recovered by insurance. risks, and to respond to community respond to incidents, regardless of
or external emergencies. It should cause, should be driven by the follow-
be based on an approach that consid- ing basic principles:
by fire.
OO Resumption planning − steps
MONITORING
& REVIEW
to bring service levels, operations
and/or facilities back to business as
usual, or to provide back-to-normal
services to customers from mini-
Risk Treatment
Establishing Strategies mum service levels.
When there are inter-dependencies
Maintenance Actions &
Resources among agencies (federal, state and
municipality), an integrated, multi-agency
Plan Incident
Documentation Communications organisational response at local, region-
al and national level may be required,
Plan Activation & Deployment
especially during wide-spread community
emergencies.