home
business continuity services
productivity services
products
contact us

Site Search

Shopping Cart
Subtotal: 0
View Cart

"Your business, the Australian economy and our critical infrastructure need to be protected....How quickly your company gets back to business after an emergency often depends on the planning you do now."

(Attorney-General's Department, The Australian Government ,http://www.ag.gov.au/agd/www/nationalsecurity.nsf/Page/Information_For_BusinessBusiness_Continuity)

Risk

Before business continuity comes “risk”, so before we go into further detail we must first understand what risk is and how it effects us.

Risk is the study of potential events, their probability and consequences.

Risk management

Risk management is about evaluating (identification and assessment of severity) risk and providing controlled responses to ensure better outcomes. Evaluating risk can be difficult as there is usually a marked disparity between perceived risk and actual risk (objective indicators can help like the price of insurance premiums, etc). But once the risk has been properly evaluated, one can take action (or not) against it using various “risk treatments”:

  • risk retention (planning that something bad will happen)

  • risk transference (get someone else to take on the risk)

  • risk avoidance (stopping activity that leads to risk)

  • risk reduction (reduction of probability or consequence)

Business Continuity

Business continuity is what's required to keep your organisation functioning – even in a time of crisis. It is designed to isolate and support critical resources and business units to ensure business operating capacity especially in dealing with disasters, critical events or down-time.

Its purpose is to minimise the financial, legal, reputational and other material consequences arising from the disruption.

(Prudential Standard APS 232, APRA, http://www.apra.gov.au/ADI/ADI-Prudential-Standards-and-Guidance-Notes.cfm)

Business continuity planning is the process of determining what your critical business needs are.

A business continuity plan (BCP) is a document outlining what should be done to ensure continual operations of your critical business functions.

Disaster recovery is a very small subset of business continuity and historically has been associated with I.T. infrastructure and systems (esp. data protection/recovery and security).

Business Continuity Framework

The business continuity framework are the standards and policies used by your organisation to address the need for keeping your business afloat even in a time of crisis. It should be integrated into your existing risk management framework.

A number of standards already exist, and can help you formulate a business continuity plan.

PAS56/BS25999 – BSI (UK)

http://www.bsi-global.com/en/Shop/Publication-Detail/?id=000000000030078064

HB221:2004 – Standards Australia (Australia)

http://www.saiglobal.com/shop/script/Details.asp?docn=AS442445504743

NFPA1600 – NFPA (USA)

http://www.nfpa.org/assets/files/PDF/NFPA1600.pdf

Professional Practices - DRI (USA)

https://www.drii.org/professional_prac/profprac_details.html

APS232 – APRA (Australia)

http://www.apra.gov.au/ADI/ADI-Prudential-Standards-and-Guidance-Notes.cfm

HB231:2004 – Standards Australia (Australia)

http://www.saiglobal.com/shop/Script/Details.asp?docn=AS536451513900

ISO/IEC 24762:2008 (also see draft 27031) - ISO (Switzerland)

http://www.iso.org/iso/catalogue_detail?csnumber=41532

Keeping the wheels in motion – Australian National Audit Office (Australia)

http://www.anao.gov.au/uploads/documents/Business_Continuity_Management.pdf

AS/NZS 4360:2004

http://www.saiglobal.com/shop/Script/details.asp?docn=AS564557616854

Business Continuity Management (BCM)

BCM is responsible for creating a business continuity plan (BCP) and ensures execution of it during a crisis. It is also an ongoing responsibility of the BCM Team to educate people what to do in a crisis. Consultants (like us at Hosting Star) can be hired to assist you in creating and testing your BCP. The BCM team is typically your senior management (or responsibility and authority is delegated to others).

Click to enlarge.

Illustration 1: Business Continuity Management (BCM) and Plan (BCP) Example Overview

Business continuity planning

We help businesses and organisations in formulating a business continuity plan (BCP). Before we help you, it's important to ensure the actual need for a BCP.

Business Impact Analysis (BIA)

The Business Impact Analysis (BIA) highlights critical business objectives, processes and resources. Areas of criticality are based on the potential financial, legal, reputational and other material consequences (risk) if a disruption occurs. Some standards may refer to this process as “Establishing the Context”. It is extremely important to ensure the BIA is accurate as it illustrates the actual requirements for the BCP. The requirements elicited by the BIA must be agreed to by responsible parties (MD / CEO / senior management). Having an experienced third party to provide you with an objective BIA can be priceless.

Recovery Strategy

Development of a recovery strategy identifies what solutions to consider for the business continuity plan (BCP), and officially designates funding to each agreed solution. Selected solutions (risk treatments) are usually on a cost-benefit basis.

Business Continuity Plan

The business continuity plan is a project plan encompassing all critical areas of your business. It discusses:

  • organisational structure and responsibilities

  • disaster assessment

  • notification procedures

  • control centres

  • recovery procedures

    • technical

    • business

  • policy

  • logistics

    • mobilization

    • recovery

    • re-instatement

  • recovery phases

  • maintenance procedures

  • on-going responsibilities

  • recovery inventories

  • audit check-list

  • communications plan

I.T. Disaster Recovery Plan

The I.T. disaster recovery plan is part of the business continuity plan (BCP). Although it is governed by particular corporate governance and compliance guidelines, its needs are assessed like all your other business units during the BIA. Any dependencies on your I.T. infrastructure and operation by other business units are well covered prior to writing the BCP. The requirements for recovering your I.T. systems are covered above (recovery procedures, logistics,etc.). If you require off-site data protection to ensure your business continuance contact us or read about our storage.

Recovery Testing & Implementation

Testing facilitates improvement of your BCP. With testing you can determine whether your recovery processes, resources, and activities work or whether they need to be refined. We believe implementation of the solution by testing prior to a crisis is as important as development of the solution. Testing strategies include:

  • partial testing (can occur without disruption of any of your services)

  • full testing is recommended to ensure ongoing success.

 I.T. Disaster Recovery Assessments

If you would like to audit or provision an I.T. system to withstand failures please contact us. We have had experience in setting up state-wide redundant data storage. Our partner, NetApp is the leading manufacturer of disaster-proof storage. To find out more please contact us.
Login
business continuity planning
 

© Innovation Foundry Pty Ltd
Wednesday, 10 March 2010

Terms Of Use :: Privacy Statement

hosted data (onsite/offsite) | disaster recovery assessment | business continuity planning | hosted applications and operating systems | hosted document history (onsite/offsite) | backup and recovery solutions

ACN: 107 875 472/ABN: 61 107 875 472