INTRODUCTION
Business Continuity Management is defined as an holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and value creating activities.
Its primary objective is to allow the Executive to continue to manage their business under adverse conditions, by the introduction of appropriate resilience strategies, recovery objectives, business continuity and crisis management plans in collaboration with, or as a key component of, an integrated risk management initiative.
The ten subject areas listed below cover the competencies required by a professional practitioner in order to deliver effective Business Continuity Management. They are not presented in any particular order of importance or sequence.
SUBJECT AREA OVERVIEW
Initiation and Management
Establish the need for a Business Continuity Management (BCM) Process or Function, including resilience strategies, recovery objectives, business continuity and crisis management plans and including obtaining management support and organising and managing the formulation of the function or process either in collaboration with, or as a key component of, an integrated risk management initiative.
Business Impact Analysis
Identify the impacts resulting from disruptions and disaster scenarios that can affect the organisation and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be set.
Risk Evaluation and Control
Determine the events and external surroundings that can adversely affect the organisation and its resources (facilities, technologies, etc.) with disruption as well as disaster, the damage such events can cause, and the controls needed to prevent or minimise the effects of potential loss. Provide cost-benefit analysis to justify investment in controls to mitigate risks.
Developing Business Continuity Management Strategies
Determine and guide the selection of possible business operating strategies for continuation of business within the recovery point objective and recovery time objective, while maintaining the organisation`s critical functions.
Emergency Response and Operations
Develop and implement procedures for response and stabilising the situation following an incident or event, including establishing and managing an Emergency Operations Centre to be used as a command centre during the emergency.
Developing and Implementing Business Continuity and Crisis Management Plans
Design, develop, and implement Business Continuity and Crisis Management Plans that provide continuity within the recovery time and recovery point objectives.
Awareness and Training Programmes
Prepare a programme to create and maintain corporate awareness and enhance the skills required to develop and implement the Business Continuity Management Programme or process and its supporting activities.
Maintaining and Exercising Business Continuity and Crisis Management Plans
Pre-plan and co-ordinate plan exercises, and evaluate and document plan exercise results. Develop processes to maintain the currency of continuity capabilities and the plan document in accordance with the organisation`s strategic direction. Verify that the Plan will prove effective by comparison with a suitable standard, and report results in a clear and concise manner.
Crisis Communications
Develop, co-ordinate, evaluate, and exercise plans to communicate with internal stakeholders (employees, corporate management, etc.), external stakeholders (customers, shareholders, vendors, suppliers, etc.) and the media (print, radio, television, Internet, etc.).
Co-ordination with External Agencies
Establish applicable procedures and policies for co-ordinating continuity and restoration activities with external agencies (local, state, national, emergency responders, defence, etc.) while ensuring compliance with applicable statutes or regulations.
