“Contingent capacity and plans enable management to quickly focus on stabilising the situation and maintaining or resuming the most critical functions while still working in a planned way towards eventual restoration of routine operations and full achievement of objectives”. AS/NZS 5050:2010
Do you know what Disruptive Events would prevent Critical Services from being delivered?
Terrorism, bushfire, flood, transport infrastructure emergency, electricity supply disruption, pandemic influenza or earthquake could all impact an organisations ability to operate. According to the latest government figures, the top disruptions experienced are:
- Loss of IT
- Loss of people
- Loss of telecommunications
- Loss of key skills
- Loss of key assets.
Consequently it is vital that businesses have an appropriate Business Continuity Management Framework (BCM) established. Using our 5 Phase BCM Wheel developed after numerous BCM reviews, JNW has recently assisted a large metropolitan council design its framework and test its IT Disaster Recovery Plan. The council now has a BCM Framework designed to prioritise resources on incident stabilisation and recovery/restoration of all Critical Services rated “Very High” and “High”.
The key elements our BCM framework are:
- BCM Policy – details the elements of the BCM framework.
- Business Impact Analysis – Directorate/Division ‘Critical Services’ risk assessment used to identify critical services, risk rate them and detail the dependencies required to deliver critical services.
- Crisis Management Plan – generic response plan that covers incident assessment, plan activation process, managing the incident and team deactivation (see below).
- Directorate/Divisional Critical Services Sub Plans – These Directorate/Divisional plans list each Directorate’s Critical Services identified in the Directorate Critical Services Business Impact Analysis Spreadsheet. The plans provides structure at the operational level with regards to recovering/restoring “High” and “Very High” rated critical services.
- BCM Tests, Training and Reporting – annual testing is recommended, including IT systems. This requires regular staff training on the Crisis Management Plan and relevant Directorate/Divisional Critical Services Sub Plans.
JNW’s BCM process aligns to an entities risk management framework and complies with BCM standards such as AS/NZS 5050:2010 Australian/New Zealand Standard Business continuity—Managing disruption-related risk, HB 292-2006 A Practitioners Guide to Business Continuity Management and Business Continuity Management – Building Resilience in Public Sector Entities, better practice guide, 2009.