APPENDIX 6: BCM STRATEGY REPORT

<Organization>

Business continuity management strategy report

<Version>

<Date of approval and publishing>

Executive summary

The BCM strategy defines the options selected to meet and fulfill the requirements generated by the BIA and risk assessment (RA) phases. These options are selected on the basis of applicability, benefit, and cost.

The scope of the BCM strategy covers eight areas. The following list shows these areas along with the relevant options selected:

  • processes: <list the selected options>
  • people: <list the selected options>
  • technology: <list the selected options>
  • information: <list the selected options>
  • premises: <list the selected options>
  • vendors and supplies: <list the selected options>
  • crisis management: <list the selected options>
  • business continuity management: <list the selected options>.

It is estimated that the above options would require <implementation period> and will require the following resources:

  • financial: <list the financial resources required>
  • personnel: <list the human resources required>
  • other resources: <list other resources required to implement the selected options>.

Introduction

Requirements generated from the BIA process need an implementation roadmap in order to create the required results and contribute to <organization>‘s readiness for disasters. The BCM strategy phase focuses on defining the strategic options <organization> would adopt to implement the requirements and reach the desired state of readiness and recoverability.

The selection of strategic options is based on practicality and suitability for <organization>‘s environment and culture. Naturally, there are several options to select from in order to fulfill the requirements. Once selections are made, the options are then translated into implementation plans with specific timelines.

Key inputs for developing the business continuity strategy

Being part of the BCM life cycle, the business continuity strategy provides an insight into how <organization>‘s management would prepare for disasters.

The main inputs for developing this strategy came from the BIA. These inputs provided solid grounds for introducing the different continuity options available for <organization> and the selection of the right options. The key inputs for creating the BCM strategy are:

  • the critical processes;
  • RTO and RPO specifications for critical processes;
  • human resources and the workforce required for recovery;
  • physical resources required for recovery.

Objectives of the business continuity strategy

The business continuity strategy looks at the ultimate goal of BCM, which is to ensure there is the capability to deliver products and services and to protect the critical assets of the organization. The specific objectives of the business continuity strategy are to:

  • enhance the capability to manage incidents and crises;
  • devise measures to reduce the likelihood and impact of incidents and disasters defined from the RA exercise;
  • enhance the resilience of operations, activities, and assets of the organization;
  • meet the continuity requirements defined from the BIA exercise;
  • optimize BCM activities.

Methodology

The business continuity strategy was developed through the following steps:

1 Identify critical processes, critical people, and critical resources from the BIA.

2 Identify available options for the various areas of the

BCM strategy.

3 Recommend the preferred options for each of the areas mentioned above.

Overview of the preferred/recommended business continuity strategy for the organization

Crisis management

  • <List the selected options>.

Processes

  • <List the selected options>.

Technology

  • <List the selected options>.

People

  • <List the selected options>.

Facilities and premises

  • <List the selected options>.

Business continuity management

  • <List the selected options>.

Data and information

  • <List the selected options>.

Supplies

  • <List the selected options>.

Business continuity strategy – crisis management

Managing a crisis is the key area of any business continuity plan. Typically, crisis management plans consist of:

  • the organizational structure setup for managing the crisis;
  • the procedures for the determination of a crisis and their communication to stakeholders;
  • the health and safety plans (evacuation, coordination with civil agencies, etc.);
  • the communication plans (internal and external);
  • the salvage plan;
  • the overall coordination and management of business continuity;
  • the process for restoration to normal operations.

In developing a crisis management plan, there are two options:

  • developing a crisis management plan for each possible event;
  • developing a crisis management plan based on disaster impacts.

Business continuity strategy – processes

During the BIA phase, various processes across departments were rated according to their criticality and impact on the <organization>‘s operations. In the strategy phase, we are looking at how each category of these would be addressed. The main theme of this section is to create alternative arrangements for the original processes. The alternative processes would be activated in times of disasters and crises.

Typically, there are two options in this regard:

  • develop and document alternative processes for all processes;
  • develop and document alternative processes for all critical processes identified.

Business continuity strategy – technology

The organization has a high level of dependency upon technology to perform its activities and operations. The recovery of IT components is an essential prerequisite to recovering the business operations and activities. To achieve IT recovery, the available options are to:

  • use a hot site with all systems redundant and all data replicated online;
  • use backup tapes/discs for disaster recovery;
  • use a disaster recovery site that contains critical systems and data replicated online;
  • outsource the disaster recovery site to a professional provider.

Business continuity strategy – data and information

A cornerstone for business continuity and the ability to recover from disasters is to maintain data and information that meet the requirements of the organization in terms of integrity, confidentiality, availability, and currency.

Data backup

As for the data backup aspect, the following options are available:

  • online synchronous replication for all data to the disaster recovery site;
  • online asynchronous replication of all data to the disaster recovery site;
  • periodic backup of data on tapes and discs;
  • maintenance of an off-site tape copy at the disaster recovery site;
  • maintenance of an off-site tape copy out of the region/country.

Documentation

The preferred options for this are to:

  • store originals of critical documents in fire-resistant and secure safes;
  • archive originals of critical documents in an archiving system;
  • maintain a copy of manuals, documentation, and other information that are needed to maintain critical systems at the disaster recovery site.

Business continuity strategy – supplies

<organization> needs to maintain a proper supply chain for its critical activities in order to deliver services and perform operations. In this regard, the preferred options are to:

  • increase stock levels for critical supplies;
  • identify alternative suppliers for critical supplies;
  • include terms for possible emergency supply in contracts;
  • enforce penalties in vendor contracts;
  • stress-test the service-level agreements (SLAs) with vendors to verify their readiness to provide the service/products when needed.

Business continuity strategy – people

People are a critical component of any business continuity plan. The options that are considered in this regard are to:

  • maintain adequate backup personnel;
  • practice cross-training, job rotation, and succession planning;
  • maintain an inventory of outsourced personnel (consultants, experts, staff) to contact when needed.

Business continuity strategy – facilities and premises

There are some risks and threats that would make the normal working place unusable and inaccessible. In this regard, <organization> needs to have alternative places identified, prepared and equipped with resources according to the findings of the BIA in advance to accommodate users and their activities. The options are to:

  • utilize existing spaces available;
  • establish a dedicated business continuity site;
  • outsource business continuity space from a professional hosting vendor.

Business continuity strategy – business continuity management

As the business continuity program matures in <organization>, a large quantity of plans, documents, and information is generated. Managing these items is part of the daily activities of the business continuity function. The options are to:

  • use word-processing software;
  • use specialized software for business continuity activities.

Implementation and ownership

Strategy area

Action items

Ownership

Crisis management

<List selected options>

List the owners

Processes

<List selected options>

List the owners

Technology

<List selected options>

List the owners

People

<List selected options>

List the owners

Facilities and premises

<List selected options>

List the owners

Business continuity management

<List selected options>

List the owners

Data and information

<List selected options>

List the owners

Supplies

<List selected options>

List the owners

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.219.159.197