2011 IEEE GCC Conference and Exhibition (GCC), February 19-22, 2011, Dubai, United Arab Emirates
BUSINESS CONTINUITY PLANNING (BCP) METHODOLOGY – ESSENTIAL FOR EVERY BUSINESS
Dr. Manik Dey PhD, CISSP
Kuwait Institute for Scientific Research (KISR), mdey@kisr.edu.kw
ABSTRACT
Business Continuity Planning (BCP) indicates how well an organization prepares itself to survive in unexpected disasters, disruptions or changes, assuring that the critical business processes will continue to function in most adverse circumstances with acceptable limitations. BCP is also one of the domains of Information Security management. It has been emphasized by BS 25999 standard that an organization must have a Business Continuity (BC) program in place to fulfill its obligations in this world of uncertainty. The main objectives are that in all unusual situations the business should sustain, maintain regulatory compliances and deliver its products and services with minimum losses to its employees, customers, vendors, and to the society at large. This paper illustrates the concept of BCP along with its implication to business in adverse circumstances and enunciates a methodology about how a Business Continuity Planning framework can be established in an organization. Index Terms— Business Continuity (BC), Business Continuity Planning (BCP), Business Continuity Management (BCM), BS 25999 standard, Information Security
1. INTRODUCTION
Business Continuity (BC) deals with the continuation of business in adverse circumstances. Business comprises of people, processes, various assets, products and services. Any incident such as market crash, pandemic diseases, natural disasters, technological failures, human errors, cyber attacks, fraud or terrorism which causes disruption to any of these entities, can affect the continuity of business either for a short term or for a long term basis.
Business Continuity Planning (BCP) and Management (BCM) are the acts of anticipating disruptions, ensuring prevention or less chance of occurrences and responding to any such incident in a planned and rehearsed manner so as to recover the losses and bring the business back into operation. Disruptions can be with or without warning and the results may be predictable or unknown. The term Disaster Recovery Planning (DRP) is used more frequently but it is actually a part of the broader BCP framework. DRP normally takes care of the continuity of information technology (IT) services and is mostly technical in nature. Every Business needs a BCP to face all possible disruptions and keep its operation running with acceptable downtime. The objectives are to protect human lives, minimize financial and reputational losses, continue serving the customers, and remain in compliance with the statutory laws and regulations [7].
Most organizations maintain ‘Plan B’ (contingency) if ‘Plan A’ (regular business plan) does not work due to some incident, accident or disaster. However, very recently the world has seen some of the most unprecedented disasters such as collapse of twin towers (9/11, 2001 attack), US black-out (2003), Tsunami, Katrina, Rita and Iceland Volcano (2010). These, in conjunction with the corporate corruption cases of WorldCom, Enron, Satyam, etc, have made organizations realize that lack of proper Business Continuity or Disaster Recovery Planning can make them out-ofbusiness at any time. One report from US department of Labor suggests that 40% of the companies facing such disasters never reopen and 25% of the remaining companies close within two years [9]. In fact, after the 9/11 attack, majority of the affected companies in the World Trade Center went out of business due to lack of adequate DR and BC Planning.
Organization’s dependency on IT demands that ITrelated resources are secured and protected well against all possible devastations. The recent increase of cyber terrorism has also given an additional dimension to the problem. That is why Business Continuity is associated with the Information Security Management System (ISMS). As per the ISO/IEC 27031 standard, the Information and Communication Technology (ICT) infrastructures should ensure the confidentiality, integrity and availability (CIA) of IT services in all circumstances and hence play a major role in maintaining Business Continuity [8]. In general, BCP will have IT and non-IT areas. In case of disruptions, the IT unit will be busy with restoration and recovery of related services using DRP processes whereas the non-IT areas will be busy with other facilities and business matters so that the overall business prevails.
Through implementation of appropriate BCP frameworks, organizations can maintain continuity and get benefit from most adverse situations in this world of uncertainty. There are numerous examples, case studies and success stories of organizations benefitting from Business Continuity (BC) initiatives. KPMG’s white paper http://www.kpmg.com/CN/en/IssuesAndInsights /ArticlesPublications/Documents/business_resilience_chi na_0903.pdf describes their case studies in China where various organizations have been benefiting from BCP initiatives in the competitive market of economic downturn since September 2008. The broader prospect of BCP is called Business Resilience Planning (BRP) which covers all the changes the business may face including the disruptions covered by BCP as well as other changing situations of challenges and opportunities [2, 5].
Lihat jurnal lebih lengkap di : http://booksc.org/book/28082021
0 komentar:
Posting Komentar