Analysis: CLEMENT SINYANGWE
IMAGINE running your business successfully for many years and only to lose your important company data and clients information including your companyâ€™s huge debtor database. Probably this is one hell of a thought any business person or organisation wouldnâ€™t even want to think of or experience. However, disasters do occur and are very real, the possibilities of their occurrence are very high. This is why I have taken time to discuss a bid about business continuity plan (BCP). What is business continuity plan? How does it work? And how can organisations achieve it? These are the things we shall discuss in this write-up.
Business continuity plan, sometimes referred to as business continuity and resiliency planning, is the process of creating systems of prevention and recovery to deal with potential threats to an organisation or a business.
Threats include loss of data and information caused by various incidences such as theft, fire, floods, earthquakes, system crash and other natural causes that can happen. We have been very fortunate in Zambia that no serious tragedies have ever happened to the extent where the entire town or province is destroyed. I know many ICT gurus are saying they have made serious recovery infrastructure such as having offsite backup. Yes, thatâ€™s very clever of you and at least it just shows that you have thought about securing your data.
Coming back to the business aspect, you will agree with me that for most of the businesses run on credit basis, we usually record our daily transactions then invoice them later and, depending on organisation credit policy, some take as long as 180 days before a debt is settled.
These transactions in most cases are recorded using some specialised application software and databases. Now, imagine losing such data without you having any backup or recovery plan in place.
How are you supposed to approach your debtors in such a case? I guess it would be a bonus for them.
We have also heard of how company buildings have been gutted with strategic offices such as server rooms and records destroyed. Of course we know that such happenings are usually inside jobs meant to evade some suspicious dealings.
But to a well-organised set-up with a reliable recovery plan, such efforts are in vain and temporary setbacks as there is always a business continuity plan put in place to enable them recover data in a quickest possible time and continue their business operations. But how do you create BCP?
A BCP usually consists of five (5) parts: the BCP governance, the business impact analysis (BIA), the BCP plans, measures, and arrangements, the readiness procedures and the quality assurance techniques which include maintenance and auditing.
On the governance part, a BCP ought to have a structure in place, and this structure has to be in form of a committee consisting of senior management with properly defined roles and responsibilities. This gains the BCP some management buy-in and involvement as they feel part and parcel of the plan, especially when it comes to funding it.
This group of senior management is responsible for the implementation of the BCP and basically performs the initiation, planning, approval, testing and audit of the BCP. Other tasks include coordinates activities, approving the BIA survey, overseeing the creation of continuity plans and reviewing the results of quality assurance activities.
On the second part, which is the business impact analysis (BIA), organisations have to identify their mandate and their critical services. They also have to rank the order of priority of those services identified for continuous delivery or quick recovery and they also need to identify the possible internal and external impacts likely to cause disruptions.
Then there is the third stage, which is the planning of the business continuity. It consists of the preparation of detailed recovery plans that can ensure continuity of business operations in case of any disaster striking the organisation.
These plans consist of information and means to ensure that critical services are carried at minimum service levels within acceptable down times. Continuity plans should be made for each critical service.
The fourth stage in developing a BCP is putting in place some readiness procedures. This includes conducting training to the technical team who will be handling the disaster recovery should anything happen and also briefing your employees and staff on the contents of the BCP and informing them of their individual responsibilities.
After training and briefings, there is need to perform some practices in order to achieve and maintain high levels of competence and readiness.
Even though these practices might be seen as resource- consuming and expensive, they are the best method for certifying a BCP.
The fifth and last stage is the quality assurance techniques part. This includes evaluating the planâ€™s accuracy and its relevance and effectiveness.
This stage should also expose some BCP aspects that might need improvement. Having a BCP in place alone isnâ€™t enough but conducting some continuous appraisal of the plan is crucial to maintaining its effectiveness. This is mostly done by external auditors.
It is very important for all organisations to develop and maintain a BCP to enable them continue with their operations in a case of any tragedy
The author is Zambia Daily Mail Deputy ICT Manager, firstname.lastname@example.org.
Analysis: CLEMENT SINYANGWE