Top 9 Business Continuity Interview Questions You Must Prepare 19.Mar.2024

The department dean/director or supervisor will lead a small planning team to determine who will need to go to an orientation. (The short list of individuals picked should be those that will input data into the system.)

  • Identified individuals who will attend one of the orientations.
  • Begin to develop your plan. Once the plan has been created, send an email to OEM to let them know you are done, and they will review the plan and offer any suggestions to fill gaps.
  • Update your plan with provided suggestions; put the plan on a site such as SharePoint or interoffice or hand out a hard copy and have the department review the plan.
  • Once they have read the plan, have them sign the “Review Sheet”. Send a copy of the Review Sheet to OEM and you will be done with your plan.

In order to truly drive home the importance of business continuity, the final question to be wered is regarding the consequences to the organisation.  Again, it is best to be thorough and, to the extent possible, quantify the losses that could result, for example with respect to:

Loss of revenue:

  • Additional expenses that may be incurred, such as for penalties and fines, for interim arrangements, and to rectify to problem, and
  • Other losses that might be incurred, such as sanctions that might be imposed or losses to the organisation’s reputation, market share, or stock price
  • In summary, the above five questions would provide organisations with a solid foundation upon which to develop their business continuity pl, and to appreciate the resources that may be needed for its successful implementation. It is therefore emphasized that the effort made to thoroughly address these questions will have an impact on the final quality of the plan developed.

Business continuity management (BCM) is the way organisations manage and respond to risks. The aim is to allow mission-critical functions to continue operating in the event of disruptions. This includes anything from bad weather to cyber attacks.

BCM also helps organisations return to ‘business as usual’ promptly and with as little trouble as possible after a disruption.

Developing a plan will enable UT Arlington to carry on the university’s mission and recover from an incident or lessen the impact. Carrying out the mission of the university under adverse conditions me that campus may be working with diminished resources, such as loss of space or information technology infrastructure. Critical functions will be identified in your plan that will help limit vulnerability.

ISO 22301 sets out the requirements for a BCMS and is considered the only credible framework for effective BCM.

Organisations that certify to the Standard can:

  • Prove to existing and potential clients that they have an effective BCMS that will enable continued service delivery in the event of an incident.
  • Obtain an independent opinion about the effectiveness of their business continuity management programme, thereby providing assurance to stakeholders and the board;
  • Accredited certification involves regular reviews and internal audits of the BCMS to make sure it functions as it should and continually improves; and
  • Meet regulatory requirements. The EU General Data Protection Regulation (GDPR) and the NIS Directive state that organisations must implement incident response capabilities. Certification to ISO 22301 provides a best practice approach to business continuity.

Organisations can achieve effective business continuity by implementing a business continuity management system (BCMS). The international standard ISO 22301 describes best practice for a BCMS. It involves developing business continuity pl (BCP) to manage and protect against identified risks.

All pl are due on the last week of October at close of business. That will give OEM time to review all the pl and send them back if gaps exist. Every October 31, Mr. John Hall, Vice President of Administration and Campus Operations, receives a memorandum of all BCPs status.

Although a key purpose of a business continuity plan is to focus on minimizing and managing the aftermath of a disruptive incident, it is critical to ensure that the plan also includes preventative measures that can be implemented and provide some redundancy against failure. Hence it is recommended that attention be given to identifying the types of disruptive incidents to which the organisation could be subject, and arranging them by likely frequency and potential impact on the organisation.

Factors such as geographic and physical location, country and civil stability, the actual products and services offered, among other things, are likely to influence the types of disruptions listed, and how they are ranked. For example, tropical storms and hurricanes frequently occur across most of the Caribbean – from the Bahamas to Saint Vincent and the Grenadines, and so should feature prominently in pl developed in those countries. However, for pl developed in Curaçao or Guyana, for example, that specific type of storm might be considered a rare occurrence, as those countries generally lie outside the hurricane belt.

Within the context of an IT/ICT business continuity plan, disruptive incidents may be scheduled or unexpected, or may be internal to the network, or due to external forces. Examples of disruptive incidents that could affect an organisation’s IT/ICT infrastructure and ought to be listed and considered would include, but not limited to:

  • Electrical outages
  • Equipment damage and malfunction
  • Software glitches
  • The effects of system breaches/network hacking
  • Equipment/system servicing, upgrades, changeovers

Following on from the previous question, this question encourages a fuller recognition and examination of the products and/or services that must be delivered by the organisation to its clients and customers. Generally, the results of that engagement are a key source of revenue for the business, or are otherwise used to gauge its performance.

Again, it may be necessary to rank the listed goods and services in order of priority, as acceptable delivery levels and downtime are likely to be more stringent for the most critical ones, and ultimately may vary across the list of products and services.