The department dean/director or supervisor will lead a small planning team to determine who will need to go to an orientation. (The short list of individuals picked should be those that will input data into the system.)
In order to truly drive home the importance of business continuity, the final question to be wered is regarding the consequences to the organisation. Again, it is best to be thorough and, to the extent possible, quantify the losses that could result, for example with respect to:
Loss of revenue:
Business continuity management (BCM) is the way organisations manage and respond to risks. The aim is to allow mission-critical functions to continue operating in the event of disruptions. This includes anything from bad weather to cyber attacks.
BCM also helps organisations return to ‘business as usual’ promptly and with as little trouble as possible after a disruption.
Developing a plan will enable UT Arlington to carry on the university’s mission and recover from an incident or lessen the impact. Carrying out the mission of the university under adverse conditions me that campus may be working with diminished resources, such as loss of space or information technology infrastructure. Critical functions will be identified in your plan that will help limit vulnerability.
ISO 22301 sets out the requirements for a BCMS and is considered the only credible framework for effective BCM.
Organisations that certify to the Standard can:
Organisations can achieve effective business continuity by implementing a business continuity management system (BCMS). The international standard ISO 22301 describes best practice for a BCMS. It involves developing business continuity pl (BCP) to manage and protect against identified risks.
All pl are due on the last week of October at close of business. That will give OEM time to review all the pl and send them back if gaps exist. Every October 31, Mr. John Hall, Vice President of Administration and Campus Operations, receives a memorandum of all BCPs status.
Although a key purpose of a business continuity plan is to focus on minimizing and managing the aftermath of a disruptive incident, it is critical to ensure that the plan also includes preventative measures that can be implemented and provide some redundancy against failure. Hence it is recommended that attention be given to identifying the types of disruptive incidents to which the organisation could be subject, and arranging them by likely frequency and potential impact on the organisation.
Factors such as geographic and physical location, country and civil stability, the actual products and services offered, among other things, are likely to influence the types of disruptions listed, and how they are ranked. For example, tropical storms and hurricanes frequently occur across most of the Caribbean – from the Bahamas to Saint Vincent and the Grenadines, and so should feature prominently in pl developed in those countries. However, for pl developed in Curaçao or Guyana, for example, that specific type of storm might be considered a rare occurrence, as those countries generally lie outside the hurricane belt.
Within the context of an IT/ICT business continuity plan, disruptive incidents may be scheduled or unexpected, or may be internal to the network, or due to external forces. Examples of disruptive incidents that could affect an organisation’s IT/ICT infrastructure and ought to be listed and considered would include, but not limited to:
Following on from the previous question, this question encourages a fuller recognition and examination of the products and/or services that must be delivered by the organisation to its clients and customers. Generally, the results of that engagement are a key source of revenue for the business, or are otherwise used to gauge its performance.
Again, it may be necessary to rank the listed goods and services in order of priority, as acceptable delivery levels and downtime are likely to be more stringent for the most critical ones, and ultimately may vary across the list of products and services.