Risk response
212
and its key dependencies. It is important to understand the critical functions within 
the organization and identify key resources.
Determining BCP strategy will require the identification of risks to the business 
and decisions about how likely it is that the risks will materialize. It is also necessary 
to understand the impact of risks on the business. These assessments should then be 
used to prioritize treatment of the risks and to agree the likelihood and impact of the 
risks materializing.
Developing and implementing a BCP and appropriate controls for each of the 
identified risks will require decisions on the appropriate risk responses. The range of 
risk responses available have already been discussed as the 4Ts of hazard risk man-
agement. In respect of each of the major risks, the decision will have to be taken 
whether to tolerate, treat, transfer or terminate the risk.
Building and embedding a business continuity management (BCM) culture will 
require good communication throughout the organization. All stakeholders will 
need to be engaged and involved in the business continuity activities and will need to 
understand the reasons for the development of the BCP and DRP. The important role 
of all employees in the avoidance of incidents that could result in major disruption 
should be emphasized.
When developing the BCP, the mission-critical activities should be identified,
together with key roles and responsibilities. These may be produced in the form of 
clear instructions and checklists. It is important to exercise, maintain and review the 
BCP by creating a programme to test the plans, review and amend them as necessary, 
and rehearse staff to improve understanding of the plans. BCP and DRP should
be reviewed at least annually, as well as after a test of the plans. Also, if an incident 
occurs, the lessons learnt should be incorporated into the plans.
The flu pandemic of 2009 provides an example of the importance of BCP. Advice 
and guidance was produced for companies and individuals in many countries around 
the world. The box below sets out a summary of the key points provided in that 
guidance and the practical implications of the flu pandemic for business continuity. 
It is accepted by many governments that a pandemic is one of the most disruptive 
circumstances that could affect a country.
Pandemic contingency plans for an organization should aim to ensure continuity of essential 
operations during an extended period of high illness rates in the workforce, suppliers and 
customers. It should ensure that employees are not exposed to a high risk of infection in their 
workplace and aim to resume operations rapidly and competitively as soon as the pandemic 
cycle is over.
Critical business processes can be protected by allocating additional back-up personnel, 
diversifying activities across multiple locations and maximizing home-based working. 
Additional investments in spare workplace capacity might be needed, training more personnel 
to take over essential roles, and improving IT capability. Plans should anticipate that suppliers, 
equipment providers and support companies will be unable to function for some time, and 
Flu pandemic

Download 3.45 Mb.

Do'stlaringiz bilan baham: