"Guidelines are those procedures and activities which are recommended in a preset design plan. However depending upon the needs and requirements of the target business function, these items may or may not be performed, or may be altered during implementation."
British Standard 25999-2 and other standards provide a specification for implementing a business continuity management systems within an organization.
Business Impact Analysis (BIA):
The BIA can be used to identify extent and timescale of the impact on an organization. For example it can examine the effect of disruption on strategic, functional and operational activities of an organization. BIA can determine the effect of disruption on major business changeswhich include introducing new product or services. Most of the standards require that business impact analysis should be reviewed from time to time appropriately for each organization and whenever any of the following occur:
- Major changes in the internal business location, process or technology
- Major changes in the external business environment – i.e market
Security is the top priority in today's global business environment. Security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. If an organization fails to pass security audits, financial and management changes may impact upon an organization.
Complete and up-to-date documentation is the ultimate solution to ensure sustainable growth in business turnover or profit. In today's large information technology environment profit or business turnover has to be planned as part of the Business Continuity process. Documentation makes sure that new personnel have the information they need in order to become knowledgeable about business functions which they have to take care of.
Regulations require that changes to business functions must be documented and tracked for auditing purposes. This process is designated as "Change Control". This enhances the level of stability by requiring the support personnel to document and coordinate proposed changes to the underlying systems. As this process becomes more and more automated, the emphasis will be more upon regulatory compliance and less upon personnel control.
Audit Management is the most time consuming activity in the field of information technology. Business functions should be designed to automatically generate documentation and information compliance with audit. This will in turn reduce cost and time consumption associated with manually producing such information.
Communication in the time of distress is the most crucial component of Business Continuity. The Disaster recovery team must be able to communicate effectively among themselves as well as with managers, directors, customers, partners, and even with the media.
Service Level Agreement (SLA):
SLA is an interface between the organization (which provides the service) and the client. SLA ensures that the organization continues to maintain a high level of service quality. The organization commits itself to providing that level which is normally given as a percentage out of 100. SLA is a written contract which engages the expectations of clients with regard to the availability of a necessary business function, and the deliverable that information technology provides in support of that business function.
This is it folks. There will be a new topic in the upcoming post. Keep visiting the Microcom IT's blog for more informative posts.