You are here
Business Continuity Management
The Comprehensive Disaster Management Policy Framework of Trinidad and Tobago (2010) has as one of its imperatives to mainstream Disaster Risk Management in government operations, business and the society. This is consistent with regional and international strategies for disaster risk reduction.
What is Business Continuity Management (BCM)?
BCM involves planing for operations during and after a crisis/emergency. The aim of BCM is to:
- Ensure that essential functions can continue during and after the crisis/disaster
- Prevent mission critical service interruptions
- Be able to re-establish full functionality as quickly as possible
Some important BCM considerations:
- Embed BCM into business-as-usual operations, incorporating sound practices
- Understand and appropriately mitigate interdependency risk of critical business functions
- Plan for wide-area disruptions
- Advocate and develop policy and institutional frameworks for the conduct of risk management in the sector
- Identify critical infrastructure assets, their locations, potential vulnerabilities, and prioritise their importance
- Establish (secure) communications capability and protocols for communicating during an emergency
- Ensure sufficient staff with appropriate clearances/training to coordinate in the event of an emergency
BCM involves the following steps:
- Risk Assessment and Analysis
- Business Impact Analysis
- Strategy Development
- Emergency Operations
- Crisis Communications
- Coordinating with External Agencies
- Plan Activation
- Plan Development
- Awareness & Training
- Test & Exercise Programs
- Maintaining & Updating Plans
Information Technology
Information technology (IT) is often a key aspect of business continuity. IT refers to both the hardware and software that are used to store, retrieve, and manipulate information. At the lowest level you have the servers with an operating system. Installed on these servers are things like a database and web serving software. The servers are connected to each other and to users via a network infrastructure. This ability to operate systems with great precision, speed, from great distances and store masses of information also can cause catastrophe if the system fails or is accessed by unauthorized personnel. This can cause an escalation of events like financial corruption, disruption of industrial processes, communication issues and loss of irretrievable information.
IT Threats
Natural hazards: High winds and heavy rain can easily disrupt communication as is often the case with Direct TV, cell phone signals, wireless internet signals and other wireless signals. This can cause miscommunication and may lead to further problems. Telephone lines and electrical lines can also be blown down and these should be dealt with by professionals are they are very dangerous can electrocute someone. There may also be severe Economic loss to the state and private companies
Theft: Copper cables were the traditional way of communication and this metal is expensive so it is stolen and sold. Physical laptops may be lost or stolen, there may be loss of irretrievable and proprietary information. If information gets in the wrong hands, a lot of damage can be done. Identity theft may occur when a person pretends to be someone else for credit access, to commit crimes without be traced, to obtain medical benefits and any other privileges. Information to commit these crimes is usually obtained from social networks like Facebook and MSN messenger through hacking. This can also occur when computers are being ‘fixed’ by information technology personnel so persons must be extremely careful.
Sabotage: This is usually achieved through the use of computer viruses and hacking but can be done by physical means as well. All power generation and industrial processes are electronically controlled as well as banks and other financial institutions. Interference with these systems can lead to financial instability, loss of power to communities and may trigger huge catastrophes in certain industries.
Hardware and software failure: This may have some of the effects as discussed in the Sabotage section.
Lack of knowledge: Even though there is a growing knowledge of computer and technology use, most users know very little about proper care and storage of this delicate and sensitive equipment. Electronics are made of semiconductor material and extremely sensitive especially to heat. An increase in temperature can lead to hardware failure. Also misuse of software programs can lead to unauthorized entry from hackers and viruses.
How to reduce the risk of information technology hazard
- Antivirus software, firewalls and regular updates.
- Backup for data regularly and remotely.
- Power backup systems, e.g., UPS and generators.
- Physical security. Limit access to unauthorized persons.
- Businesses should develop communication plans in the event of an incident.
- Limit the amount of personal information provided on networking sites.
- Avoid entering unknown sites and online games.
- Ensure cooling systems and other hardware are performing adequately.
- Monitor anyone that you give access to computer.
- Fireproof storage should be used for valuable equipment.
- Educate and inform users about when a virus is detected.
References
- Naude, Wim, U Amelia Santos-Paulino, and Mark Mc Gillivray. Vulnerability in Developing countries. Hong Kong: United Nations University Press, 2009.
- Rausand, Marvin. System Reliability Theory. Wiley, 2004.
- Wallace, Michael, and Lawrence Webber. The Disaster Recovery Handbook. New York: AMACOM, 2004.
Further Reading
- Telecommunications Authority of Trinidad and Tobago
- NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs
- Societal Security Management System Standards
- Click the image below for a presentation on the ODPM-Ministry of Public Administration Government Business Continuity Initiative