S 6.116 Integrating business continuity management into organisation-wide procedures and processes
Initiation responsibility: Top Management
Implementation responsibility: Top Management, Emergency Officer
Organisations often already have a general risk, security, and crisis management system, especially larger organisations. Operational risks, including the IT risks, are an integral component of risk management and security management. Residual risks, which are still present in spite of the precautions taken, are to be covered by the crisis management.
Business continuity management examines all risks that could lead to the disruption or failure of critical business processes. This means business continuity management overlaps with many areas of risk management, security management, and crisis management. For this reason, the methods used to manage risks in the area of business continuity management should be coordinated with the methods already in use. It is essential that the work instructions or service agreements from different areas of an organisation do not contradict each other.
Integrating aspects of business continuity management into all business processes
The management must have an overview of the business-critical, specialised tasks, business processes, and information. The Specialists Responsible and the business continuity management team must specify concrete rules for integrating continuity aspects into the planning and implementation of business processes (such as safeguards and classification, for example).
Change management
Change management deals with the planning of changes to processes, infrastructure, hardware, and software. Organisational rules must be in place ensuring that the aspects and needs of business continuity management are taken into account.
Review questions:
- Is it ensured that business continuity management aspects are taken into account in all business processes of the organisation?
- Are the processes, rules, and responsibilities in business continuity management co-ordinated with the risk management, security management, and crisis management (provided that such management systems are present in the organisation)?