What is BCMS (Business Continuity Management System) ?
BCMS (Business Continuity Management System) A.K.A ISO 22301, refers to formulation and implementation of plans & policies that maintain the continuity of the organization in the event of a disruption.
Elements of Business Continuity Management System (BCMS)
BCP (Business Continuity Plan):Is a means to completely plan ahead of time, all the protocols & actions that need to be taken in case on disruption. BCP focuses on doing a compete audit of critical & non critical functions of an organization, doing the whole BIA (Business Impact Analysis) & formulating the plans according to the governance plan.Eg; Reporting structure, BIA doc., Risk assessment, Policy document, etc.
Reporting Structure BCM
Risk Rating Key (Used for BIA & Risk Management)
DR (Disaster Recovery): When a disruption occurs, steps taken towards bringing the business back up and running & recovering the losses is called Disaster recovery.
BIA (Business Impact Analysis): Identifying the critical processes of the system and measuring the impact any disruption may have on it combined by the maximum down time one can afford and the minimum loss one can bear is called Business Impact Analysis.
RTO (Recovery Time Objective): RTO is referred to the maximum acceptable time that the system/process can stay offline/down after a disruption. The more critical the process the lesser the RTO, generally measured in seconds to minutes.
RPO (Recovery Point Objective): RPO refers to the minimum amount of process/systems that are needed to resume in order for the systems to be up and running after a disruption. Eg: if a laptop crashes in the middle of an operation, the minimum settings at which the laptop needs to be switched on the Factory data/settings reset or the point at which the last time data was backed up, which can be pronounced as the laptop’s RPO.
Source: “BCM Concepts: RTO, RPO and MTPD”- Dr. GOH MOH HENG
Knowledge of above stated term definitions are the ones regularly used in the process of BCP-DR planning and execution.
Part 2 of this blog will define “HOW” these terms come into play when the time comes.