Business Continuity Management is the ability of an organization to continue providing its products and services in the face of a disruptive scenario, in a planned and appropriate manner within pre-defined time limits and commitments.
This capability unfolds in the prevention and in the planned and prepared recovery to the “normal state” after the occurrence of a disruptive scenario, i.e. of an incident or event that caused an interruption in the availability of products and services, according to the commitments made by an organization.
The pandemic, but also more common situations such as a fire that destroyed part of a company’s facilities, floods that prevent access to the facilities, a computer problem that causes unavailability of information, leak of sensitive information, or a “successful” cyber-attack, are examples of disruptive scenarios that put existing structures to the test.
In the last two years, many organizations have not been able to withstand the direct and collateral effects of the pandemic. Others could not withstand the consequences of the cyber-attacks they suffered. Had these organizations thought about and prepared for the occurrence of these scenarios?
In order to prepare for Business Continuity, managers must answer a set of relevant questions about their organization:
- What are the vulnerabilities that characterize my organization?
- What disruptive risks/incidents is my organization subject to?
- What critical activities is it crucial to protect in order to continue to provide my products/services in the event of a disruptive incident?
- Should a disruptive incident occur, what impact (legal, operational, financial, reputational) will it have on my business?
- Should an incident occur, what is my time objective to restore my business to normal mode?
- If an incident occurs, what is the level of loss and acceptable time frame for restoring information?
Subsequently, the development of a set of activities and tools that are consolidated into a Business Continuity Plan (BCP), in which existing vulnerabilities are identified, potential disruptive scenarios, critical activities to be protected, resources (primary and redundant) needed to ensure the continuity of operations and the necessary tests to ensure the adequacy of the plan against the risks identified, allows organizations to be adequately prepared to continue their business, within pre-established limits, in disruptive scenarios.
Some organizations present a BCP essentially focused on the IT aspect, which will be insufficient, since the risks and disruptive scenarios will not only be technological, but also human, process, infrastructure, among several others.
Should all organizations and different business sectors be concerned with these issues? Yes. However, organizations (public or private) whose activities, systems, assets, networks (physical or virtual) and infrastructure are critical to the survival of a nation, and whose unavailability would compromise the economy of the country, the health and safety of its people, should have a redoubled concern. Examples of critical sectors are: health, energy, transport, finance, water and sanitation, communications, education, emergency services, and information technology.
The responsibility for ensuring that the relevant issues are properly addressed, particularly in Critical Sectors, is divided. On the one hand, it should be the Regulators of the sectors, who should consider this approach as a requirement for the respective operators. On the other hand, from the Leadership of the Organizations.
Business Continuity Management is a strategic commitment made by the organization, through its Leadership, to its stakeholders. The Leadership will assume the Business Continuity Plan when it has to be activated; will quantify, especially from a financial and reputational point of view, the impact of incidents on the business (Business Impact Analysis – BIA); will approve the investment for resources and redundancies needed to ensure Business Continuity in case of a disruptive incident. It is therefore crucial to have our Leadership sensitized and committed to the Business Continuity of the Organizations.
In this way, we will have a more resilient network of organizations and infrastructures, which will better respond to disruptive risks and incidents, unfortunately increasingly serious and frequent.
Article Written by Insite Moçambique
