Introduction. Objectives and Guiding Principles
Objectives:
- Build greater organizational resilience.
- Safeguarding interests of key stakeholders.
- Helping management in minimizing disruptions.
- Maintaining adequate recovery capabilities
- Communicating business continuity management.
- Developing a continuity culture
Guiding Principles:
- Aligning with 2040 Oman national vision.
- Clear authority, accountability, and responsibility.
- Creation of a continuity culture.
- Integration with strategic decision making.
- BCM ownership and regular BCM review
Governance
Governance during the BCM implementation deals with the following elements:
- Use of current structures, processes, and documents;
- Outlining roles and responsibilities of the stakeholders;
- Establishing scope, objectives, and policy;
- BCM reporting;
- Maintaining BCM documentation;
- Addressing legal and regulatory concerns
BCM Roles and Responsibilities
Program Sponsor:
- Protects and enhances continuity culture
- Provides high-level guidance
- Informs the board on all business continuity matters
BCM Committee:
- Promotes a responsible environment
- Ensures continual business service
- Ensures testing and results of BCM, disaster recovery and emergency planning
BCM Team
- Managing BCM program implementation
- Rolling out BCM program
- Reviewing and proposing critical program change requirements
BCM Champions
- Contributing to development of BCM in designated areas
- Identifying and embedding BCM indicators
Business Impact Analysis (BIA)
BIA handles the following information:
- Critical processes;
- Critical dependencies;
- Recovery times for dependencies;
- Threats and exposures;
- Current controls;
- Activity prioritization
Recovery Strategies
Recovery strategy recommendations are:
- Cross skilling;
- Process guides;
- Resource planning.
Business Continuity Plan (BCP)
Sections of a BCP:
- Document administration
- Invocation and management process
- Process prioritization
- Interim measures
- BCP tools
BCM Training and Testing
Training and Development:
- Illustrates the roles and responsibilities of BCM.
- Delivered through current training protocols
- Ensures staff are assigned BCM roles
Testing and exercising:
- Facilitated discussions
- Desktop walkthrough
- Simulated exercises
References
ISO 22301 – International Standard; Societal security – Business Continuity management systems – Requirements.