Continuity management refers to the activity that takes place in a commercial enterprise to ensure that all critical business processes will be available to customers, suppliers, and other entities that must access them. These activities include many daily tasks such as project management, backup systems and helpdesk. Business continuity is not implanted in a disaster, but refers to all activities that are performed daily to maintain service and facilitate recovery.
The basis of the progression control are policies, guidelines, standards and procedures implemented by an entity. All the design, implementation, support and maintenance of systems must be based on obtaining a good progression plan, disaster recovery and in some cases, support system. Occasionally, the continuity or contingency plan is confused with the management of disaster recovery, but they are different concepts. Disaster recovery is a small part of progression management.
The term continuity describes a philosophy or methodology for developing business activity, while planning determines which methodology to use. The continuity plan can be seen as the methodology used daily to ensure the normal course of business. The components required in the plan include: policies, guidelines, standards and procedures.
Policies are a set of rules imposed by the management level of an organization that support all business processes developed according to a certain plan. The guidelines are a series of concepts recommended for monitoring the designated plan. However, depending on the needs and requirements of business, these guidelines can be ignored or altered during implementation.
The standards consist of technical specifications made for the implementation of all business processes. They are a derivative of policies and guidelines. In 2007, BSI – British Standards Institution, published the standard BS 25999 parts 1 and 2 to establish the continuity management of organizations. ISO 22301, an international standard for managing progression from the previous BS 25999 was published in 2012.
The British Standard 25999-1 provides specifications for the implementation of a system of continuity control in an organization. This task can be complex in large companies that hire experts and consultants that offer support and training in this regard. The concept of progression management implies that the underlying resources are implemented and deployed in a certain way. This allows it to be easily restructured depending on the needs of an entity.
This level of flexibility requires that all business functions are planned and implemented from the start, with the mindset of having a continuity plan. Part of the task is to ensure the continuity of all staff in a commercial enterprise. This understanding should be apparent in staff training, so that employees can guarantee progression even when there is a constant input and output of staff. It is also important to have different individuals with the same knowledge, especially at critical times when the person with the expertise is not available.
The whole concept of continuity administration is based on the business processes of a company, and assigning a level of importance to each process. An analysis of business impact is the main tool to collect this information in order to assign criticality, recovery objectives and recovery time for each of them. It can be used to identify the impact at different levels of a commercial enterprise. For example, you can examine the effect of a disruption in operational activities or functional strategies.