Business continuity planning

Business Continuity Management ( BKM ) (English business continuity management (BCM ) ) referred to in the Business Administration to develop strategies, plans and actions to activities or processes - would cause the interruption of the organization serious injury or devastating loss - to protect or alternative processes to allow. The aim is thus to ensure the continued existence of the company in terms of economic sustainability in the face of risks with a high level of damage.

BKM collectively referred a management method that will secure the continuation of the business under crisis conditions, or at least unpredictable severe conditions on the basis of a life cycle model. There is a close relationship with risk management. In the German-speaking countries, the BKM is sometimes seen as related to information security, IT contingency planning and facilities management. Connections are also to ideas of corporate governance.

Historically proven is the military origin in Chinese literature (Sun Tzu, 500 BC, see annotated translation "The Art of War", ed Lionel Giles, The British Museum, 1910), and later with the German military theorists such as Clausewitz. The ongoing planning, implementation and successful completion of its own plans despite enemy action and disturbance was transferred with onset of the industrial revolution to the occupational events.

Characteristic of the transition from military terminology for civilian use include (USA) Civil defense, homeland security, (D ) Civil defense, civil protection. The development of the BKM took place from about 1950, primarily in the U.S., but using the fundamentals from Europe. From about 1980, the perception in the direction of information technology, their increasing importance in the company was a separate risk factor changed. Ensuring the IT operation is performed by IT Disaster Recovery, German " IT contingency planning."

In the recent past the term of the BKM has been extended to the overall operation again, including through such as the ( U.S. ) Sarbanes- Oxley Act of 2002 and the (UK ) Civil Contingencies Act 2004. Implicitly legislation, the BKM is more for (D) control and transparency Act 1998, (D, A) codes of corporate governance. In addition, the description of the BKM by multiple standards and industry standards, such as ( international) ISO 17799 (USA) NFPA 1600 (AU, NZ ) BCM Better Practice Guidelines, ( GB) BS 7799: 2002 (2 ) (A) ÖNORM A 7799 publication by the Basel Committee in terms of the Second Basel II Capital Accord, (D) the minimum requirements for risk management for credit institutions ( MaRisk).

Method and scope of the BKM are published in the so-called " Good Practice Guide ", published by the (UK ) Business Continuity Institute. Central competences for practitioners in the (UK, USA) " Joint Standards" regulated that are issued jointly by the Business Continuity Institute and the Disaster Recovery Institute International.

The German Federal Office for Security in Information Technology ( BSI) BSI standard 100-4 created " emergency management " as a supplement to basic IT protection the theme of BKM.

In order to incidents (see also Incident Management ) or to continue the processing of transactions of a company in the event of a disaster ( Business Continuity ) analysis and planning must be made.

It is primarily determine

• Which processes necessarily have to be maintained and
• What measures are necessary.

These priorities need to be defined and assigned to needed resources. A measure in the course of business continuity planning is disaster recovery, but the whole process of business continuity has to deal also with many other points.

Technical description of

Business continuity management is the development of an efficient emergency and crisis management for the purpose of systematic preparedness in the face of loss events, so that key business processes, even in critical situations and emergencies are not or only temporarily lost and the economic existence of the company remains secure despite loss event.

Of business continuity management objective is to generate and proclamation process definition and documentation of operational and documented emergency preparedness plan that is precisely tailored to the individual companies, as well as the awareness of all employees on the topic of " economic livelihood in a business-critical emergency situation."

Disaster scenarios

The type of events ( incidents ) can be divided into different sections:

• IT / system failure
• Building failure
• Failure of staff (eg pandemic )
• Failure of suppliers / partners

Depending on the event, the company will respond to a specific disaster scenario. To ensure the continuity of the company, is to respond to a system failure, unlike a strong increase of diseased staff. For the first case, the company will obtain parallel IT systems to bridge the failure of a system of alternative resources. A large loss of personnel is to be treated from the company's perspective rather with prevention measures. As an example, such as enhanced hygiene measures at announcement of a pandemic to call.

Social Security

In September 2007, by the ISO TC 223 " Societal Security " the international standard ISO / PAS 22399 " Societal security - Guideline for incident preparedness and operational continuity management" published. He was adopted by all 50 states and is represented concretely based on the best practices ( or standards ) from five nations: the American NFPA 1600, the British BS 25999-1:2006, the Australian HB 211:2004, the Israeli INS 24001: 2007 and Japanese regulations. The acronym stands for Incident Preparedness IPOCM and Operational ( business ) continuity management. IPOCM is understood as an extension of the BKM. While BKM company focused IPOCM refers beyond both private and public organizations and administrations, and puts the focus regardless of the type of the event to maintain or to restore vital infrastructure. The International Organization for Standardization (ISO) in mid- May 2012 the new standard ISO 22301:2012 named " Societal security - Requirements - Business continuity management systems" adopted final and published. The standard serves companies in the implementation of a business continuity management system and can serve as a basis for certification. As the ISO 9001 quality standard, even this standard apply to organizations of all sizes and industries.