" Business Continuity Management is about proactively improving the organization's resilience to contingencies , providing mechanisms to restore key products and services within a limited time frame, and protecting corporate reputation." hollyhealthfitness
Previous recommendation, read:
• What is
Business Continuity Management?
Foundation for the establishment of a sgcn
The name SGCN disaster may be thought of as a misnomer,
because an interruption from which an organization can recover through a
planned strategy through a SGCN cannot be classified as a disaster.
Essentially, a BCMS provides the organization with the
ability to absorb the impact produced by an unexpected incident and prevent the
stoppage of critical business functions.
On the contrary, there is abundant evidence to prove that
those organizations that implemented a BCMS have a much better chance of
recovering from a catastrophic event than those that did not . This is the
essential foundation for developing business continuity plans.
This type of planning provides a series of procedures and
recovery strategies not only for IT resources, but also for information,
whether digital or on paper, third parties, personnel or facilities, which
would be very difficult to design and develop on the fly when it happened. a
disaster.
There is even a training and testing phase of the plan,
which encourages those who play a role within the plan, to be better prepared
to face a possible disaster situation and respond in a rational way to the
great irrationality and chaos that accompanies it. type of crisis.
Beyond these substantial contributions, effective planning
that includes the identification and implementation of mechanisms that can
prevent the occurrence of certain disasters will be of great help to prevent
avoidable disasters . Additionally, planning effectiveness can be measured in
terms of potential disaster events that have been minimized or eliminated.
There are a number of additional benefits that come from
developing a BCMS :
1. Reduction
of insurance costs : an effective implementation of a BCMS can reduce the costs
derived from insurance contracts in two ways. The first reduction can be seen
through the risk analysis and impact analysis carried out as part of the plan,
with which the current insurance coverage can be adjusted. Often, in the
absence of these analyzes, the identification of the risks that require the
contracting of insurance is carried out informally, resulting in the
acquisition of coverage that is inappropriate or that is not justified in
relation to cost / benefit.
Another way the plan can help reduce costs is by emphasizing
prevention . For example, if the existence of a fire risk is identified in the
data center and automatic detection and suppression systems are installed, the
ability to prevent major evils, or for immediate detection and correction, is
demonstrated, which can be used to reduce the costs of fire insurance.
2. Use of
recovery equipment for the business : in some cases, the equipment and
facilities acquired for the SGCN, can be used as development equipment, as test
equipment, even as production equipment. Also certain systems such as generator
sets or UPS, provide services that will improve the functionality of the
protected systems during normal activity.
What type of organization does a sgcn require as a priority?
The planning of information systems varies according to the
organization . As we pointed out previously, not all organizations require the
same level of trust in their information systems for the survival of their
products and services, although nowadays there are few that can dispense with
their information systems and maintain their level of competitiveness.
A model that can be useful to visualize these concepts is
the strategic convenience model developed by Macfarlán and other authors. They
are based on two important factors that they measure:
• The
strategic importance of the existing information systems in the organization.
• The
strategic importance of the systems planned for their future implementation and
according to them, the nature and amount of planning required is determined.
They identify four types of organizations, each with
different IT systems planning needs. They are the following:
1. Advisory
or consulting organizations . Both existing and planned systems have little
strategic impact on these organizations. This is the case of professional
services, which could continue to operate even in the face of a disaster that
interrupts the operation of its existing systems.
2. Factory-type
organizations . Although systems planned for future deployment are unimportant,
existing and operating systems are critical. These organizations require
moderate planning efforts, which should focus primarily on short-term resource
needs.
3. Organizations
undergoing restructuring. Although existing systems are relatively unimportant,
planned systems are critical. Planning efforts that can range in size from
moderate to large will be required and must focus on the needs of the long-term
anticipated applications. This could be the case in a rapidly growing
manufacturing company, where the new systems envisioned are absolutely
necessary to enable the firm to achieve its strategic objectives.
4. Strategic
organizations . In them, both existing and future systems are critical. They
must undertake substantial planning efforts focused on short- and long-term
application and resource needs. This is the case for organizations such as
banks, insurance companies and large retail companies. In these cases, the
organic interaction between IT Management and General Management must be very
agile, to the point that in some international firms the IT Management rises
hierarchically to become IT Management, and its holder joins the Board of
Directors of the organization.
Of these four types of organizations, mainly factory-type or
strategic organizations are those that require this type of planning due to
their dependence on their current and future information systems .
In advisory or reorientation organizations, the dependence
on their information systems is not as marked as in the case of the previous
ones, so, although it is advisable to have business continuity planning and
services, it is not done so essential.