Understanding Business Continuity Management

No businessman wants disruption, disaster, or anything that can hinder the running of the business. Most of them even commented that they were reluctant to think about it, as if they were expecting something bad to happen. It is important to realize that anticipating does not mean expecting something bad to happen, but rather a smart action to avoid losses that may occur.

People will bring umbrellas before it rains, right? If it is raining and looking for an umbrella, it can be said that it is useless.

That is why you must pay more attention to Business Continuity Management (BCM), a mechanism that will ensure what each member must do when a disruption occurs so that the business can continue to run. Sometimes this is underestimated, but without BCM, you can be sure that you will lose your way later, when something unexpected happens.

Threat analysis

No matter what your business is, regardless of scale, it is important for you to identify possible threats that could disrupt your business operations. You can group it into 2 groups, internal threats (threats that come from within) and external threats (threats that come from outside). Threats from within, for example something that disrupts operations caused by employees, key people who get sick suddenly, resign, or even other fraudulent acts . Meanwhile, external threats, such as power outages, signal interference, natural disasters, cyber threats ,and others. Rank the likelihood of each possible threat. Which threats have the greatest chance of happening so that things will happen very rarely.

It is important that you are able to identify as many possibilities as possible and then come up with various scenarios to overcome them.

Business Impact Analysis / BIA

Analyze the impact that will occur due to the various threats that exist. Determine what risks can occur, whether financial, operational, or even legal risks. Then determine how much time it will take to recover.

Business Continuity Plan (BCP)

Start compiling BCP, how you can have a disaster recovery strategy based on BIA and the scenarios you have compiled beforehand. For example, that you have to relocate your core employees to another place so that the business can continue to run Business Continuity Center (BCC). Another example, moving servers, backup equipment, turning on generators, and so on. The target is that the business can get back to running as much as possible. Things to consider are that this concerns the emergency organizational structure, the expertise that must be possessed in an emergency, the procedures that must be met, the technology required, also how to restore it to its original state (Disaster Recovery Plan / DRP).

Memahami Business Continuity Management

You already know that as a first step in developing Business Continuity Management, you need to analyze the possibility of a threat, its impact on the business, so that it can produce a Business Continuity Plan (BCP). (Read: Understanding Business Continuity Management (1) ).

For example, if there is a big flood which results in employees being unable to go to the office while that day is the day to pay salaries, then who are the key people who should take part in controlling the work of the payroll system and where and how to do it.

Test BCP and renew

The key to the success of the BCP is when it is tested periodically and updated when needed. It is important to do it consistently by involving all employees and not taking it lightly. Based on my experience, conducting trials that involve all employees is not easy because not all employees have the same level of awareness .

As a simple example is to create an emergency communication chain, how in an emergency the department head must contact all department heads and each department head contacts the manager under him to then the managers contact the team leader and the team leader contacts the members so that the latter will return to the head. department.

However, at the time of testing, well, not necessarily everyone thought that this was important. For example, if you try it at midnight, it assumes that anything can happen in the middle of the night. Then the success rate is measured. If it does not reach 100% then evaluated what is the cause of failure. For example, if each person only records one cellphone number. If the cellphone is not active it automatically cannot be contacted. If so, then it can also record landline numbers or other numbers that can be contacted.

An emergency simulation can also be made to test BCP, for example at the weekend to analyze what could be the problem.

The importance of socialization

You must appoint one person who will be the team leader who will determine whether a condition has met a condition that can be said to be an emergency or not. This team leader is also the one who is obliged to make periodic outreach to ensure that all employees know about it, including new employees.

The most important thing is how to make sure every employee knows what things to do and who to call when an emergency occurs. A BCP that is not socialized to all members will only make BCP a meaningless pile of documents.

Very flexible

It is certain that each organization’s BCM will be different from one another depending on its core business . BCM in the hotel industry will be different from banking, it will also be very different from education. Therefore, changing the business will also mean changing BCM, including changing the organizational composition, technology, or changing infrastructure.

Therefore, a team is required to monitor BCM and ensure it is in line with company operations.

Again, no one likes threats, but choosing not to think about them is a great folly.


Leave a Comment