BCM small encyclopedia directory
- The importance of enterprise and individual certification to BCM system construction
- In what ways has BCM improved during the 10 years
- A whole body or a whole new body
- BC has been redefined and DR has not changed. Is your BCM in place?
- New Application Scenario of Trinity in Enterprise BCM Construction
- How will artificial intelligence, big data, NLP and others combine with BCM in the future
- The impact of digital resilience and cloud native on BCM
- In the future, how to help enterprises to get a head start in the BCM field
BC has been redefined and DR has not changed. Is your BCM in place?
1. Business continuity management and disaster recovery
Business continuity management (BCM) and disaster recovery (DR) are two closely related practices that refer to the preparedness of an enterprise for unforeseen risks in order to keep the business running.
Business continuity management (BCM) is a comprehensive management process that predefines potential impacts that interfere with an organization’s ability to operate, enabling the organization to tolerate the impact of a loss of some or all of its business capabilities.
BCM is a business-oriented and business-driven process that establishes the appropriate policy and operational framework:
1. Improve the resilience of the organization to disruptions or interruptions in its supply of products or services; 2. Provide a reliable means of restoring the organization’s ability to supply its critical goods and services at an agreed level; Provide proof of ability to manage business interruptions and protect the reputation and brand of the organization.
BCM includes the entire management system for providing and improving resilience. BCM will create one or more business continuity plans. Small organizations may have only one business continuity plan that covers their entire operations. A large organization may have multiple business continuity plans, each specifying specific business recovery. The extent to which BCM is implemented in an organization will be appropriate to the size and scope of the organization and may be influenced by such factors as organizational budget and cost-benefit analysis. Key elements of BCM include:
1. Understand the whole content of the organization operation; 2. Understand the key products and services the organization must deliver (its goals); Understanding the obstacles or interruptions that may be encountered in the delivery of key products and services; 4. Understand how the organization continues to achieve its goals in the face of disruption; 5. Understand the possible outcomes in the implementation of controls and other mitigation strategies; 6. Understand the standards or trigger mechanism for implementing event processing and emergency response, as well as business recovery procedures; 7. Ensure that all members can identify their roles and responsibilities in the event of major disruption; 8. Achieve consensus and commitment on the implementation, deployment and exercise of business continuity; 9. Integrate business continuity as part of your daily work.
Disaster recovery (DR) is the process of re-enabling the data, hardware and software of an information system to resume normal business operations after a natural or man-made disaster. Disaster recovery is a part of business continuity management, its core is to evaluate and prevent the catastrophic risk of the enterprise, especially to timely record, backup and protect the key business data and processes.
2. The necessity of optimizing disaster recovery construction
Business continuity management is more broad, focusing on the strategy of the enterprise, with the goal of ensuring business operations and solving the problems of the whole life cycle, while disaster recovery is more operation-specific, system-oriented, focusing on solving the problems in the process and dealing with the problems after the event simultaneously.
Business continuity management is a crisis response framework that covers disaster recovery management, which is an integral part of business continuity management.
The main tasks of the business continuity plan include defining a detailed disaster recovery process, identifying the required environment and resources, and building the appropriate disaster response team. A business continuity plan is a set of high-level management and regulatory processes that enable an organization to respond quickly in the face of unexpected events to ensure that critical business functions can be sustained without business disruption or changes in the nature of business processes.
Often referred to as disaster recovery system belongs to the technical category of disaster recovery management, which is a very important part of a complete business continuity framework. Generally speaking, to build a disaster recovery system, IT is necessary to determine the scope and degree of business continuity management according to the requirements of the business and the scale of investment, and then put forward feasible plans for IT disaster recovery and recovery. Without any link, the construction of the whole disaster preparedness system is incomplete. Without the technical realization of IT disaster recovery and recovery, the planning and plan of the whole disaster preparedness system would be like water without a source and a castle in the air, with no foundation at all. Without a perfect business continuity system, the continuous operation of the whole business after a disaster cannot be carried out effectively, and the whole organization cannot form a linkage mechanism to achieve crisis response and emergency response.
Business continuity plan is based on enterprise strategy, dealing with long-term, oriented to maintain business continuity after interruption planning, the core is business continuity; A disaster recovery plan is a plan to restore the temporary normal operation of the business in an off-site location in the face of a major, catastrophic system failure.
When the business continuity management and disaster recovery combined into a single project, can’t develop in isolation of business continuity plan or a disaster recovery plan, requirement enterprise management staff and technical staff work closely, formulate feasible business continuity and disaster recovery plan and strategy, ensure effective linkage of business continuity management and disaster recovery.
According to regulatory requirements, the business continuity management of the enterprise should be continuously updated every year, including risk analysis, business impact analysis, business continuity management strategy or disaster recovery strategy, etc. Secondly, with the increasing business needs of enterprises, IT systems also need to be updated and upgraded frequently.
When we update the business continuity management of an enterprise, for example, the RTO and RPO of one or more business systems are updated, if the previous disaster recovery strategy and disaster recovery construction plan are still used, the disaster recovery of the business system is bound to cause deviation, which will further affect the business continuity of the system. Therefore, it is necessary to optimize the disaster recovery strategy and disaster recovery construction scheme of the disaster recovery system, so as to ensure the effectiveness and availability of the whole business continuity management of enterprises.
3. Content of disaster recovery construction
With reference to national standards and industry regulatory requirements, the use of advanced disaster backup service system and methodology, make the disaster recovery system of the construction of the index requirements, provide disaster recovery technology, resource and operation management experience, to establish a comprehensive business continuity plan, make the enterprise can play its biggest advantage of the business, to strengthen its business system safe operation and risk prevention capabilities. The content mainly includes:
● Status Analysis
The status quo of the operation environment of the information system is sorted out, classified and analyzed to provide a basis and basis for subsequent risk analysis, business impact analysis, recoverability analysis and the formulation of disaster recovery strategies.
● Risk analysis
Analyze the basic environment of the machine room of the production center to identify the vulnerability of the information system and the possibility of emergency. Evaluate the effectiveness of existing risk control measures and propose appropriate risk prevention and control measures.
● Business impact analysis
After the completion of the risk analysis, further through the means of business impact analysis, the risk of these business system functions and processes, and when the function failure caused by the loss and the extent of the impact of analysis. Thus, the key business functions and processes are confirmed, and the business system is classified at the critical level.
● Recovery analysis
Before defining a disaster recovery strategy, it is important to understand the current system’s ability to respond to a disaster. According to the overall goals of the construction of the system of disaster information system and related regulatory requirements for reference, to assess the current system can restore ability with the actual needs of the business system can restore ability, the gap between audit emergency response ability and level, and the current recovery ability, the gap between actual situation and the target, provide the basis for the next step for disaster recovery strategies.
● Disaster tolerance strategy formulation
According to the results of risk analysis and business impact analysis, combined with the specific situation of the information system of environmental conditions, the comprehensive evaluation of the various solutions under the premise of investment costs and benefits, do the planning of construction of disaster recovery strategy, at the same time to complete a variety of disaster recovery form a complete set of resources and services to support planning and deployment.
● Disaster backup system technical plan formulation
According to the pre-formulated disaster recovery strategy and information system business continuity planning, combined with the current situation of the production system, a comparative analysis is made of various alternative disaster recovery technical solutions, so as to customize a reasonable, complete, feasible and risk-cost appropriate disaster backup system technical solutions for enterprises.
● Emergency response and disaster recovery plan development
Develop or improve customer’s information system emergency management process and emergency response plan based on all aspects of emergency management requirements.
Determine emergency response and disaster recovery organizational structure and job responsibilities. Formulate business recovery process, information system fault diagnosis and disposal process under specific disaster scenarios, assist customers and related manufacturers to write information system disaster recovery manuals.
● Organize and implement disaster preparedness drills
Implement necessary desktop drill, simulation drill and actual combat drill. Conduct awareness education for relevant IT and business personnel and complete the review of the draft plan.
Conduct specific drills and validation tests as necessary to focus on the usability of critical disaster preparedness systems.
Evaluate and summarize the drill work.
To be continued