Raising Business Continuity Management Awareness in Malaysia



Similar documents
External Supplier Control Requirements BCM

INFOSEC.MY KNOWLEDGE SHARING SESSION

Business Continuity Planning

Business Continuity Management

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management

Business Continuity Management Policy and Framework

Business Continuity Planning advice for Businesses with employees

Coping with a major business disruption. Some practical advice

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Business Continuity & Disaster Recovery

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BS BUSINESS CONTINUITY MANAGEMENT

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

Business Continuity Management Framework

BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Principles for BCM requirements for the Dutch financial sector and its providers.

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity Policy

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

BUSINESS CONTINUITY PLAN

Emergency Response and Business Continuity Management Policy

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

Overview TECHIS Manage information security business resilience activities

BUSINESS CONTINUITY POLICY

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Information Services IT Security Policies B. Business continuity management and planning

Business Continuity Policy

The Resilient IT Infrastructure

South Norfolk Council Business Continuity Policy

Business Continuity Business Continuity Management Policy

BCP and DR. P K Patel AGM, MoF

Each section has handy hints and advice on completing your plan along with links to further information which you can download and print.

Business Continuity Planning (BCP) 101

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

BUSINESS CONTINUITY STRATEGY

LFRS Business Continuity Planning

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Business continuity management policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Business Continuity Management AIRM Presentation

Business Continuity Management. Policy Statement and Strategy

The International MBA in Corporate Security Management (IMBASM) Distance Learning

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

Business Continuity Planning:

Merrycon s Approach to Business Continuity Management

Business continuity management policy

Prudential Practice Guide

Business Continuity Planning advice for Businesses with over 250 employees

IT DISASTER RECOVEry

Business Continuity Management Policy

Team Business Continuity Plan Guide

Solihull Clinical Commissioning Group

Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction

Business Continuity Planning. A guide to loss prevention

Business Continuity Planning and Disaster Recovery Planning

Business Continuity and Disaster Planning

Business Continuity Management

GLASGOW LIFE Review of Business Continuity Planning. Final Report

NHS 24 - Business Continuity Strategy

Supervisory Policy Manual

Council Policy Business Continuity Management

Company Management System. Business Continuity in SIA

BUSINESS CONTINUITY POLICY

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

How To Manage A Disruption Event

Business Continuity Plan

Business Continuity (Policy & Procedure)

Risk Management Guidelines

Business Continuity Management Planning Methodology

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

How To Manage A Business Continuity Strategy

July Introduction Sound Risk Management

Chapter I: Fundamentals of Business Continuity Management

Proposal for Business Continuity Plan and Management Review 6 August 2008

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

How to Exercise a Business Continuity Plan (BCP)

BUSINESS CONTINUITY STRATEGY

Guideline - Business Continuity Plan

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Management

BUSINESS CONTINUITY POLICY RM03

Business Continuity Policy

Business Continuity Management Policy

White Paper: ISO Business Continuity Management An Overview. ISO Business Continuity Management An Overview

Business continuity plan

Business Continuity Plan

Transcription:

Raising Business Continuity Management Awareness in Malaysia Shamsuddin Abdul Jalil Abstract: An effective Business Continuity Management (BCM) framework guarantees information availability and plays an important role in ensuring an organisation's survivability. Such a framework is critical as it will also provide reliable assurance on ensuring continuity of critical business functions in the event of crisis or disasters. Despite its importance, the level of awareness regarding BCM in Malaysia is still at its infancy in many industries. Therefore, this paper will propose steps that can be taken to significantly increase the level of BCM awareness in Malaysia and thus enable organisations to better prepare themselves to manage crisis or disaster situations. Keywords: Business Continuity Management, critical business functions, awareness, crisis, disaster I. INTRODUCTION TO BUSINESS CONTINUITY MANAGEMENT Business Continuity Management (BCM) has grown in importance significantly over the years and a survey conducted on IT managers by Gartner in 2000 revealed that over 60% of the businesses surveyed did not have a basic plan to mitigate the effects of a disaster [1]. More worryingly, other Gartner surveys [2] found that: Half of all businesses that are impacted by a disastrous event are out of business for two weeks following the event. Two out of five enterprises that experience a disaster will no longer be in business five years after the event. Thus, based on the survey results above and many other surveys done on business continuity, it is difficult to play down the importance of having a comprehensive BCM framework in organisations. The ability of organisations to operate normally after experiencing a crisis or disaster situation, and in some cases even its survivability, hinges on whether or not they have an effective BCM framework in place. This goes on

to show that any organisation will find it very difficult to resume normal operations in the event that they are hit with a crisis or disaster if they do not plan and manage their business continuity process properly. Diagram 1: Planning Cutbacks The diagram above highlights a worrying statistic whereby there is a decrease in the number of organisations in 2003 as compared to in 2002 agreeing the notion that business continuity planning (BCP) is a key business priority for their IT organisation [3]. This goes on to show that many organisations are not placing more importance on developing strategies to ensure business survival. The following is a definition of BCM obtained from Spring Singapore's website [4]: Business Continuity Management (BCM) is the process of identifying potential incidents that threaten an organisation, formulating and implementing viable continuity strategies, and the development of a plan to ensure continuity of operation. It covers a broad spectrum of business and management disciplines, including risk management, disaster recovery and crisis management.

As described in the definition above, BCM involves identifying the various threats and risks that are faced by organisations, formulating viable continuity strategies to mitigate those risks and develop plans to ensure that the business continues to operate in the event of a crisis or disaster. In addition, BCM should focus on restoring the critical business operations as defined by the management, and not only concentrating on Information Technology (IT) systems recovery only. II. IMPORTANCE OF BCM IMPLEMENTATION IN MALAYSIA The implementation of a comprehensive BCM framework is vital to any organisation that places importance on ensuring that the business will continue to operate in the event of a crisis or a disaster. Based on the organisation's recovery strategy plan and depending on the amount of budget and resources that the organisation can afford to allocate, they can ensure that at least their critical business functions that has been predefined by the management team will be able to continue operations as usual, even though it might not be at 100% capacity as per normal. This will enable the organisations to minimise disruptions to their business operations that could cost them huge losses in not only monetary terms, but also in other aspects such as losing potential business opportunities and clients' trust as well as affecting their image and reputation. Following is a diagram depicting the level of Disaster Recovery Planning (DRP) and BCP implementations in Malaysia according to NISER's ISMS Survey in 2003 [5]:

Diagram 2: Security Procedures Currently Practised The diagram above shows that only 52% of Malaysian organisations are currently practising DRP and only 37% are implementing BCP. This survey however does not include measuring the effectiveness of the stated DRP and BCP plans and thus the number of organisations having a comprehensive and fully tested BCM framework might even be less than the ones stated. The diagram above basically shows that the level of BCM implementation in Malaysia is still at a relatively early stage and more work needs to be done to increase the awareness on the importance of BCM implementation. As Malaysia is focusing on building a knowledge-based economy and becoming more and more dependent on IT to spearhead its drive to be in the information age, the need to ensure continuity of business operations in the event of an unplanned crisis or disaster becomes more important than ever. All organisations from both the public and private sectors need to be prepared for any emergencies and ensure that any disruptions to their operations and business is kept at a minimal. Therefore, strategies should be put in place so that they will be able to continue operations swiftly after the

event of a crisis or a disaster. III. RAISING BCM AWARENESS IN MALAYSIA In order to raise BCM awareness in Malaysia, strategic steps need to be taken to increase the number of organisations implementing BCM in the country. The following are the recommended steps to be taken by the relevant authorities in the field to significantly increase BCM awareness in the country: A. To develop a fast-track national BCM standard to be used as a guide by organisations in the country It is recommended that a localised version of a BCM standard is to be made available for public consumption in order to make it easier for them to implement BCM. By having a standard, they will have a set of best practices and guidelines for them to follow and this will also hopefully improve the level of effectiveness of their BCM implementation. Currently there are works going on to develop such a standard and this project was proposed by NISER. A working group has been established by NISER together with the national certification body, SIRIM and the members consist of a panel of BCM experts from around the country. B. To integrate BCM materials into colleges and universities degree and postgraduate level courses such as MSc and MBA programmes It is necessary to have more BCM-focused research being done in higher learning institutions in the country. By integrating BCM-related materials into degree and postgraduate level courses, it will enable the lecturers, students and eventually the general public to be more aware and knowledgeable on such topics and this will in turn lead to more awareness on the importance of BCM and thus hopefully will increase the number

of BCM implementations in the country. C. To increase BCM awareness and training programmes that leads to certifications NISER on its part has contributed to make improvements on this step by providing BCP awareness and training programmes since early 2004 which have been well received by the public. At the moment though, the training programmes that are being conducted does not lead to any particular certification. There are however other training institutes from around the region that have begun offering recognised certification courses in BCP for the Malaysian public and it is expected that the demand for certifiable courses in BCP to increase in the future. D. To increase the number of certified BCM professionals in the country By having more certified BCM professionals in the country, it will help to push the level of BCM awareness and implementation as these professionals will be able to impart their knowledge in the field not only to their respective organisations, but also to their business partners, suppliers and customers. Thus, this will lead to more awareness regarding the importance of having competent BCM professionals in organisations so that they will be able to assist their respective organisations and other related parties in developing their BCM framework. E. To push for a greater collaboration regarding BCM programmes between the public and private sectors This step is critical to ensure a successful level of acceptance of BCM implementation in the country. It will be quite difficult to build up a strong BCM culture in the country if

either the public or private sector is not fully involved in its development. Therefore, by having a strong relationship on the development and running of various BCM programmes between the public and private sectors, it can lead to a wider level of coverage on BCM issues to organisations in the country. IV. CONCLUSION The importance of BCM should never be underestimated. With the increasing number of threats and risks faced by organisations today, it is imperative that they put in more focused efforts in preparing effective BCM plans to ensure that their business operations will continue without much disruptions in the event of a crisis or a disaster because their reputation and survival as an entity depends on it. Thus, it is hoped that by highlighting the issues regarding the importance of BCM and recommending a number of strategic steps that can be taken to raise BCM awareness in the country in this paper, it will help to contribute for further developments to be made in the field by the relevant authorities. REFERENCES [1] Priscilla Emery, Disaster Recovery and Business Continuity: Don't Forget the Paper Available at http://www.zylab.com/downloads/whitepapers/white%20paper% 20-%20ZyLAB%20Disaster%20Recovery.pdf [2] GoldenGate for Business Continuity: Building Enterprise Business Continuity Solutions Available at www.insession.com/goldengate/buscontwp.pdf [3] Helen D'Antoni, Business Continuity Slides Down The Priority Scale Available at http://www.informationweek.com/story/iwk20030109s0002 [4] FAQs on Business Continuity Management Available at http://www.spring.gov.sg/portal/products/nat_certification/bcm/faq_bcm.html

[5] Malaysia ISMS Survey 2003 Available at http://www.niser.org.my/resources/isms_survey/isms_survey_2003.pdf

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information