Emergency is an unplanned event that significantly: Disrupts normal operations, poses serious threat to persons or property, cannot be managed by routine response, requires a quick and coordinated response across multiple departments or divisions.Threats that can lead to emergency/disaster/catastropheEnvironmental Disasters : Tornado, Hurricane, Flood, Snowstorm, Drought, Earthquake, Electrical storms, Fire, Subsidence and Landslides, Freezing conditions, Contamination and environmental hazards, Epidemic.Organized and/or Deliberate Disruption : Act of terrorism, act of sabotage, act of war, theft, arson, labour disputes/industrial action.Loss of Utilities and Services : Electrical power failure, loss of gas supply, loss of water supply, petroleum and oil shortage, communications services breakdown, loss of drainage/waste removalEquipment or System Failure : Internal power failure, air conditioning failure, production line failure, cooling plant failure, equipment failure (excluding IT hardware)Serious Information Security Incidents : Cybercrime, Loss of records or data, Disclosure of sensitive information, IT system failure.Other Emergency situation : Workplace violence, Public transportation disruption, Neighborhood hazard, Health and safety regulations, Employee morale, Mergers and acquisitions, Negative publicity, legal problems.Plan for Business continuity (Business Continuity Plan (BCP) : A business continuity plan is a comprehensive statement of consistent actions to be taken before, during and after a disaster. The plan should be documented and tested to ensure continuity of operations and availability of critical resources in the event of a disaster.
Business Continuing Planning is an interdisplinary peer mentoring methodology used to create and validate a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption. The logistical plan is called Business Continuity Plan. In plain language BCP is how an organization prepared for future incidents that could jeopardize the organization’s core mission and its long term health. It is aimed at reducing operational risk associated with information management controls.
Reserve Bank of India vide circular dated 15 th April 2005 titled “Operational Risk Management – Business Continuity Planning” directed Indian Banks to make BCP a pre-requisite as “Business Continuity Planning is a key pre-requisite for minimizing the adverse effects of one of the important areas of operational risk – business disruption and system failures. It is imperative that all bans have BCP’s in place to be in readiness to tackle serious business disruptions.”
The key tasks in BCP are (a) to identify which operations and supporting activities need to be restarted after a disaster, (b) the maximum acceptable time limits by which they must restart, and the resources need to restart them, (c) Identify contingencies for the required resources, (d) Select a cost-effective strategy for restarting operations, (e) develop the BCP to guide and direct restart of operations and (f) Test the BCP, train staff in how to use it, and keep it up to date. If a BCP is to be correctly constructed and to operate successfully it must involve all levels of management and must cover action to be taken following a disaster, staff responsible for specific tasks, essential operations and systems, action required to restart operations, emergency data processing arrangements, off-site backup requirements, supplies requirements, and means of keeping staff and others informed of arrangements and developments.
Phases of a Disaster : (i) Crisis phase (ii) Emergency response phase (iii) Recovery phase (iv) Restoration phase.
Business Continuity Planning Process should reflect following objectives (1) Business continuity planning is about maintaining, resuming and recovering the business, not just the recovery of the technology. (2) Planning process should be conducted on an enterprise-wide basis (3) Business impact analysis and risk assessment are foundation of an effective BCP. (4) The effectiveness of a BCP can only be validated through testing or practical application (5) The BCP and test results should be subjected to an independent audit and reviewed by the board of directors (6) The BCP and test results should be subject to an independent audit and reviewed by the board of directors and (7) BCP should be periodically updated to reflect and respond to changes in the financial institution or its service provider/s.