dimanche 12 mai 2013

How to lunch your Business continuity project

When I was working on the first part of disaster recovery project in my organization and in order to develop our Business continuity strategy, I used to read some books and posts about business continuity and DR topics.
Some of the very important web site was http://www.iso27001standard.com/en . I was subscribed to the newsletter and I was received 6 important posts about how to start your business continuity project.
In this post I will share with you these 6 steps which I believe they are very important and efficient.
For sure, if you want additional information, I suggest to do the inscription to the newsletter. 

Below the 6 steps to follow in order to lunch your Business continuity project.

Step #1 - Define scope and objectives
Step #2 - Decide which framework you'll use
Step #3 - Determine the necessary resources
Step #4 - Get your management buy-in
Step #5 - Decide how to approach the implementation
Step #6 - Launch your project

Step #1 - Define scope and objectives
A best way is through a brainstorming sessions with your colleagues and it's recommended with a member of top management.Like this you can reach a conclusion about the right scope for your project.
Some examples of objectives can be : 
  • Reduce risks
  • Minimize downtime
  • Protects brand and images
  • Improve readiness
Step #2 - Decide which framework you'll use
There are various frameworks available - the most widespread are ISO 27001 (for information security management), ISO 22301/BS 25999-2 (for business continuity management), COBIT (for IT governance), ISO 20000 (for IT service management), NFPA 1600 (for disaster/emergency management), but there are also others. 

Step #3 - Determine the necessary resources
It's very important to know  approximately  how much your project would cost.
The most costly investment will be the disaster recovery site. Other costs will be also the development of DR planing,  policies and procedures.

Step #4 - Get your management buy-in
It's very important to have the support of your management when dealing with such kind of project.Rather than human resources support,the appropriate budget.
Of course, you need to develop the awareness of the top management and to suggest for them the right solution and thoughts about the right solution regarding the provided budget.

Step #5 - Decide how to approach the implementation
Since the implementation of ISO 27001 or ISO 22301/BS 25999 is rather complex, you'll need to acquire appropriate knowledge. In that respect you basically have 3 options: 

a) Employ a full time person with substantial experience in ISO 27001 / ISO 22301 / BS 25999 implementation, or 
b) Hire external help, or 
c) Implement the standards with your existing employees only 

Step #6 - Launch your project
Once you have your management support and you know how to approach your implementation, it's time to define the project structure and start your project. 





Aucun commentaire:

Enregistrer un commentaire