|
Business continuity encompasses a loosely defined set of planning, preparatory and related activities which are intended to ensure that an organization's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period. As such, business continuity includes three key elements and they are #Resilience: critical business functions and the supporting infrastructure are designed and engineered in such a way that they are materially unaffected by most disruptions, for example through the use of redundancy and spare capacity; #Recovery: arrangements are made to recover or restore critical and less critical business functions that fail for some reason. #Contingency: the organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not have been, foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice. If there is no Business Continuity plan implemented and the organization in question is facing a rather severe threat or disruption that may lead to bankruptcy, the implementation and outcome, if not too late, may strengthen the organization's survival and its continuity of business activities (Gittleman, 2013). The management of business continuity falls largely within the sphere of risk management, with some cross-over into related fields such as governance, information security and compliance. Risk is a core consideration since business continuity is primarily concerned with those business functions, operations, supplies, systems, relationships etc. that are critically important to achieve the organization's operational objectives. Business Impact Analysis is the generally accepted risk management term for the process of determining the relative importance or criticality of those elements, and in turn drives the priorities, planning, preparations and other business continuity management activities. The foundation of business continuity are the standards, program development, and supporting policies; guidelines, and procedures needed to ensure a firm to continue without stoppage, irrespective of the adverse circumstances or events. All system design, implementation, support, and maintenance must be based on this foundation in order to have any hope of achieving business continuity, disaster recovery, or in some cases, system support. ==Standards== Several business continuity standards have been published by various standards bodies: ISO - ISO 22301:2012, "Societal security -- Business continuity management systems --- Requirements", specifies a management system to manage an organization's business continuity arrangements. It is formal in style in order to facilitate compliance auditing and certification. It is supported by ISO 22313:2012, "Societal security -- Business continuity management systems – Guidance" which provides more pragmatic advice concerning business continuity management. ISO/IEC 27031:2011, "Information security - Security techniques — Guidelines for information and communication technology () readiness for business continuity" offers guidance on the ICT aspects of business continuity management. United Kingdom – British Standard BS 25999 was a two-part business continuity management standard. “BS 25999-1:2006 Business Continuity Management. Code of Practice” offered pragmatic implementation guidance, but was withdrawn in 2012 when ISO 22313 effectively superseded it. “BS 25999-2:2007 Specification for Business Continuity Management” formally specified a set of requirements for a business continuity management system. It too was withdrawn in 2012 when it was (in effect) replaced by ISO 22301. North America – Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs. North America - ASIS/BSI BCM.01:2010 published Dec 2010 ANSI/ASIS SPC.1-2009 Organizational Resilience: The ANSI/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use American National Standard is under consideration for inclusion in the DHS PS-Prep, a voluntary program designed to enhance national resilience in an all hazards environment by improving private sector preparedness. Australia – Published by Standards Australia HB 292-2006 : A practitioners guide to business continuity management HB 293-2006 : Executive guide to business continuity management In 2010, Standards Australia introduced their Standard AS/NZS 5050 that connects far more closely with traditional risk management practices. This interpretation is designed to be used in conjunction with AS/NZS 31000 covering risk management. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「business continuity」の詳細全文を読む スポンサード リンク
|