|
Professions
are characterized by a body of knowledge shared by members of the profession
and used in their work. Specific
skills, tasks or activities for the profession emerge and evolve from a set of
subject areas of a common body of knowledge that characterize the profession.
In the Business Continuity Planning profession, this common body of
knowledge is the Professional Practices for the
Business Continuity Planner.
This body of knowledge is accepted by both DRI International and by the
Business Continuity Institute (BCI) based in the
United
Kingdom
.
The
existence of such a body of knowledge is necessary, but not sufficient evidence
of the existence of the profession.
General acceptance requires proper application and periodic updates to the body
of knowledge for success in the profession.
Both DRI International and BCI are committed to joint maintenance and
acceptance of the Professional Practices.
This
document defines the boundaries of the business continuity planning profession
and the base of knowledge that qualifies one for DRI certification as an
Associate Business Continuity Planner (ABCP); Certified Business Continuity
Professional (CBCP); or Master Business Continuity Professional (MBCP).
Likewise, the Business Continuity Institute (BCI) uses the Professional
Practices as the basis for their examination procedures for Membership of the
Business Continuity Institute (MBCI) and Fellowship of the Business Continuity
Institute (FBCI).
For
DRI International certification purposes, practitioners must demonstrate
continuing involvement and experience in business continuity planning, in
addition to successful completion of a written examination based on the Professional
Practices. Demonstrated
experience must relate to the content of the common body of knowledge.
Joint adoption of this body of knowledge by both DRI International
and BCI, effective August 28, 2003,recognizes the term Business Continuity
Management to define holistic management processes that identify potential
impacts that threaten an organisation and provide a framework for building
resilience with the capability for an effective response that safeguards the
interests of its key stakeholders, reputation and value creating activities.
The primary objective of Business Continuity Management is to allow
business operations to continue under adverse conditions, by the introduction
of appropriate resilience strategies, recovery objectives, business continuity
and crisis management plans in collaboration with, or as a key component of, an
integrated risk management initiative.
The ten sections of these standards are not presented in any
particular order of importance or sequence, as it may be necessary to undertake
or implement sections in parallel during the development of a BCM program.
Each subject area in this document provides:
-
A
description of the subject area
-
The
role of the professional
-
An
outline of the knowledge that the professional should
demonstrate within each subject area
Illustrative
examples and references are also provided where appropriate.
SUBJECT
AREA OVERVIEW
1.
Project Initiation and Management
Establish
the need for a Business Continuity Management (BCM) Process or Function,
including resilience strategies, recovery objectives, business continuity and
crisis management plans and including obtaining management support and
organizing and managing the formulation of the function or process either in
collaboration with, or as a key component of,
an integrated risk management initiative.
2.
Risk Evaluation and Control
Determine
the events and external surroundings that can adversely affect the organization
and its resources (facilities, technologies, etc.) with disruption as well as
disaster, the damage such events can cause, and the controls needed to prevent
or minimize the effects of potential loss.
Provide cost-benefit analysis to justify investment in controls to mitigate
risks.
3.
Business Impact Analysis
Identify
the impacts resulting from disruptions and disaster scenarios that can affect
the organization and techniques that can be used to quantify and qualify such
impacts. Identify time-critical functions, their recovery priorities, and
inter-dependencies so that recovery time objectives can be set.
4.
Developing Business Continuity Management Strategies
Determine
and guide the selection of possible business operating strategies for
continuation of business within the recovery point objective and recovery time
objective, while maintaining the organization’s critical functions.
5.
Emergency Response and Operations
Develop
and implement procedures for response and stabilizing the situation following
an incident or event, including establishing and managing an
Emergency
Operations
Center
to be used as a command center during the emergency.
6.
Developing and Implementing Business Continuity Plans
Design,
develop, and implement Business Continuity Plans that provide continuity within
the recovery time and recovery point objectives.
Prepare
a program to create and maintain corporate awareness and enhance the skills
required to develop and implement the Business Continuity Management Program or
process and its supporting activities.
8.
Exercising and Maintaining Business Continuity Plans
Pre-plan
and coordinate plan exercises, and evaluate and document plan exercise results.
Develop processes to maintain the currency of continuity capabilities
and the plan document in accordance with the organization’s strategic
direction. Verify that the Plan will prove effective by comparison with a
suitable standard, and report results in a clear and concise manner.
9.
Crisis Communications
Develop, coordinate, evaluate, and exercise plans to communicate with internal
stakeholders (employees, corporate management, etc.), external stakeholders
(customers, shareholders, vendors, suppliers, etc.) and the media (print,
radio, television, Internet, etc.).
10.
Coordination with External Agencies
Establish
applicable procedures and policies for coordinating continuity and restoration
activities with external agencies (local, state, national, emergency
responders, defense, etc.) while ensuring compliance with applicable statutes
or regulations.
Copyright
2004 DRI International
|