Notes for BCM Institute's Course Participants: This is the template for completing the "Overview of CBFs and Business Unit MBCO."
The identification of critical business functions within the Information Systems & Records
By clearly defining these functions, Bandtree can establish appropriate recovery priorities, allocate resources efficiently, and implement effective continuity strategies.
Understanding these business functions also facilitates compliance with regulatory requirements and supports the safeguarding of vital corporate information assets, which are essential for ongoing property management operations and organisational governance.
The MBCO establishes the minimum acceptable level of activity that must be sustained to prevent serious consequences to the business, its stakeholders, and national operations.
By defining these priorities, Bandtree ensures that critical facilities services can continue, be restored quickly, or be adapted during adverse events to meet both regulatory and operational demands.
Here is a structured table for CBF-6 Information Systems & Records Management of Bandtree, based on the provided sub-processes and about the BCM Institute’s definition of Minimum Business Continuity Objective (MBCO):
|
Critical Business Functions (CBF) |
CBF Code |
Description of CBF |
Corporate Minimum Business Continuity Objective (MBCO) |
|
Information Systems & Records Management |
CBF-6 |
The management and maintenance of ICT infrastructure, systems, cybersecurity, records, and user support are essential for ensuring operational continuity and compliance. |
Ensure that critical ICT services and records management systems are operational within the agreed-upon Recovery Time Objectives (RTO), maintaining data integrity, security, and accessibility. |
|
Sub-Critical Business Functions (CBF) |
Sub-CBF Code |
Description of CBF |
Business Unit Minimum Business Continuity Objective (MBCO) |
|
ICT Infrastructure Management |
6.1 |
Oversight and maintenance of hardware, networks, and infrastructure are necessary to support business applications and communication. |
Restore critical ICT infrastructure within 24 hours to ensure minimal disruption to business operations. |
|
Property Systems Application Support |
6.2 |
Support and maintenance of property management systems used in corporate operations. |
Ensure property management applications are available and functional within 8 hours post-disruption. |
|
Records Retention & Archiving |
6.3 |
Secure and compliant storage, retention, and archiving of corporate and operational records. |
Maintain access to vital records within 12 hours, ensuring compliance with legal and regulatory requirements. |
|
Data Backup & Recovery |
6.4 |
Regular data backup and swift recovery mechanisms to prevent data loss and support business continuity. |
Ensure data backups are available and recoverable within 4 hours after an incident. |
|
Cybersecurity & Access Control |
6.5 |
Protection of information systems from cyber threats and management of access privileges to ensure data security. |
Maintain cybersecurity controls and access management to prevent breaches with zero tolerance for extended downtime. |
|
System Development & Enhancement |
6.6 |
Continuous improvement and updating of ICT systems to meet evolving business needs and technological advancements. |
Prioritise system enhancements that impact critical business functions; non-critical updates may follow normal change management timelines. |
|
ICT Vendor Management |
6.7 |
Coordination and management of external ICT service providers and suppliers to ensure service reliability. |
Maintain vendor contracts and Service Level Agreements (SLAs) to ensure timely support and recovery within the agreed-upon Mean Business Cycle Objective (MBCO). |
|
User Training & Support |
6.8 |
Provision of training and technical support to end-users for effective utilisation of ICT systems. |
Deliver essential user support and training to minimise operational delays during recovery phases. |
|
Compliance & IT Governance |
6.9 |
Ensuring ICT activities comply with regulatory standards, policies, and governance frameworks. |
Ensure ongoing compliance with minimal disruption to business processes—immediate attention to critical compliance issues. |
|
Physical Records Handling |
6.10 |
Secure management, storage, and handling of physical records to protect integrity and confidentiality. |
Maintain secure access and protection of physical records within 24 hours of disruption. |
Accurately identifying and documenting the critical business functions within Information Systems & Records Management enables Bandtree to develop a robust business continuity framework tailored to the unique demands of its ICT environment.
This clarity ensures that recovery efforts focus on the most vital areas, minimising disruption and maintaining service delivery to stakeholders.
Moving forward, continuous review and validation of these business functions will be essential to adapt to evolving technologies, emerging risks, and organisational changes, thereby sustaining Bandtree’s commitment to resilience, security, and operational excellence.
Notes for BCM Institute's Course Participants: This is the template for completing the "Impact Analysis of CBFs, including financial implications and effect on MBCO."
In today’s rapidly evolving digital landscape, Information Systems and Records Management play a pivotal role in ensuring the seamless operation and governance of organisational activities.
For Bandtree, a government-linked company specialising in corporate property management, the Critical Business Function CBF 6: Information Systems & Records Management is fundamental to maintaining operational efficiency, regulatory compliance, and data integrity.
This chapter focuses on the various impact areas associated with CBF-6, detailing how disruptions or failures in these areas can affect the organisation’s financial health, operational continuity, and overall reputation.
By understanding the specific impact areas, Bandtree can better prioritise risk mitigation, resource allocation, and recovery strategies to safeguard its critical information assets and systems.
Below is a structured table for Critical Business Function CBF 6: Information Systems and Records Management, along with its sub-processes (Sub-CBFs), organised according to the specified headers.
The financial impact and its impact on MBCO (Minimum Business Continuity Objective) are illustrated based on typical risks in this area, following the impact area concepts outlined in the linked BCMPedia content.
| Financial Impact | ||||
|
Sub-CBF |
Sub-CBF Code |
Impact Area |
Monetary Loss (Estimated) |
Calculation of Monetary Loss (State Formula for Calculations) |
|
ICT Infrastructure Management |
6.1 |
System Availability |
BND 80,000 - 300,000 |
Loss = (Cost of downtime per hour x Hours of outage) + Repair Cost |
|
Property Systems Application Support |
6.2 |
Service Continuity |
BND 50,000 - 200,000 |
Loss = (Number of impacted users x Average cost per user x Hours of system downtime) |
|
Records Retention & Archiving |
6.3 |
Regulatory Compliance |
BND 30,000 - 150,000 |
Loss = (Penalty Fees + Cost of Legal Actions) |
|
Data Backup & Recovery |
6.4 |
Data Integrity & Availability |
BND 100,000 - 600,000 |
Loss = (Cost to restore data + Loss from data unavailability) |
|
Cybersecurity & Access Control |
6.5 |
Information Security |
BND 200,000 - 1,000,000+ |
Loss = (Cost of breach + Regulatory fines + Reputational damage) |
|
System Development & Enhancement |
6.6 |
Process Improvement |
BND 20,000 - 100,000 |
Loss = (Delay in project delivery x Cost per day) |
|
ICT Vendor Management |
6.7 |
Supplier Reliability |
BND 50,000 - 250,000 |
Loss = (Impact from vendor failure x Downtime) |
|
User Training & Support |
6.8 |
Human Resource Competency |
BND 10,000 - 50,000 |
Loss = (Productivity loss due to lack of skills x Time) |
|
Compliance & IT Governance |
6.9 |
Legal & Regulatory Compliance |
BND 50,000 - 300,000 |
Loss = (Fines + Cost of audits + Remediation costs) |
|
Physical Records Handling |
6.10 |
Physical Asset Security |
BND 20,000 - 100,000 |
Loss = (Cost of lost/damaged records + Recovery costs) |
|
Sub-CBF |
Sub-CBF Code |
Affect MBCO |
Impact |
Remarks – Description |
|
ICT Infrastructure Management |
6.1 |
Yes |
System downtime impacting user productivity |
Critical for maintaining the uptime of servers, networks, and hardware |
|
Property Systems Application Support |
6.2 |
Yes |
Disruption in property management applications |
Impacts access and processing of property-related data and transactions |
|
Records Retention & Archiving |
6.3 |
Yes |
Risk of non-compliance fines and legal consequences |
Essential for maintaining legally compliant records and archives |
|
Data Backup & Recovery |
6.4 |
No |
Prevents data loss, ensures business continuity |
Critical to restore operations after data loss or system failures |
|
Cybersecurity & Access Control |
6.5 |
Yes |
Potential data breaches, loss of trust and regulatory penalties |
Protects sensitive data from unauthorised access and cyber threats |
|
System Development & Enhancement |
6.6 |
No |
Delayed enhancements affecting operational efficiency |
Improves systems functionality, but delays may slow business improvements |
|
ICT Vendor Management |
6.7 |
Yes |
Dependency on vendors is affecting system availability |
Ensures third-party services and supplies are reliable |
|
User Training & Support |
6.8 |
No |
Lower user proficiency, increased errors |
Important for minimising user errors and maximising system use efficiency |
|
Compliance & IT Governance |
6.9 |
Yes |
Non-compliance risks and penalties |
Maintains adherence to IT policies, standards, and regulations |
|
Physical Records Handling |
6.10 |
Yes |
Loss or damage to physical records affecting operations |
Safeguards paper records and physical archives |
Understanding the impact areas of CBF-6 Information Systems & Records Management is crucial for Bandtree to build a resilient and robust IT infrastructure and processes.
The potential financial losses, operational disruptions, and compliance risks underscore the necessity of proactive management and continuous improvement within this function.
By clearly identifying and assessing these impact areas, Bandtree is better positioned to implement adequate controls, maintain regulatory adherence, and ensure uninterrupted service delivery.
Ultimately, a strong focus on Information Systems and Records Management enhances the company’s ability to sustain its business objectives and supports long-term organisational success in an increasingly technology-driven environment.
Implementing Business Continuity Management for Bandtree: A Practical Guide |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 6: Information Systems & Records Management | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].