Business Continuity Management
shutterstock_FC00036-1.jpg

PgM 14: Content for Training & Awareness

There is a need to distinguish BCM awareness and training programs against other organizational awareness and training programs.

The Organisation BCM Coordinator should scope the programs to concentrate and focus on the main topics of the BCM.


Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

Content for Training & Awareness

Areas of Concentration

IC_Morepost_PgM_Content For BCM Training and AwarenessThere is a need to distinguish BCP awareness and training programs against other organizational awareness and training programs. The Organisation BCM Coordinator should scope the programs to concentrate and focus on the main topics of the BCP which include:
  • Importance of the BCP to the business, organization and employees
  • Key components of the BC Plan
  • Organizational structures and key members of the BC teams
  • Activation criteria for the BC Plan process
  • Expectations and roles of the management and employee prior to, during and after the activation of the BC Plan
  • Availability of BC Plan information to anyone who needs to refer to one

Content of Training Program


The BC training program should focus on the following areas:
Components of BC Plan

Educating the Executive Management and employees of the organization to understand the importance and fundamental need for a BCP will greatly enhance the effectiveness and efficiency of performing the business recovery activities, thereby reducing the potential loss to the organization.

Contextualizing the detailed technical and business aspects of the BC Plan into layman terms for different levels of employees in the organization through awareness and training programs will enable the organization to achieve the following key advantages:
  • Minimize the degree of misinterpreting documented objectives, terms, processes and procedures. This makes the BC Plan readable to the employees who are appointed with BC responsibilities so that they are able to easily execute the processes and procedures. It also makes the BC Plan readable for the general employees to appreciate the need to support the smooth execution of the BC Plan to ensure the survival of the organization in the event of a disaster
  • Reduce the decision making activities to a minimum, as key confusion areas, doubts and “blind-spots” will be questioned and cleared during the training and awareness sessions by the employees
  • Minimize the total business recovery time, as well-informed and well-trained employees are equipped with necessary skillsets and familiarity to quickly carry out the business recovery activities as documented
  • Reduce the overall BC Plan expenses, as only necessary resources are required, well-equipped employees will be able to perform the recovery process efficiently and shorten every aspect of the recovery time to have the business back in operation as soon as possible

The key areas in the BC Plan that are worthwhile highlighting upfront to the employees include topics on employee safety, activities that have a great impact to the business survival, and processes that require special skillsets or special equipment. Some of these examples include emergency response procedures, crisis management procedures and special financial software recovery procedures.
Why is a BC Plan Important?

For the BC Plan to be successfully executed, there is a list of key components that need to be clearly communicated to, and understood by the BC teams, management and employees. So, effort should not be spared in planning, preparing and disseminating these key components of the BCP to everyone in the organization.

The key components of the BC Plan include:
  • Overview of how the BC recovery activities are interlinked to ensure the continued availability of business activities regardless of the operational status of the resources and environments
  • BC Plan activation criteria
  • Emergency response procedures
  • BC organizations, contacts and, roles and responsibilities of the BC team members
  • Business operation risk analysis and assessments
  • Critical business function identification through a proper Business Impact Analysis process
  • Vital resources, including equipment, software, people and records identification and management
  • Recovery processes and procedures for the critical business functions
  • Returning to normal business operation after a disaster
What is the Role of Business Unit BCM Coordinators?

BU BCM CoordinatorKnowing the BC teams, the individuals in each of the BC teams and their corresponding roles and responsibilities, in addition to the interfaces between BC teams will enable each of the BC team members to understand his/her role during a disaster situation.

The general employees should also get to know the BC team members so that information can flow to the correct persons and a BC decision can be made quickly to prevent a worsening of the situation.
Where can BC Plan Information be Found?

The Executive Management and general employees must know their roles and responsibilities in a disaster event that occurs during normal business operating hours, and after the activation of the BCP. This is important for the survival of the organization.
 
Thus, the Organization BCM Coordinator must plan for programs to both formally and informally explain these roles to each of the personnel involved. Some of the formal mechanism involves:
  • Providing induction briefing by working with the Human Resource department to explain to all the new staff members their roles and responsibilities in layman terms
  • Including BC formal write-ups as part of the employment handbooks
  • Conducting regular emergency response and BC exercises
  • Formalizing mandatory refresher course with the Training department for employees to attend after a standard period of time of say every 24 months

Some of the informal mechanisms include:

  • Regularly putting up posters in common and accessible areas to remind everyone of their roles and responsibilities
  • Broadcasting messages periodically over the organization’s Intranet or having messages appear regularly on the network login
  • Highlighting general information on the organization’s notepads or folders
When is the BC Plan Invoked?

It is essential that every employee knows the what, the when, the who and the how in activating the BC Plan processes.  This will help to reduce the recovery time for critical business operations during a disaster and remove all unproductive false alarms.

There is a need to clearly understand the key triggers and the appropriate decisions that must be taken in order to activate the BC Plan processes.  It is recommended that a practice-based training or exercise be carried out to ensure all the key players in the BC teams have an opportunity to experience each and every step stated in the BC Plan to verify, experiment and justify the activation of the BC planning process.
How is the BC Plan Invoked?

A systematic means for every employee in the organization to locate the BC Plan information is the first step towards getting them familiarized with the business recovery processes. On the other hand, the organization will need to ensure that the BC Plan’s sensitive business processes cannot be accessed by unauthorized personnel.

Creating the correct level of awareness and educating the employees on the correct way of accessing the critical BC Plan information are mandatory tasks of the Organization BCM Coordinator.

The Organization BCM Coordinator should ensure that the following key objectives are achieved:
  • Information security, control and management
  • Information storage, dissemination and availability
Information Security, Control and Management

The control and right to access the BC Plan and its related document should be carefully considered. The BC Manager should:
  • Ensure that the classification of the BC Plan documents, like any other strategic business information, is according to the organization’s information security standard
  • Design and post BC Plan information which should be of different detail levels, depending on whether areas are accessible, semi-secured (where access is through IDs and passwords), and secured (where only special rights to access the document are given)
  • Secure access to the BC Plan documents on a “need to know” basis where the depth of information that may be accessed by an employee depends on his/her role and responsibility
  • Provide audit logging mechanisms to track which employee had accessed the BC Plan documents (with information on when, what, why and how) and whether the employee had been given a copy of the BC Plan documents based on BC Plan document dissemination criteria
  • Ensure all changes to the BC Plan documents are properly justified, vetted and approved by the relevant authority and documented as history tracks in the documentation
Information Storage, Dissemination and Availability

It is critical that the storage, dissemination and availability of the BC related media be evaluated carefully.
Availability
 
It may not be safe for BC Plan documents to be stored only on the organization’s Intranet because the Intranet may not be available to the BC teams should a disaster destroy the office building completely
Information Storage

Employees need to know where the BC Plan information is stored and to understand that some critical information still has to be printed in hardcopy
Dissemination
 
There is a need to identify and establish an effective way to disseminate the appropriate content of the BC Plan documents to all the BC teams and employees.

Contents of Awareness Programs


A good awareness program must include the following in its content:
  • Access to basic documentation
  • Basic employee BC activities
  • Liaison with external agencies

Access to Basic Documentation


The fundamental BC information that all the employees are required to know within the organization are:

The organization’s BC Policy Statement
  • Definitions of common BC terms so that everyone in the organization speaks the same language
  • BC organization chart with the photograph and role of each BC team members
  • Emergency response procedure
  • Resources committed to the development and maintenance of the BC Plan
  • Locations and channels to obtain BC information

All employees must be made aware that competitors may capitalize on the chaotic situation to steal crucial information which, if leaked, may endanger the survivability of the organization. They must therefore know the additional security procedures that are put in place at the disaster area, alternate site and recovery site during such a situation:

  • Protocols for reporting any suspicious persons or suspicious activities being carried out there
  • Checks on people who request for sensitive information
  • Security patrols that are conducted

Basic Employee BC Activities


The fundamental BC information that every employee must be aware of includes:
  • What to do before, during and after an event?
  • Who to contact?
  • Who will contact you?
  • Where to go?
  • Where to assemble?
  • How to deal with the media?
  • What are the immediate steps to be taken during and after office hours?

Liaison with External Agencies


These are external legal entities that could assist the employees in obtaining information regarding the disasters:
  • Police
  • Building security management team
  • Fire department
  • Civil defense
  • Non-government organizations (NGOs)
  • Emergency management offices
  • Hospitals

Checklist on Training & Awareness


A checklist should be developed to ensure that all grounds have been covered and that pertinent legal and compliance issues related to BCM have been addressed adequately, so that the organization would not be liable for negligence in the face of the law. Evidences relating to these key issues must also be documented, for example, attendance records of senior managers at exercises.

Key issues and concerns include:
 
Key Areas  Self Assessment
Risk Analysis and Analysis (RAR) Have the Executive Management and Organization BCM Coordinator considered the effects of a major disruption on services?
  Have countermeasures to minimize risk been identified and taken, including measures to combat potential information loss?
Business Impact Analysis (BIA) Have all business units assessed the potential for disruption by a structured process such as a BIA that identifies risks and their potential impact on services, critical activities and dependencies?
Business Continuity Strategy (BCS) Is there a short term recovery strategy for every major service/business unit?
  Do contingency arrangements cover alternative premises & communications arrangements?
  Does the Steering Committee have quality assurance arrangements over continuity for contracted services?
Tests & Exercise Are emergency management arrangements for any business disruption clearly set out and tested through exercises?
  Are BC Plans reviewed and updated regularly in the light of lessons learnt from any exercises or incidents and research?
  Are BC Plans and procedures, including those for out of hours emergencies, validated through regular tests and exercises?
Security  Is the security of critical information reviewed whether this information is held electronically or on paper?
  Is step taken to minimize the danger of losing the information, or losing access to the information, during an emergency?
Roles & Responsibilities Is it clear who is responsible for ensuring that each business unit or site has a BC Plan in the face of serious disruption?
Emergency Planning Are there procedures to ensure responsible staff members know what to do in an emergency?
  Do you have emergency planning specialist responsible for zonal wide disaster?
  Do you have a standard format/template and terminology if there are separate business units or sites based emergency plans?
  Are BC Plans integrated with emergency plans?
Documentation  Are quality checks conducted on written BC Plans?
  Is the BC Plan written in its local language?
  Are copies of BC Plans and essential equipment/ documents (in electronic or hard copy) kept easily available but off site?
  Are there adequate records of test and exercise results?
  Are there recovery procedures for version control?
Consistency  Are there arrangements to ensure consistency and integration between sites and business units, and between BC and emergency plans?
  Are there procedures to check consistency between BC Plans?
External Vendor Are there occasional external involvement and challenge in your review arrangements?
  Does the procurement policy or contracts cover risk management and BC arrangements?
  What is the quality assurance arrangement with contractors to cover emergency response?
Priority  Does your BC Plan(s) prioritize between business units’ processes and activities?
  Are prioritized response plans unambiguous, clear and easy to use?
Special Needs Do your BC Plans cover the special needs of those who are likely to be most vulnerable, for example through age or disability?
Managing & Sustaining Your BCM Program

Reference

Goh, M. H. (2021). Managing & Sustaining Your Business Continuity Management Program. Business Continuity Management Planning Series (3rd ed.). Singapore: GMH Pte Ltd.

Extracted from "Chapter 14: Content for Training & Awareness"

More Information About Blended Learning BCM-5000 [BL-B-5]

To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org.  They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.

New call-to-action New call-to-action New call-to-action
New call-to-action New call-to-action New call-to-action
  FAQ [BL-B-3]

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org

 FAQ BL-B-5 BCM-5000  
 

  

Your Comments Here :

More Posts

New Call-to-action