PgM 14: Content for Training & Awareness

Content for Training & Awareness

Areas of Concentration

IC_Morepost_PgM_Content For BCM Training and Awareness

There is a need to distinguish BCP awareness and training programs against other organizational awareness and training programs. The Organisation BCM Coordinator should scope the programs to concentrate and focus on the main topics of the BCP which include:

Importance of the BCP to the business, organization and employees
Key components of the BC Plan
Organizational structures and key members of the BC teams
Activation criteria for the BC Plan process
Expectations and roles of the management and employee prior to, during and after the activation of the BC Plan
Availability of BC Plan information to anyone who needs to refer to one

Content of Training Program

The BC training program should focus on the following areas:

Components of BC Plan

Educating the Executive Management and employees of the organization to understand the importance and fundamental need for a BCP will greatly enhance the effectiveness and efficiency of performing the business recovery activities, thereby reducing the potential loss to the organization.

Contextualizing the detailed technical and business aspects of the BC Plan into layman terms for different levels of employees in the organization through awareness and training programs will enable the organization to achieve the following key advantages:

Minimize the degree of misinterpreting documented objectives, terms, processes and procedures. This makes the BC Plan readable to the employees who are appointed with BC responsibilities so that they are able to easily execute the processes and procedures. It also makes the BC Plan readable for the general employees to appreciate the need to support the smooth execution of the BC Plan to ensure the survival of the organization in the event of a disaster
Reduce the decision making activities to a minimum, as key confusion areas, doubts and “blind-spots” will be questioned and cleared during the training and awareness sessions by the employees
Minimize the total business recovery time, as well-informed and well-trained employees are equipped with necessary skillsets and familiarity to quickly carry out the business recovery activities as documented
Reduce the overall BC Plan expenses, as only necessary resources are required, well-equipped employees will be able to perform the recovery process efficiently and shorten every aspect of the recovery time to have the business back in operation as soon as possible

The key areas in the BC Plan that are worthwhile highlighting upfront to the employees include topics on employee safety, activities that have a great impact to the business survival, and processes that require special skillsets or special equipment. Some of these examples include emergency response procedures, crisis management procedures and special financial software recovery procedures.

Why is a BC Plan Important?

For the BC Plan to be successfully executed, there is a list of key components that need to be clearly communicated to, and understood by the BC teams, management and employees. So, effort should not be spared in planning, preparing and disseminating these key components of the BCP to everyone in the organization.

The key components of the BC Plan include:

Overview of how the BC recovery activities are interlinked to ensure the continued availability of business activities regardless of the operational status of the resources and environments
BC Plan activation criteria
Emergency response procedures
BC organizations, contacts and, roles and responsibilities of the BC team members
Business operation risk analysis and assessments
Critical business function identification through a proper Business Impact Analysis process
Vital resources, including equipment, software, people and records identification and management
Recovery processes and procedures for the critical business functions
Returning to normal business operation after a disaster

What is the Role of Business Unit BCM Coordinators?

Knowing the BC teams, the individuals in each of the BC teams and their corresponding roles and responsibilities, in addition to the interfaces between BC teams will enable each of the BC team members to understand his/her role during a disaster situation.

The general employees should also get to know the BC team members so that information can flow to the correct persons and a BC decision can be made quickly to prevent a worsening of the situation.

Where can BC Plan Information be Found?

The Executive Management and general employees must know their roles and responsibilities in a disaster event that occurs during normal business operating hours, and after the activation of the BCP. This is important for the survival of the organization.

Thus, the Organization BCM Coordinator must plan for programs to both formally and informally explain these roles to each of the personnel involved. Some of the formal mechanism involves:

Providing induction briefing by working with the Human Resource department to explain to all the new staff members their roles and responsibilities in layman terms
Including BC formal write-ups as part of the employment handbooks
Conducting regular emergency response and BC exercises
Formalizing mandatory refresher course with the Training department for employees to attend after a standard period of time of say every 24 months

Some of the informal mechanisms include:

Regularly putting up posters in common and accessible areas to remind everyone of their roles and responsibilities
Broadcasting messages periodically over the organization’s Intranet or having messages appear regularly on the network login
Highlighting general information on the organization’s notepads or folders

When is the BC Plan Invoked?

It is essential that every employee knows the what, the when, the who and the how in activating the BC Plan processes. This will help to reduce the recovery time for critical business operations during a disaster and remove all unproductive false alarms.

There is a need to clearly understand the key triggers and the appropriate decisions that must be taken in order to activate the BC Plan processes. It is recommended that a practice-based training or exercise be carried out to ensure all the key players in the BC teams have an opportunity to experience each and every step stated in the BC Plan to verify, experiment and justify the activation of the BC planning process.

How is the BC Plan Invoked?

A systematic means for every employee in the organization to locate the BC Plan information is the first step towards getting them familiarized with the business recovery processes. On the other hand, the organization will need to ensure that the BC Plan’s sensitive business processes cannot be accessed by unauthorized personnel.

Creating the correct level of awareness and educating the employees on the correct way of accessing the critical BC Plan information are mandatory tasks of the Organization BCM Coordinator.

The Organization BCM Coordinator should ensure that the following key objectives are achieved:

Information security, control and management
Information storage, dissemination and availability

Information Security, Control and Management

The control and right to access the BC Plan and its related document should be carefully considered. The BC Manager should:

Ensure that the classification of the BC Plan documents, like any other strategic business information, is according to the organization’s information security standard
Design and post BC Plan information which should be of different detail levels, depending on whether areas are accessible, semi-secured (where access is through IDs and passwords), and secured (where only special rights to access the document are given)
Secure access to the BC Plan documents on a “need to know” basis where the depth of information that may be accessed by an employee depends on his/her role and responsibility
Provide audit logging mechanisms to track which employee had accessed the BC Plan documents (with information on when, what, why and how) and whether the employee had been given a copy of the BC Plan documents based on BC Plan document dissemination criteria
Ensure all changes to the BC Plan documents are properly justified, vetted and approved by the relevant authority and documented as history tracks in the documentation

Information Storage, Dissemination and Availability

It is critical that the storage, dissemination and availability of the BC related media be evaluated carefully.

Availability

It may not be safe for BC Plan documents to be stored only on the organization’s Intranet because the Intranet may not be available to the BC teams should a disaster destroy the office building completely

Information Storage

Employees need to know where the BC Plan information is stored and to understand that some critical information still has to be printed in hardcopy

Dissemination

There is a need to identify and establish an effective way to disseminate the appropriate content of the BC Plan documents to all the BC teams and employees.

Contents of Awareness Programs

A good awareness program must include the following in its content:

Access to basic documentation
Basic employee BC activities
Liaison with external agencies

Access to Basic Documentation

The fundamental BC information that all the employees are required to know within the organization are:

The organization’s BC Policy Statement

Definitions of common BC terms so that everyone in the organization speaks the same language
BC organization chart with the photograph and role of each BC team members
Emergency response procedure
Resources committed to the development and maintenance of the BC Plan
Locations and channels to obtain BC information

All employees must be made aware that competitors may capitalize on the chaotic situation to steal crucial information which, if leaked, may endanger the survivability of the organization. They must therefore know the additional security procedures that are put in place at the disaster area, alternate site and recovery site during such a situation:

Protocols for reporting any suspicious persons or suspicious activities being carried out there
Checks on people who request for sensitive information
Security patrols that are conducted

Basic Employee BC Activities

The fundamental BC information that every employee must be aware of includes:

What to do before, during and after an event?
Who to contact?
Who will contact you?
Where to go?
Where to assemble?
How to deal with the media?
What are the immediate steps to be taken during and after office hours?

Liaison with External Agencies

These are external legal entities that could assist the employees in obtaining information regarding the disasters:

Police
Building security management team
Fire department
Civil defense
Non-government organizations (NGOs)
Emergency management offices
Hospitals

Checklist on Training & Awareness

A checklist should be developed to ensure that all grounds have been covered and that pertinent legal and compliance issues related to BCM have been addressed adequately, so that the organization would not be liable for negligence in the face of the law. Evidences relating to these key issues must also be documented, for example, attendance records of senior managers at exercises.

Key issues and concerns include:

Key Areas	Self Assessment
Risk Analysis and Analysis (RAR)	Have the Executive Management and Organization BCM Coordinator considered the effects of a major disruption on services?
	Have countermeasures to minimize risk been identified and taken, including measures to combat potential information loss?
Business Impact Analysis (BIA)	Have all business units assessed the potential for disruption by a structured process such as a BIA that identifies risks and their potential impact on services, critical activities and dependencies?
Business Continuity Strategy (BCS)	Is there a short term recovery strategy for every major service/business unit?
	Do contingency arrangements cover alternative premises & communications arrangements?
	Does the Steering Committee have quality assurance arrangements over continuity for contracted services?
Tests & Exercise	Are emergency management arrangements for any business disruption clearly set out and tested through exercises?
	Are BC Plans reviewed and updated regularly in the light of lessons learnt from any exercises or incidents and research?
	Are BC Plans and procedures, including those for out of hours emergencies, validated through regular tests and exercises?
Security	Is the security of critical information reviewed whether this information is held electronically or on paper?
	Is step taken to minimize the danger of losing the information, or losing access to the information, during an emergency?
Roles & Responsibilities	Is it clear who is responsible for ensuring that each business unit or site has a BC Plan in the face of serious disruption?
Emergency Planning	Are there procedures to ensure responsible staff members know what to do in an emergency?
	Do you have emergency planning specialist responsible for zonal wide disaster?
	Do you have a standard format/template and terminology if there are separate business units or sites based emergency plans?
	Are BC Plans integrated with emergency plans?
Documentation	Are quality checks conducted on written BC Plans?
	Is the BC Plan written in its local language?
	Are copies of BC Plans and essential equipment/ documents (in electronic or hard copy) kept easily available but off site?
	Are there adequate records of test and exercise results?
	Are there recovery procedures for version control?
Consistency	Are there arrangements to ensure consistency and integration between sites and business units, and between BC and emergency plans?
	Are there procedures to check consistency between BC Plans?
External Vendor	Are there occasional external involvement and challenge in your review arrangements?
	Does the procurement policy or contracts cover risk management and BC arrangements?
	What is the quality assurance arrangement with contractors to cover emergency response?
Priority	Does your BC Plan(s) prioritize between business units’ processes and activities?
	Are prioritized response plans unambiguous, clear and easy to use?
Special Needs	Do your BC Plans cover the special needs of those who are likely to be most vulnerable, for example through age or disability?

Reference

Goh, M. H. (2021). Managing & Sustaining Your Business Continuity Management Program. Business Continuity Management Planning Series (3rd ed.). Singapore: GMH Pte Ltd.

Extracted from "Chapter 14: Content for Training & Awareness"

More Information About Blended Learning BCM-5000 [BL-B-5]

To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org. They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.