CIR PM BCM Team Structure for CIR

Organisational Structure

When an organization decides to establish a BCM or a cyber security program, the organization needs to develop a structure consisting of the different teams involved to facilitate the development of the plan.

Figures 1 to 3 are examples of existing BCM structures.

Figures 1 and 2 show structures the organizations have established for developing their BCM program.

BCM Structure

Figure 3: BCM Structure

The two structure is combined, as shown in Figure 3, because of the need for the BCM process to accommodate both the planning and response phases.

The planning phase involves input from various business units, which are under the supervision of the Organisation BCM Coordinator, to develop BCM processes and procedures to ensure CBFs can continue to operate during an incident. The respective recovery team members then execute the set procedures.

Combining the two makes it easier to see the importance of the Organisation's BCM Coordinator, as this designated professional is charged with facilitating the exchange of information between the business units and the senior management. Whatever policies and procedures are developed must go through the senior management to seek their approval. Once approved, the procedures are taught to the recovery team members so that they can execute them efficiently.

Roles and Responsibilities

1. Executive Management

Made up of high-ranking stakeholders that ultimately decide if the business continuity and cyber security program are to be implemented. They are the ones who make the final decision on what procedures are to be executed. Therefore, the business case for the BCM and cyber security program must be well presented to justify implementation.

2. BCM Steering Committee

The BCM Steering Committee comprises the Chief Executive Officer, the CXOs, the Head of the respective business units, and the secretariat by the Organisation's BCM Coordinator. These groups are in charge of setting the strategic direction for the BCM program for the organization.

3. Organisation BCM Coordinator/ Project Manager

The BCM subject matter expert or overall in-charge of the BCM program. This designated person is responsible for coordinating the development of the BCM program for the organization. He/ She facilitates the exchange of information via a top-down approach or vice versa.

He / She ensures that the BCM plan is comprehensive and aligns with the organization’s policies and standards. This person is the key coordinator to be involved with the cyber security team when developing the CIR initiatives for the organization.

4. Business Unit (BU) BCM Coordinators

They are representatives from each business unit (or divisions/ departments) within the organization. They seek direction and collaborate with the Organisation's BCM Coordinator to maintain the BCM program and plan.

5. Business Unit BCM Team Members

These consist of employees carrying out daily operations for the organization to develop products or provide customer services. They are responsible for executing the recovery procedures during an incident to ensure business functions can continue to operate.

Related Topics for CIR Project Management

Do You Want to Continue BCM Training onsite or online?

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd. 

Reference: Chapter 5 Project Management 5.7.1 BCM Structure

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.