BCM is an ongoing management process undertaken on a continuous basis to safeguard the interests of key stakeholders, as well as the reputation, brand and value-creating activities [TR 19:2005] of an organisation.
Where BCM is being implemented for the first time in an organisation, it is advisable to treat the implementation as a project. The project should be managed in line with the organisation’s normal project management methodology [COBiT].
In order to manage and maintain BCM within the organisation, personnel must be appointed who will be responsible for defining and managing the complete BCM programme.
The next step is to ensure that a BCM Policy is defined which is appropriate to the nature, scale, complexity, geography and criticality of the business processes and that it reflects the culture, dependencies and operating environment. The Policy should also consider budget availability, time constraints, regulatory aspects, deadlines and the source of the Business Continuity expertise [HB 221:2004] Definition of the BC Policy is essential before the development of the BCP can commence since it forms the foundation for the rest of the work and for the continued viability of BCM (see example in Appendix B).
The BCM capability should be integrated into the organisation’s change management process so that it is incorporated into the growth and development of the organisation’s products and services [BS 25999-1].
During this stage of the BCM programme consideration should be given to the personnel who will form part of the organisation’s response and recovery teams during and after an incident.