Business continuity

Σταματοπούλου, Συρμούλα Ι.

Master Thesis

Author

Σταματοπούλου, Συρμούλα Ι.

Date

2012-09-27

Abstract

Companies, organizations and institutes which provide critical services and are connected with vulnerable processes, is crucial to ensure the availability of these. According to the report released by the AXA Company, and which was published in 2007, “80% of businesses affected by a major incident either never re-opened or closed within 18 months”. To prevent such catastrophic consequences, companies should establish mechanisms and procedures to ensure the business continuity after a disastrous event. This is provided by the development and implementation of a Business Continuity Plan (BCP). The main objective of the current study is the examination and presentation of the Business Continuity Management (BCM) and Business Continuity Plan (BCP) processes. Targeted standards, guidelines and methodologies of BCP, are examined and presented in order to cover different areas of business operations. Specifically, these are the BS 25999 (covers the entire range of a business operation), the NIST SP 800-34 (contingency planning guide for Information Technology Systems for government institutions), the ENISA (an approach for Small Medium Sized Organizations focus on IT Systems), the FFIEC (Business Continuity Planning for financial institutes) and the Bank Of Greece Governor’s Acts 2577 9.3.2006 - Annex 2 (for Systemically Important Payment Systems – SIPSs). Finally, a case study which is based on the guidelines given by the Bank Of Greece will be presented at the end of this document. The case study concerns the BCP creation by a hypothetical medium financial institute (bank) that provides services only via telecommunication networks (internet and telephone) and services through Automated Teller Machine (ATM) and Point of Sale (POS).