The nature, complexity and scale of recovery management cannot be determined in advance of an incident; therefore, recovery management has to be flexible, scalable and relevant to a broad range of risks applicable to the organization and its operating environment.
Some incidents are dramatic and as a result can change the very fabric of “normality” for an organization so lessons have to be learned from the response to any incident and the recovery management arrangements reviewed.
For this reason, recovery management might need to operate under new operating norms beyond recovering to pre-recovery conditions. Recovery management has to balance predetermined recovery requirements against emerging or changing expectations.
Recover, restore or reconfigure
PD 25888 Guidance on organization recovery following disruptive incidents offers a definitive step-by-step guide on how best to develop and implement your organization’s recovery in response to a disruptive incident.
Designed to complement the provisions of BS 25999, this document presents the ability to recover, restore or reconfigure taking into consideration the financial, legal, regulatory, environmental, reputational and emotional consequences that could result from an incident and the consequences that follow.
Successful implementation of organization recovery is mutually dependent upon effective implementation of incident management and business continuity plans.
Why do you need the PD 25888:2011 Standard?
PD 25888:2011 was published to support organizations and their readiness, capability and resilience to ensure effective communication, action and decision making for recovery management.
For this reason, recovery management is an executive activity and demands a high level of senior management’s attention. The key objective of recovery management is to manage the recovery of your business and the restoration of its capability.
The PD 25888:2011 Standard offers a standard methodology for business continuity management (BCM) and organization recovery.
The PD 25888:2011 Standard must be applied as a pre-incident planning activity to ensure that your organization is prepared for planned or unplanned disruption.
Even when an incident is anticipated there is no guarantee that recovery must, must be, or can be effected, but it is important to underline that recovery management is not an event, it is a process.
Organization recovery should start seriously when the response to an incident gathers momentum. The PD 25888:2011 Standard is a business focused, holistic and practical approach to help organizations deliver the best possible business outcome in spite of the disruption of an incident.
PD 25888:2011 Standard is generically a ‘Standard’ which is intended to help an organization to create its recovery on the foundation of a best practice methodology. PD 25888:2011 Standard is not a ‘How to’ solution to a matter because there are many factors influencing the success of your business and organization recovery.
- Is the process of managing the recovery of your business and the restoration of its capability during a disruptive incident.
- Is a management process that recognizes and attempts to manage external influences on an organization’s ability to recover and restore functionality to acceptable levels.
- Is a multi-faceted, cross-functional activity that responds to the immediate and longer term needs of business recovery and restoration.
- Is an executive activity that demands a high level of senior management’s attention.
- Is a process that recognizes and attempts to manage relevant influencing factors on the organization’s ability to recover from a disruptive incident.
- Is a cross-functional activity that should employ known and trusted solutions.
- Are the various methods by which recovery can be effected for the organization, its processes, and/or key assets.
- Are all of the facility’s assets, extended information and services, plant and machinery, as well as its key processing functions required to deliver a productive service to customers, regardless of the phase of the company’s life cycle.
- Are the tasks that must be completed to achieve recovery objectives.
- Are the components that must be in place for a facility’s critical processes to function.
- Are the goals that an organization strives to achieve throughout the recovery process.
- Are the ‘how to’ actions required to achieve recovery priorities.
- Is determined as a consequence of external and internal analysis of the organization’s planning assumptions and requirements, together with the organization’s business strategy.
- Is the process of understanding the impact that the incident could have on the organization’s ability to deliver to its customers.
- Are the belief system of the key leaders of the organization.