Business continuity management (BCM) aims at minimizing the interruption time of business-critical processes in the event of an emergency or any disruption of relevant resources.
Organization and Responsibilities
As an integral part of ECC's Risk Management Scheme, ECC's BCM Policy is regularly enhanced and adjusted. The Managing Board holds responsible for the policy and any changes to it. The Risk Controlling Department performs a coordinating, supervising and validating function. Business continuity measures are implemented within the business-critical-departments under the responsibility of the head of the respective organizational unit.
The BCM Policy is comprised of the BCM Strategy, the ECC Crisis Management Strategy and the ECC Business Impact Analysis. The BCM Strategy and Crisis Management Policy define procedures and responsibilities to ensure business continuity in the event of an emergency, disaster or any discruption of business critical processes, as defined in the Business Impact Analysis. Information is supplied to employees in the associated BCM Handbook and department-specific BCM plans.
Failure Scenarios and Business Continuity Measures
The following failure scenarios are considered in the Business Impact Analysis.
In order to ensure the high-availability operation of business-critical applications, ECC operates two geo-redundant computer centres with a redundant connection of communications lines. In the event of a failure of a critical component in one computer center, operation is automatically switched to the other computer center without loss of data.
For cases of emergency, a back-up office where fully equipped workstations are available for all business-critical departments has been established.
Business-critical processes can be carried out by several persons (e.g. by means of job rotation) to make sure that there is a sufficient degree of redundancy in the event of an emergency.
Rosters ensure that a minimum degree of personnel ressources is available at all times. 24/7 availability is ensured by the means of remote access to all business-critical applications.
Before outsourcing services, ECC examines the performance of new service providers and establish service levels which are monitored continuously.
Business Critical Processes
Business-critical processes are defined in the Business Impact Analysis and reviewed at least annually.
In order to secure the execution of the business-critical processes in line with the applicable period, the restart time must be shorter than the maximum tolerable downtime. Preventive measures are taken to ensure timely availability:
The business-critical departments prepare and continuously update adequate BCM plans for the failure scenarios described above. All employees are informed of the plans and work from the back-up office regularly in order to familiarise with the emergency processes. BCM arrangements are regularly tested and validated.