Business continuity management (BCM) aims at minimizing the interruption time of business-critical processes in the event of an emergency or any disruption of relevant resources.
Organization and Responsibilities
ECC's BCM Policy is regularly enhanced and adjusted. The Managing Board holds responsible for the policy and any changes to it. The Compliance Department in collaboration with the Risk Controlling Department performs a coordinating, supervising and validating function. Business continuity measures are implemented within the business-critical-departments under the responsibility of the head of the respective organizational unit.
The BCM Policy is comprised of the BCM Strategy, the ECC Disaster Management Strategy and the ECC Business Impact Analysis. The BCM Strategy and Disaster Management Policy define procedures and responsibilities to ensure business continuity in the event of an emergency, disaster or any disruption of business critical processes, as defined in the Business Impact Analysis. Information is supplied to employees in the department-specific BCM plans.
Failure Scenarios and Business Continuity Measures
The following failure scenarios are considered in the Business Impact Analysis.
In order to ensure the high-availability operation of business-critical applications, ECC operates geo-redundant computer centres with a redundant connection of communications and power supply lines. In the event of a failure of a critical component in one computer center, operation is automatically switched to the other computer center without loss of data and before the defined critical deadline.
For cases of emergency, a back-up office with fully equipped workstations is available for all business-critical departments. The backup office has a different infrastructure connection from the primary office. Further, remote accesses enable to switch business processes to standby laptops.
Business-critical processes can be carried out by several persons (e.g. by means of job rotation, education and tuition) to make sure that there is a sufficient degree of redundancy in the event of an emergency.
Rosters ensure that a minimum degree of personnel resources is available at all times. 24/7 availability is ensured by the means of remote access.
Before outsourcing services, ECC examines the performance of new service providers and establishes service levels which are monitored continuously. The supplier have to comply with the defined recovery parameters for ECC business critical processes.
Business Critical Processes
Business-critical processes are defined in the Business Impact Analysis and reviewed at least annually.
In order to secure the execution of the business-critical processes in line with the applicable period, the restart time must be shorter than the maximum tolerable downtime. Preventive measures are taken to ensure timely availability:
The business-critical departments prepare and continuously update adequate BCM plans for the failure scenarios described above. All employees are informed of the plans and work from the back-up office regularly in order to familiarise with the emergency processes. BCM arrangements are regularly tested and validated.