This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
Like all projects of this nature, size and complexity, the Year 2000 project brings with it a significant amount of uncertainty, unexpected events resulting from the dynamic environment in which we live in, and undesirable outcomes from the remediation work performed by departments. Most people would agree, in that context, that continuous risk management would be beneficial to departments. Who wouldn't want to identify potential problems early enough so that they can be addressed, thereby helping to ensure the ultimate success of their Year 2000 initiatives?
The Government remains optimistic about the its ability to successfully address the Year 2000 problem, but it is the ethical, social, business, and legal responsibility of all government managers to consider the possibility of not being able to complete their conversion activities. Continuity of operations should be the prime concern of managers impacted by the Year 2000 problem. Contingency planning will put these managers in a position to pro-actively and positively work through a potential crisis due to a Year 2000-related business disruption. A pre-established framework for control as well as effective communication, practiced through realistic scenarios, will also provide managers with invaluable tools to work through potential crises.
For these reasons, it is critical that business continuity be a priority for all departments.
In order to clearly position the business continuity process described in this guide vis-à-vis similar processes at the government and national level and conversion activities taking place within the departments, we are providing the readers with the underlying concepts of our process and some basic definitions. At the conceptual level, the TBS business continuity process can be depicted as shown below in Figure 1.
Figure 1 – Conceptual View of the Business Continuity Process
The Business Continuity process start with the establishment of a governance structure which will steer the process and ensure that decisions are made in a timely fashion. The governance structure extends from the planning and control level, where resources are mobilized and assigned to conversion activities, to the corporate (or department level) governance where high level decisions are made regarding business continuity. Both sides of the organization, that is functional and technical, are represented and bring their own set of objectives to the process. Technical personnel aim at achieving Year 2000 compliance before the year 2000 while functional personnel aim at ensuring business continuity. This guide is targeted at the functional side of the organization but recognizes that the achievement of the functional personnel's objectives is heavily dependent on the technical personnel's ability to meet theirs. The technical side of the organization plays an important role in the performance and success of the business continuity process.
The business continuity process spans over the three stages of business continuity identified, within the context of this guide, as:
The Business Continuity process is then broken down into process areas which include:
These four process areas are integrated into one common set of steps that take organizations from realizing that failures due to the year 2000 problem are possible through responding and recovering from crises. TBS integrated process has a particularity of building on the Software Engineering Institute's Continuous Risk Management process. Hence, although it may appear to differ from standard business continuity processes at the lowest level (step level), it satisfies the requirements of the government, builds upon a sound knowledge base and aligns itself nicely with similar processes implemented at the national level. These steps include:
The TBS is proposing a six-step approach to business continuity. It builds on the work of the Software Engineering Institute for Continuous Risk Management and integrates Contingency Planning, Crisis Response and Business Resumption. The underlying activities of this approach are depicted below.
Figure 2 – Integrated Business Continuity Approach
The business continuity activities are as follows:
Implicit but critical to this approach is the need to communicate information about the possibility of not completing conversion activities and the solutions to that problem. The success of the business continuity process hinges on frank and open communications on risks, contingency plans, crisis response plans and business resumption plans within departments as well as between departments, their partners and the TBS.
Getting started with this guide will probably be one of the biggest challenges for organizations that are new to business continuity. In addition to the inertia problem that many departments experience when faced with new processes, other barriers may arise. The following table summarizes some of these challenges and provides high-level solutions to address them.
Barriers | Solutions |
---|---|
Inadequate Senior Management Commitment |
|
Insufficient Funding |
|
Cultural Barriers |
|
Lack of Knowledge |
|
This guide has been structured and formatted to provide easy access to the TBS business continuity process requirements, and to maximize the efficiency of the individuals attempting to meet these requirements. The document focuses on the business continuity process and is divided into eight chapters (an introduction, six chapters describing each of the six steps, and a conclusion). The procedures required to effectively implement the elements are provided in appendices that are bound separately.
In order to keep this guide down to a reasonable size, and since the Software Engineering Institute Continuous Risk Management process has been fully endorsed by the TBS for CRM, specific references are made in this guide to the SEI Continuous Risk Management Guidebook. Departments that do not have a copy of the SEI CRM Guidebook can obtain one by contacting David Holmes at 957-2530. Activities or processes extracted directly from or based on the SEI CRM Guidebook are preceded by the logo below.