By Louisa Venter, chairperson of the South African mirror committee, SABS TC46D and Datacentrix senior enterprise information management (EIM) consultant
Sound records management is crucial to successful business continuity and vice versa; without one, the other is jeopardised.
Business continuity can be defined as the capability of an organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Further, business continuity management (BCM) is the process of achieving business continuity and preparing an organisation to deal with disruptive incidents that might otherwise prevent it from achieving its objectives.
A business continuity management system (BCMS) is a set of interrelated elements that organisations use to establish, implement, operate, monitor, review, maintain and improve their business continuity capabilities. These elements include people, policies, plans, procedures, processes, structures, and resources.
The main objectives of a BCMS are to identify and manage current and future threats to an organisation, take a proactive approach to minimising the impact of these threats, keep critical functions up and running during crises, reduce downtime, and improve recovery times.
This is where records management becomes critical for successful business continuity. An organisation’s memory resides in its records. Aside from facilitating the effective operation of an organisation during its day-today operations, in the event of a disaster, the information and knowledge embedded in an organisation’s records is critical for the continued existence of the organisation. Organisations should therefore integrate their management system for records with their business continuity management system as these two systems complement each other.
A management system for records assists in:
- conducting business and delivering services efﬁciently;
- meeting legislative, regulatory and accountability requirements;
- optimising the decision making, operational consistency and continuity of an organisation;
- providing protection and support in litigation;
- maintaining corporate or collective memory; and
- supporting social responsibility.
Within the business context then, it is critical that BCM takes into consideration the importance of records management, understanding the overall context within which a company operates and manages its records, including the risk management and security context of records management.
The ISO (the International Organization for Standardization) standard for business continuity management, ISO 22313, ensures that organisations are provided with a guideline for business continuity planning that incorporates records management.
This particular international standard will assist organisations to design a BCMS that is appropriate to its legal, regulatory, organisational and industry needs, but will also – beyond the IT and risk management teams – require the involvement of records and information management staff, helping to improve records and information management practices through a process of continuous improvement.
At the same time, implementing this standard will necessitate a review of the role of the records manager from records management alone to a more strategic one that has greater input into the company’s business continuity plan.