A records management perspective on business continuity

Published: Tuesday, 04 August 2015 07:20

Organizations should integrate their management system for records with their business continuity management system, says Louisa Venter, chairperson of the South African mirror committee, SABS TC46D, and Datacentrix senior enterprise information management consultant.

Sound records management is crucial to successful business continuity and vice versa; without one, the other is jeopardised.

The main objectives of a business continuity management system are to identify and manage current and future threats to an organization; to take a proactive approach to minimising the impact of these threats; to keep critical functions up and running during crises; to reduce downtime; and to improve recovery times.

This is where records management becomes critical for successful business continuity. An organization's memory resides in its records. Aside from facilitating the effective operation of an organization during its day-to-day operations, in the event of a disaster, the information and knowledge embedded in an organization's records is critical for the continued existence of the organization. Organizations should therefore integrate their management system for records with their business continuity management system as these two systems complement each other.

A management system for records assists in:

Within the business context then, it is critical that business continuity management takes into consideration the importance of records management, understanding the overall context within which a company operates and manages its records, including the risk management and security context of records management.

The ISO standard for business continuity management, ISO 22313, ensures that organizations are provided with a guideline for business continuity planning that incorporates records management. This particular international standard will assist organizations to design a business continuity management system that is appropriate to its legal, regulatory, organizational and industry needs, but will also - beyond the IT and risk management teams - require the involvement of records and information management staff, helping to improve records and information management practices through a process of continuous improvement. At the same time, implementing this standard will necessitate a review of the role of the records manager from records management alone to a more strategic one that has greater input into the company's business continuity plan.