Business Continuity Management
Business Continuity Management, or BCM, identifies the processes within an organization that could be threatened or compromised during emergency or disaster conditions. These processes then form part of a business continuity plan that assists the business in operating both during and after those conditions have ceased.
The increase in costly extreme climate events has provided a clear signal to many companies of the near-term risks associated with climate change. These include extreme droughts in the U.S. Midwest, severe heat waves in Europe, damaging floods in Thailand, and destructive storms along the east and west coasts of Australia and the Northeast United States.
The Business Continuity Institute, or BCI, has released research spanning 35 countries that revealed that over 70% of organizations recorded at least one supply chain disruption, with 20% admitting they had suffered reputational damage as a result.
Terrible events can happen. Cantor Fitzgerald LP, a bond-trading firm, whose offices were located on the top five floors of the North Tower at the World Trade Centre, lost 658 employees and its primary data center on Sept. 11. It was the worst-case scenario of what could happen. Yet the company was trading again within a week. Before the tragic events of 9/11 Business Continuity existed but was a backwater of contingency planning. The tragedy of 9/11 marked a turning point for Business Continuity that became a game-changer.
The importance of Business Continuity
The rise of the importance of Business Continuity resulted in an ISO standard being developed and released in May 2012. This is known as ISO 22301 Societal Security – BCM Systems Requirements.
This international standard specifies requirements for setting up and managing an effective Business Continuity Management System – otherwise known as BCMS.
Using this standard as guidance, IsoMetrix has developed a Business Continuity Management Solution. The solution assists organizations in identifying their exposure to internal and external threats and provides effective prevention and recovery during emergency or disaster conditions.
BCM can be easily integrated with existing management systems such as ISO 9001, ISO 14001, OHSAS 18001, ISO 27001 amongst others, around a common standards framework.
As part of our recognition of professional institutions, IsoMetrix has aligned its BCM solution with the six professional practices as documented by the Business Continuity Institute (BCI) in their internationally published guide to Global Good Practice in Business Continuity.
The Document Management Module assists in managing the documentation that forms part of the Governance of the BCM program and its implementation. This would include the management and control of all documentation comprising the management system including the compilation, development and updating of business continuity plans.
The Legal and other Business Requirements Module manages the legal and regulatory aspects of the management system and its linkages to all relevant legal, regulatory, and other business continuity requirements that need to be considered in the establishment of the BCMS.
The Appointments section of this module can also be used for managing the roles and responsibilities of those persons appointed by the business as custodians of legal and regulatory requirements that form part of the BCMS and their responsibility for their implementation and communication to all stakeholders.
The Stakeholder Management Module manages relationships with all organization stakeholders, both internal and external. Business Continuity Teams are also managed in this module.
Tests and exercises allow for the development of performance metrics, conducting pre- and post-exercise briefings, recording the results, and reporting on and recommending the next actions required
The Training Module can be used for scheduling training, capturing training, and planning refresher training where required.
The IsoMetrix BIA Module identifies the different types of business impacts and their associated activities to determine where any threats to the business may exist.
Risk Assessment provides an important connection to the BIA Module by first analyzing the threats identified and then rating them, so that risk mitigation measures can be put in place where possible, and reported on. This reduces the impact of the likelihood on the business to an acceptable level.
Strategy, objectives, and targets assists management in defining the business recovery strategies required and their associated objectives and targets that can be translated into measurable Key Performance Indicators or KPI’s. These KPIs can then be allocated to those persons responsible for their implementation in the form of actions via the IsoMetrix Central Action Manager.
This module can also be utilized for carrying out benchmarking activities.
The IsoMetrix Incident and Crisis Management Response Module assists in managing response, recovery and restoration actions for the crisis, incident or situation that has occurred.
It also provides for postmortem reviews of the crisis or incident for regulatory training, reporting and Business Continuity Management (BCM) process improvement efforts.
The Stakeholder Management Module can be used for managing the communication of plans to external stakeholders that have been identified as having an impact on the business. Further to this Business Continuity Teams can also utilize this module to assist in the communication of the plan with internal stakeholders.
Document Management gives the ability to provide virtual battle boxes where any documentation can be stored in any format for recall during incidents.
The Meeting Manager can be used for carrying out post-incident reviews as well as any number of other meetings that are held within the business.
The Internal Audit Module provides the capability for the development of compliance and internal audit requirements. These requirements can be tracked for compliance and findings are captured in the module along with recommendations regarding the next actions required.
Assessments and Inspections is very useful for carrying out qualitative and quantitative questionnaires and assessments to assist in raising awareness of business continuity within the wider business.
Business Continuity professionals spend a large amount of time justifying the value of their activity to top management and the organization’s different stakeholders. However, it has been demonstrated that Business Continuity can be an integral part of building resilience within organizations. Not only does Business Continuity benefit the organization during times of disruption, but it also assists organizations in realizing a substantial return on investment.
Business Continuity helps organizations obtain lower premiums for business interruption and supply chain insurance. An organization with a well embedded Business Continuity plan tends to recover more quickly from disruptions, thereby reducing the time and costs of recovery. This would be an important criterion in determining a risk premium when negotiating an insurance contract.
Business Continuity also assists in increasing efficiency and overall competitiveness. It creates the opportunity for organizations to reflect on their processes, resulting in them mapping out their strengths and weaknesses and initiating further improvements.
BCM also assists in legal and regulatory compliance, preventing organizations from incurring costs from fines or unrealized benefits that divert resources from operations.
Embedding sound Business Continuity practices helps organizations to avoid the duplication of efforts across different areas; it reduces the preparation time for audits and establishes prevention tools to avoid disruptions and possible inefficiencies.
Finally, effective BCM helps organizations to manage their suppliers. The most recent BCI Supply Chain Resilience Report reveals that around three quarters of organizations experienced a supply chain disruption within a 12-month period.
Of those, roughly the same number admitted that they did not have full visibility of their vendors and suppliers.
The effective implementation and use of the IsoMetrix Business Continuity Management Solution will assist the organization in managing short term prospects and long-term viability.
IsoMetrix has solutions across the GRC space including Health Safety and Environment, Legal Compliance, Social Sustainability, Enterprise Risk, Governance and Ethics, Environmental Sustainability, Quality, Occupational Health and Hygiene and Primary Healthcare and Wellness.
For more information on IsoMetrix and our other solutions contact us.
Prepare for the unexpected and protect your business with the IsoMetrix business continuity management solution.
All businesses face challenges that put their futures at risk. A resilient business is able to mitigate and overcome challenges that threaten its survival. Business continuity management (BCM) identifies the processes within an organization that could be threatened or compromised during emergency or disaster situations. These processes then form part of a business continuity plan that supports operations both during and after the crisis.