Organisations may be exposed to the risk of unexpected disruption to their business operations such as natural disaster, fire, flood, supply chain disruption, cyber attack, employee strike and pandemic. Such events can severely impact revenue, profitability and even survival.
To protect your organisation and ensure that business operations continue to function when such events occur, you must establish a business continuity management system (BCM).
By the end of this article, you will be equipped with knowledge on:
• What is business continuity management?
• What are the 3 main areas of business continuity management?
• What is the difference between a business continuity plan (BCP) and BCM?
• What are the key elements of business continuity management?
• What are the steps in business continuity management?
What is business continuity management?
Business Continuity Management (BCM) is the management process that oversees and implement strategies to address the risk of unexpected disruptions. It covers emergency response, risk management, planning, business continuity plan (BCP), training, testing and improvements.
What are the 3 main areas of business continuity management?
There are three main areas in the processes of business continuity management:
1. Establishment
2. Implementation
3. Continuous improvement
These processes and their interactions are needed for an effective and comprehensive business continuity management that will help your organisation identify potential threats and recover from any form of disruptions or threats to your business functions. These three areas will be covered in greater detail under the steps in BCM.
What is the difference between BCP and BCM?
BCP is a plan that your organisation can develop to perform the necessary actions to recover from unexpected disruptions and resume normal operations again.
BCM is the management process to oversee and implement strategies to address the risk of unexpected disruptions or crises and minimise the impact on business operations. Disruptions can include floods, fires, workers strikes, supply chain cut-off, pandemic, computer system hacked, etc.
What are the key elements of business continuity management?
BCM is a holistic management process that integrates various elements, namely Business Continuity Plan (BCP), Emergency Response, Crisis Management, Disaster Recovery, Risk Management, Business Impact Analysis, Resilience and Reputation Management.
1. BUSINESS CONTINUITY PLAN (BCP)
BCP is an integral part of BCM that focuses on resuming operations during an unplanned disruption until it returns to normal again. The plan outlines the strategies and actions required by the organisation, which is more comprehensive than a disaster recovery plan. It contains contingency plans for every aspect of your business operations that may be affected, such as financial services, human resources, productions, inventory management, distributions, external suppliers and business partners etc. The BCP must detail the roles and responsibilities of various key stakeholders and be shared with top management for their agreement and sign-off.
2. EMERGENCY RESPONSE
This is often seen as one of the critical elements in BCM that require the most resources and management’s attention. It requires very urgent intervention to mobilise people and various resources to bring an incident under control quickly. An emergency can include natural disasters, pandemics or major accidents etc. The response usually focuses heavily on the protection and safety of lives, the company’s assets, health and the environment.
3. CRISIS MANAGEMENT
This is a process to manage a response to a crisis or major event affecting your business operations in order to stabilise and effectively control the situation and recover your operations in the quickest time possible. Crisis can be attributed to impending changes related to the country’s social, political, economic, environmental or security situation. It often causes uncertainty and threats to the organisation’s goals.
4. DISASTER RECOVERY
A key component of BCM is disaster recovery. It includes the activation of the recovery team to carry out the necessary actions in handling a specific disruption when an incident happens. For example, when there is an IT disruption to the organisation’s network servers or cyber attacks, the disaster recovery plan will include workarounds or the use of backup systems to recover critical IT assets or systems so that your business operations can continue until they are restored. An essential aspect of disaster recovery is reviewing and assessing the recovery time objective after the incident to address any shortcomings and revise the plan for future implementation.
5. BUSINESS IMPACT ANALYSIS
This analysis is conducted to help your company identifies potential threats and possible risks that your organisation is exposed to and analyse the impact of the disruption if it happens. It is an essential element of BCM as it supports the business continuity process. It involves reviewing all critical activities within your business functions and the recovery point objective and time frame required to minimise the impact of a disruption.
6. RISK MANAGEMENT
Another key component of BCM is the creation of Risk Management to identify the broad array of potential risks to your organisation, covering resources (human, property, equipment and facilities), financial assets, operations, regulatory compliance, information security etc. The probability or likelihood of each risk occurring and their potential impact and severity have to be evaluated, assessed, ranked and measured against your organisation’s risk tolerance to prioritise which risks to address or mitigate first relative to the others.
7. RESILIENCE AND REPUTATION MANAGEMENT
BCM is a very fundamental and significant aspect of business operations in any organisation. BCM is itself a risk to the organisation if it is not managed effectively or adequately. Your organisation needs to be prepared for any unexpected disruptions or incidents so that it can protect or resume its operations and continue to function and recover from the adversity. Having an effective BCM process in place can help companies meet regulatory compliance and manage and protect their reputation and build organisational resilience, thereby protecting the brand and enhancing their competitive advantage.
What are the steps in business continuity management?
Establishment
Step 1:
Establish a BCM system by first creating a team to manage the various processes. Your top management must show commitment and support to the team by providing the necessary resources and training competent people with defined responsibilities.
Step 2:
Carry out a risk assessment of your organisation. You will need to identify and evaluate the risks or possible disruptions your organisation is exposed to and determine the severity and likelihood of different threat scenarios.
Step 3:
Perform a business impact analysis (BIA). This is to assess the potential impact to the different functions within your business operations in the event of a disruption and the maximum time required to resume operations or recover from it.
Implementation
After the management team has been formed, with risk assessment and business impact analysis performed, the next phase is the implementation, which will utilise the results and findings from your risk assessment and business impact analysis.
Step 4:
Develop strategies and create a BCP and implement these recovery strategies across your organisation. These strategies and plans must be detailed, comprehensive, realistic and effective so that every stakeholder involved can understand and be guided on their roles and responsibilities. Do include the actions to be taken in the event a disruption strikes.
Continuous improvement
The final phase is continuous improvement.
Step 5:
Carry out regular testing of your BCP to ensure that the entire organisation is thoroughly trained and prepared for any disruption to your operations. This is typically performed through annual simulation exercises to ensure all stakeholders are fully aware of their respective actions in response to various scenarios or disruptions that can affect the business operations.
Step 6:
Periodically review your business continuity plan to make improvements to the existing BCP. Through the tabletop exercises in step five, your organisation can identify new threats, fine-tune and adjust in accordance with any changes in the business process so that your existing plans will continuously improve, adapt and update to accurately and effectively respond to new different scenarios.
Conclusion
Business Continuity Management plays a very critical role in every organisation. For your company to continue its business operations when disruptions occur, you will need to establish, implement and continuously improve your business continuity management processes.
ISO 22301 is the international standard that helps organisations craft business continuity plans to protect them and help them recover from disruption when an incident occurs. It also helps companies identify potential threats to their businesses and build the capacity to deal with unforeseen events with an adequate response.
Stendard can help your organisation by providing business continuity management consulting services with experienced consultants. If you have any questions regarding business continuity, please feel free to drop us an inquiry.
At Stendard, we believe that quality is everyone’s business because it takes a team to consistently deliver and uphold excellent standards that build confidence with customers, partners and the community. We are a competent group of experts who can provide consultancy support and advice on using technological platforms for your company through this journey.
As always, if you have any queries or questions, feel free to contact us.