Why is Business Continuity Management Important?
IT problems, power outages, loss of mains water and failure of suppliers attract little media attention but nevertheless they cause significant disruption and financial loss to thousands of businesses each year. Business Continuity Management can protect your organisation by mitigating these known risks as well as preparing for the unexpected. Business Continuity Management can also assist in creating a competitive advantage and providing reassurance to staff, investors and other stakeholders.
What Does Business Continuity Management Involve?
ISO22313: Societal Security – Business Continuity Management Systems – Guidance defines good practice based on the following ‘Elements of Business Continuity’
Operational Planning and Control
As with any major project, objectives and timescales need to be identified, resources must be allocated and roles and responsibilities assigned to appropriate individuals.
Business Impact Analysis and Risk Assessment
This element consists of 2 separate, but closely related, activities:
- The Business Impact Analysis (BIA) identifies the critical activities of the organisation, quantifies the impact of not carrying out these activities and calculates the resources required to recover them in a timely fashion; and
- Risk Evaluation and Control identifies the risks to the critical activities and applies risk mitigation measures where appropriate.
Determining Business Continuity Strategy
The Business Continuity strategy captures how the organisation can most effectively maintain and/or recover its critical activities in the event of disruption and forms the basis for the development of detailed plans.
Establishing and Implementing Business Continuity Procedures
This element involves implementing any infrastructure changes, defining Incident Response structures and the writing of Incident Management and Business Recovery plans.
Exercising and Testing
Exercises and rehearsals are vital to build confidence in the plan and to identify errors and omissions. A formal audit and review process is also necessary to ensure that plans remain up to date and fit for purpose. This element also includes ensuring that everyone in the organisation must receive basic BCM awareness training and those with specific responsibilities must have more detailed BCM skills training.
How can Cambridge Risk Solutions Help?
Cambridge Risk Solutions provides a range of services to assist with each stage of the Business Continuity Lifecycle. Alternatively, if you wish, you can outsource your entire Business Continuity Management function to us.
We are members of the BSI Associate Consultant Programme and LRQA Consultant Network, and all work is conducted in accordance with ISO 22301 and ISO 22313.
View some case studies of recent Business Continuity planning, training and exercising projects.
Further information on all aspects of the Elements of Business Continuity is available in our Downloads section.