Business Continuity Management
What is Business Continuity Management?
These days we are all too aware of a wide variety of threats - both major and minor - that can affect modern day business and living (terrorism, fire, floods, pandemics, denial of access to an organisation’s offices or plant, loss of IT capability, loss of staff etc.). Business Continuity Management (BCM) identifies what those threats are to an organisation, the potential risk of those threats actually happening to that organisation and the potential impacts of those threats on the continuity of the organisation’s business activities.
 |
BCM provides a framework for building resilience against the identified threats, enabling each organisation to mitigate the impact of major disruptive events on its critical business activities such that it has an effective response to these. Thus the interests of the organisation’s key stakeholders are safeguarded and its reputation and brand do not suffer. |
Business Continuity Institute (BCI) Certification
Professional membership of the BCI provides internationally recognised status - this valued certification demonstrates the members’ competence to carry out Business Continuity Management (BCM) to a consistent high standard.
From 2008 all applicants for professional certified grades within the BCI are required to pass the BCI Certificate examination as well as having relevant experience in BCM.
Why does your Business need Business Continuity Management?
-
Would your customers stay loyal to you if you were unable to supply to them the products and services that they expect within certain time frames, service level agreements and at the agreed price?
-
Could your business survive a blow to its reputation under such circumstances?
-
Have your insurers started to demand Business Continuity Planning within your organisation?
-
Could your business survive with 15% - 40% of your employees either suffering directly from a pandemic outbreak of H5N1 Avian Bird Flu, off work due to caring for relatives or just too scared to go to work? You COULD survive? Great – have you got a PLAN to do so?
-
Does your business have a dependency on IT applications for such processes as “Order to Cash”? Or of course, for Payroll?
-
Can you be sure that your own suppliers and business partners have a Business Continuity Management System such that, if they suffered a major incident, it would not adversely affect your own ability to operate and trade?
-
If a neighbouring business, physically close to one of your organisation’s locations, suffered a major incident, would it impact your organisation and your ability to continue your critical business processes at that location?
-
Are you a “Category One” responder in the event of emergency planning in the Public Sector? The Civil Contingencies Act demands that such responders (e.g. the Emergency Services, Local Authorities) have BCM arrangements in place.
These are just some of the drivers that encourage businesses to implement Business Continuity Management.
What is involved?
The Business Continuity Management Standard (BS25999) and the Business Continuity Management Lifecycle
In 2007, the British Standards Institute (BSI) published BS 25999, the world’s first standard for Business Continuity Management, which has been developed to help businesses minimize the risk of disruptions. RKJ Consulting Limited believes that following this Standard will result in a robust Business Continuity Management System (BCMS) for your organisation. You may also choose to have your implemented BCMS assessed against this standard and gain BSI certification, sending a very strong and positive message to your customers and stakeholders.
The Standard is in 2 parts:-
-
Part 1 is a Code of Practice, which offers guidance and recommendations and covers the BCM Lifecycle. As the BSI describe “It establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organization and to provide confidence in business-to-business and business-to-customer dealings. In addition, it provides a comprehensive set of controls based on BCM best practice and covers the whole BCM lifecycle. (See below for further information on the BCM Lifecycle).
-
Part 2 is a Specification, which covers everything needed for an organisation to build a robust Business Continuity Management System (BCMS). As BSI describe “BS 25999-2 specifies requirements for establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented Business Continuity Management System (BCMS) within the context of managing an organization’s overall business risks”.
The standard can be used by both internal and external parties (such as auditors) to assess your organisation’s ability to meet regulatory, customer and the organisation’s own BCM requirements. This applies equally well to any size or type of business.
For further information on the British Standards Institute, go to
http://www.bsi-global.com/
The Business Continuity Management Lifecycle – a brief explanation
The “Hub” of the Lifecycle is BCM Programme Management. “Programme” and not “Project” – this is a continuous “living” process. This is all about establishing a BCM system (BCMS) in the organisation and ensuring responsibilities are assigned. Commitment from senior management is paramount to this step.
The
first “spoke” in the Lifecycle is “Understanding your Organisation”.
This involves undertaking a Business Impact Analysis (BIA) and a
Risk Assessment (RA). This ensures that threats & the impacts of
those threats causing disruption to your critical business
activities are measured and the likelihood of those threats
happening to your organisation is assessed. Decisions about what
action to take regarding the risk of disruption can then be made.
Determining BCM Strategy: this stage is all about what action you can take to maintain the critical business activities that are required to ensure your organisation’s key products & services are delivered. Strategies can be developed, based on the output from the BIA and RA in the previous step.
Developing & implementing a BCM response: during this stage development & implementation of appropriate plans and arrangements will result in the ability to manage any incident and ensure continuity & recovery of critical business activities that support key products & services.
Exercising, maintaining & reviewing: during this stage the organisation will review plans and undertake various exercises to ensure the plans are kept up-to-date and areas for concern are identified & addressed BEFORE an incident should happen.
The “tyre” of the Lifecycle is Embedding BCM in the organisation’s culture. To be successful, BCM has to become a way of life within an organisation, part of its culture. This is achieved by continuously raising awareness of your organisation’s BCMS and an ongoing programme of training staff.
How RKJ Consulting Limited can help with your Business Continuity Management requirements
Let
RKJ Consulting Limited take the
worry and mystique about Business Continuity Management away from
you – we are here to help.
Asking us to help at the early stage of initiating a Business
Continuity Management System will save you development time; in
addition, the knowledge transfer from
RKJ Consulting Limited
to your staff will save you external training costs.
RKJ
Consulting Limited
can help your organisation with all the aspects of the BCM
Lifecycle. We are independent and have a passion for BCM. We want to
see YOUR business implement a robust Business Continuity Management
System, not merely a few plans for a few well chosen scenarios.
We can give advice on what & how to implement regarding a Business
Continuity Management System (BCMS), be of assistance throughout
your BCMS implementation, or be there at any given stage or stages
when you need extra help.
We can chat one-to-one with your senior managers or present to your
Board or BCM team, suggesting ways in which you can further
introduce or cascade BCM to your organisation.
We also offer Training in BCM as a whole or indeed we can Train your staff in the BCMS system you have implemented – see our Training page for further details.
Let us visit your premises for an initial hour’s chat (free of charge) and we’ll explain further. You will be visited by a professional Business Continuity Management Consultant who is qualified to answer your questions, having passed the Business Continuity Institute's professional exam (with Merit) and having experience of implementing Business Continuity Management Systems in the commercial world.
Glossary of Terms
Please click
here for a glossary of
terms related to Business Continuity Management.
(This glossary
is kindly provided by courtesy of the
Business Continuity
Institute).
Email us on u2us@rkjconsulting.com or call us on 0845 094 87 66 - NOW!
Quick Links to our other Lines of Business:
 |
60% per cent of small businesses have no Business Continuity
Plans. |
|
Research from BT shows that 75% of UK employees either do
not understand what is in their company's business continuity plan
or do not know if their company has one.
|
 |
 |
Some 80% of firms without a business continuity plan will be
bankrupt within five years of surviving a major disaster. -Home Office Website |
|
Nearly 1 in 5 businesses suffer a major disruption every
year. -Expecting the Unexpected 2005, the Home Office. |
 |
 |
A computer virus that carries the message "ILOVEYOU" is disabling computer networks across the UK. One estimate says up to 10% of UK businesses have been hit so far by the bug, which is also being transmitted around the world. BBC News, 4th May, 2000 |