Business Continuity
Business Continuity
Business Continuity Management (BCM) uses an internal lens to identify essential functions, and implements systems to effectively manage incidents and emergencies. These systems include identifying and reducing risks (risk management), managing required staff, equipment and spaces (resource management), and the effective response and recovery from interruptions and emergencies (incident management). The structure of BCM allows trained staff the authority to activate, communicate, pivot resources, and respond effectively to operational interruptions. Deliverables include establishing a program policy, completing risk assessments, buisness impact analyses, and identifying organizational systems that will reduce duplication, costs, and build resilience and adaptability. Results create comprehensive business continuity plans (BCP), also known as continuity of operations plans (COOP).
Goverance: Foundation and Leadership
Business continuity requires leadership endorsement and support to build across an organization. The more complex the organization, the more complex the systems in place must be to ensure activities considered essential are robust to withstand interruptions, and adaptive in capacity to recover quickly from emergencies. Foundation tasks include understanding the organization, its relationship to other stakeholders, legal and regulatory requirements, the establishment of a BCM system, and leadership's BCM policy. The organization's policy will include authority, roles and responsibilities, planning, support (allocated resources), and overall maintenance of the BCM system (program).
Risk Assessment (RA)
Paratus Management follows ISO's risk management standard, which ensure organizations systematically identify risk, establish criteria and assess these against essential functions and tasks (risk assessment); staff must then accept current levels of exposure, or reduce these risks to acceptable levels (risk treatment). Deliverables include a risk assessment methodology, guiding documents, workbooks and workshops; results include a risk assessment report that includes recommendations. The goal is for organizations to apply consistent risk strategies across disciplines, from idenitification and assessment, to analysis and risk-reduction actions.
Business Impact Analysis (BIA)
A comprehensive business impact analysis (BIA) looks at impacts and the effects of disruptions over time, with focus on interdependencies, systems and processes (such as data storage, communications, contracts), to identify inherent vulnerabilities to service areas, processes and systems. These vulnerabilities and gaps may expose the organization during critical times. Deliverables include a BIA engagement strategy, guiding documents, workbooks and workshops; results include summaries of the service areas/business units participating, and an organization-wide summary with recommendations.
Continuity Strategies and Plans
Business areas develop BC strategies based on the Risk Assessment and BIA, and consider options that restore or maintain Essential Services during incidents. Teams focus on services with identified gaps, or have no written procedures, redundancies, and structured support, and those functions with a high risk of failure. Tasks conducted in this phase include establishing organization-wide systems, i.e., communications protocols, incident management system, IT recovery priorities. Business units work to reduce impacts to their essential services, i.e., reducing dependencies, increasing training, updating procedures.
Incident Management System (IMS)
To manage incidents, an evidence-based, consistent, and cohesive incident management system (IMS) should be adopted by medium to large organizations. IMS is also known as the incident command system (ICS) and is adopted by most response agencies, local and provincial/state governments, along with various business sectors and utility agencies. This system aligns with emergency management and BCM standards. Deliverables include providing doctrine, concepts, checklists and forms and working with teams to identify and align with current business practices. Subsequent awareness training materials also available.
BCM Program Maintenance
BCM Programs focus primarily on ensuring established business continuity plans (BCPs), also known as continuity of operations plans (COOPs), remain relevant and useful tools. If a BCP is incomplete or outdated, a business may focus on tasks that are not critical to operations during disruptions; or worse, if contact information is outdated, the plan may fail at the onset of an incident when key staff cannot be informed! In addition to plans being maintained, staff must practice using these plans to validate accurate and compliant with regulations and professional standards. The BCM Program will help teams build plans and facilitate regular training and exercises, reporting regularly to senior management on program activities and progress.
How the Business Impact Analysis (BIA) influences insurance coverage
Business continuity management (BCM) increases an organization's ability to provide risk transfer information discovered through the:
- Analysis Phase of BCM: Organizations conducting a BIA will be able to ascertain the profit losses as well as the amount of fixed costs that must be paid in the event of an incident that triggers an insured peril. This calculation will help quantify the proper amount of Business Interruption Insurance (BI). The BIA similarly helps calculate Contingent Business Interruption Insurance (CBI), and Supply Chain Insurance reimburses lost profits resulting from an interruption of business at the premises of a customer or supplier.
- Strategy Phase of BCM: Extra Expense Insurance provides for maintaining the operations of an insured item after an accident until normal operations can be restored.
You can find this information at DRI International, Inc.