What is Business Continuity Management?
Business Continuity Management (BCM) ensures your organisation is prepared to deal with an unexpected event which may adversely affect your ability to deliver your services. BCM is essentially preparing for the unexpected and ensuring your teams know what to do in the event of a serious incident and effective processes and systems are in place to enable you to minimise any impact on services.
Why do I need to implement BCM?
An unplanned incident, whether natural, accidental or deliberate could cause significant disruption to your business. If the worst happens and a significant operational outage occurs, your organisation may suffer from considerable service credits, loss of reputation or even customers terminating due to contract breach. BCM can also be used as a selling point – evidence of planning is often required in customer proposals – and BCM can also be used as a differentiator.
When would you implement BCM?
BCM can be implemented at anytime, and as ‘prevention is better than cure’ it’s better to start working on a plan, no matter how basic.
How do you implement BCM?
A basic BCM plan is relatively simple to implement. HawkCX will start by helping you consider your organisation’s key services. Following that the critical activities and resources required to deliver the services are established. We then review the risks to these critical and finally we establish the plan to maintain those critical services in the event of an unexpected event.
What steps does HawkCX take to establish BCM?
- There are six steps in the process:
Understand the objectives and scope of the BCM – we’ll start by establishing what you want to achieve from your BCM and what services, activities and parts of the organisation are in-scope. We’ll also need to know who is responsible for BCM in the organisation and the key people who will help implement the plan and also the person responsible for its on-going management.
- We will then establish if any BCM already exists in your organisation – often some plans already exist, but perhaps they are out of date. We don’t want to reinvent the wheel so we’ll incorporate these existing plans in our review.
- We then set about reviewing the services and resources that need to be protected. We use a tool called Business Impact Analysis which identifies:
– your organisation’s key services, critical activities and supporting resources;
the maximum length of time you can manage a disruption to each key product/service; and
– the resources required to resume the services.
At this stage we also establish the possible events that could impact an activity and resource used to deliver services. These events are risk-assessed by reviewing their likelihood of occurrence and impact. This enables us to focus on the high risk events.
- Having established the high-risk areas, we work with your teams to work out what actions would be required to maintain critical resources during an event. For example you might decide to cross-train some staff so they can cover for each other during absence of key individuals, or you may decide to establish a back-up control room.
- We are now in a position to write up a Business Continuity Plan, ensuring the roles, responsibilities, contingency plans and resources are documented so they can be used for future reference, sharing with key individuals and teams, training, and if necessary during an event itself.
- The final step involves exercising the plan – akin to a fire drill. This is done to ensure key people understand, and can practice, their roles, and the plans are tested. Exercises can vary from small exercises for a single team to large exercises involving customers and suppliers. The important point is to ensure plans are effective and people understand their responsibilities.