At the time of an incident, it is already too late for an organisation to protect its critical assets. Investigations attribute disasters to the inability of organisations to identify the risks they faced, to properly evaluate, communicate, and address them.
- Investigations attribute disasters to the inability of organisations to identify the risks they faced, to properly evaluate, communicate, and address them.
- The Disaster Recovery Preparedness Council’s Report says 3 out of 4 of the companies surveyed failed from a DRP standpoint. 20% had suffered $50,000 to $5 million dollars in downtime losses.
- If you can’t bring your business back to normal operations in a little over a week, your chances of business survival plummet (insert quote and reference point)-Aberdeen group report
- Quorum Report 55% of disaster-related downtime stems from hardware failure, 22% from human error, 18% from software failure and FEMA studies concluded that25% to 45% of businesses don’t reopen after a disaster
Why is BCM a struggle with standard technology?
- Data and information relevant to BCM are scattered across too many places to allow key insights.
- The problem today is that many organisations have the choice of using either spreadsheets or complicated and expensive Risk Management or GRC systems to manage their risk and business continuity.
- Competing systems are expensive to purchase and maintain and have too many features making these systems complicated to use.
- The alternative is spreadsheets, which is outdated and dangerous as spreadsheets have:
- Limited control over changes, Limited error checking when a change is made, No versioning and Limited reporting and analysis to name a few.
Who is involved?
|Commercial companies producing goods and services||Mission/business owner|
|Individuals with oversight responsibilities in risk management||Individuals with information system, security oversight responsibilities|
|EXCO, risk executives||Individuals with development responsibilities|
|Individuals responsible for conducting business-critical functions||System designers, developers, integrator|
|Business owners, information owners, authorising officials||Individuals with monitoring responsibilities|
|Individuals with operational responsibilities||Auditors, inspectors, assessors, analysts|
Early efforts towards BCM started in the 1980s and early 1990s when contingency planning and disaster recovery were initiated by the information technology professionals as a response to the loss of data from natural disasters and terrorism which could affect businesses. More recently, the International Organization for Standardization has introduced a standard to control BCM, ISO 22301, to try to bring a more standardised approach to how companies perform today, we realise that not only IT data needs to be safeguarded, so Business Continuity Management (BCM) is an organization-wide discipline. The goal of BCM is to identify the risks and hazards that could impact an organisation’s operation, strategy, or reputation. After identifying these threats, the business can then build a set of procedures, processes, and systems that will both reduce the likelihood of an incident occurring, and create a Disaster Recovery Plan which will deal with any disruptions that could occur.
ISO 22301 is a management systems standard for BCM which can be used by organisations of all sizes and types. These organisations will be able to obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM. ISO 22301 also enables the business continuity manager to show top management that a recognised standard has been achieved.
TIME FOR A BCMS
A Business Continuity Management System allows your organisation to gain control of it continuity by documenting & maintaining your Business Impact Assessment (Products & Services, Processes, Resources), understanding your Risks and manage its Controls. Be able to react to an incident promptly, with BCPs and Event Management.