The Issue
A Business Continuity Management System (also called a “Business Continuity Program”) is a management-approved library of processes and procedures that collectively define the resources and tasks required to organize and manage a response to the event and, as necessary, recover functions critical to the survival of an organization within acceptable timeframes. In other words, the BCMS documents what a company needs to do, and in what timeframe, to “get back on its feet” following a disruption.
The BCMS is comprised of several separate parts, each of which serves a particular function in the overall response and recovery scheme. In broad terms, the parts may be categorized as “planning and administrative” or “operational.” The former category typically includes a Program Governance document, a Business Impact Analysis (BIA) report, and a Risk Assessment report. The “operational” elements include an Incident Management Plan, Business Continuity Plans (BCPs), a technology focused Disaster Recovery Plan, Emergency Response Plans, and a Crisis Communications plan.
The BCMS documentation library, and the processess used to create the documents, are intended to help organizations prepare to respond to a variety of incidents in an organized and professional way. Many companies believe that once they have a fully documented program, they are covered should an emergency hit. Howver, short of invoking the program in an actual emergency, you don’t know for certain if your plans will work. But there are two things you can do before a disaster strikes to determine the soundness of your BCMS: test the it in a controlled situation, and have an objective third party assess the program.
What You Should Know
An emergency is any unplanned event that disrupts or threatens to disrupt an organization’s business operations. Emergencies include a wide range of occurrences including events that cause death or injury to employees, customers or the public, shut down the business, disrupt operations, cause physical or environmental damage, or threaten an organization’s financial standing or public image. Emergencies could be relatively minor incidents such as loss of electrical power or short-term loss of access to the office, or could be something that partially or completely destroys the company’s premises, such as a fire, bombing, or earthquake. An emergency could also be an event that doesn’t affect the company’s physical presence, per se, but which impacts it nonetheless, such as the public health risks associated with epidemics or pandemics. Every year, emergencies take their toll on businesses worldwide. Fires, earthquakes, hurricanes, violence in the workplace, loss of computer files, or something as trivial as a broken sprinkler head can create havoc and cost millions. How your enterprise reacts to an emergency can make a difference to the continued success of the company. Businesses that develop and maintain a BCMS can limit injuries, return to work more quickly, and reduce financial loss. Having an effective BCMS enables them to:
- Respond to emergencies in an organized and practiced manner.
- Ensure that critical business functions are restored within specified timeframes.
- Identify the people, resources, and actions that need to be performed.
- Respond effectively and adapt quickly to the changing circumstances of an emergency.
How Can EMSS Help?
Following such standards as ISO 22301, NFPA1600 (National Fire Protection Association Standard on Disaster/Emergency Management and Business Continuity Programs), and BCI (Business Continuity Institute) good practice guidelines, EMS Solutions can provide the objective BCMS assessment you need to uncover any program gaps, inconsistencies, single-points-of-failure, or conflicting interdependencies in your plans. An assessment may be tailored to address specific needs or areas of concern, but will typically include:
- Assessment of progam-level policies, goals and objectives, roles, responsibilities and authorities, management oversight processes, and continuous improvement protocols.
- Review of all operational elements of the program
- Evaluation of program validation procedures (e.g. testing and training).
EMSS can also assist in developing a comprehensive BCMS for your organization.