Business Continuity Management
Business continuity management (BCM) is the management process that identifies potential threats to an organization and the impact to business operations that those threats, if realized, might cause. One reality of today’s competitive economy is that businesses are expected to remain available even during periods of crisis. At the same time, an increasingly uncertain world means the list of eventualities grows larger each day.
All organizations might be subject to disruptions; this may include technology failure, flooding, utility disruption, fire or terrorist attack — one of the best ways to manage risk and maintain continuity is by implementing flexible, scalable processes that can be adapted to any situation.
Why Adopting BCM Standards Matters
Adopting a set of internationally recognized best practices for business continuity management is the most effective way to manage risk. Standards such as ISO 22301 and PS-Prep are available to any organization (or its parts) regardless of their size, scope or complexity, that wishes to manage their overall business risks and develop the capability to plan for, and respond to, incidents and business disruptions.
The consequences of unexpected business disruptions may be far-reaching and might involve loss of life, loss of assets or income, or the inability to deliver products and services on which the organization’s survival might depend. By proactive identification of the impact of disruption, Implementing a business continuity management system can help an organization to proactively consider the impact of disruption and identify those products and services that are crucial for the organization’s existence, and help to establish what responses will be needed if a disruption occurs.
ISO 22301 Compliance
ISO 22301 is a management systems standard for BCM which can be used by organizations of all sizes and types. It specifies requirements for setting up and managing an effective business continuity management system, and provides the capability to adequately react in case of disruption. Like many ISO standards, it is generic in nature and can be adapted to fit the needs of businesses or organizations in any industry. Based on a process of continual improvement, ISO 22301 is implemented and refined over time to further improve efficiency and effectiveness.
Some of the key requirements of ISO business continuity compliance include:
- Risk assessment — Meeting this requirement involves conducting a formal risk assessment that identifies, analyzes and evaluates the risks associated with a business continuity failure.
- Developing a business continuity strategy — A business continuity strategy provides a broad framework for organizational risk tolerance, including a maximum acceptable recovery time for critical activities and assets.
- Drafting business continuity procedures — Following the development of a broad business continuity strategy, organizations must establish procedures for meeting the objectives. These include communications protocol and specific instructions for responding in the immediate aftermath of a disruption. BCM procedures must be flexible enough to respond to changing conditions as necessary.
- Ongoing testing — Regular testing is an important part of ISO business continuity certification. Organizations must commit to an ongoing cycle of exercising and refining their processes over time.
PS-Prep, the Private Sector Preparedness Program, is a collaboration between the US Dept. of Homeland Security and the private sector focused on the promotion of readiness and to encourage the creation of management plans so that private-sector organizations can continue to function in the event of a disaster or national emergency. PS-Prep provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, premises, technology, brand and reputation.
PS-Prep is a voluntary program based on ASIS International SPC.1-2009, ISO 22301 and NFPA 1600 standards. It provides a scalable, repeatable framework for organizational resilience in the event of an emergency or disaster, with a focus on business continuity and crisis management.
How NQA Can Help
As one of the most respected quality assurance registrars in the world, NQA provides businesses with a single point of contact who will walk them through the auditing process required to achieve compliance with ISO 22301, PS-Prep or any other business continuity management certification.
For more than two decades, we have been exceeding the expectations of clients in more than 75 countries. Our auditors are respected around the world, and we offer focused, local insights that respect your processes and don’t try to force unnecessary controls onto them. We offer competitive pricing for all services and a commitment to collaboration to implement protocol that truly works for your business.
To learn more about the certification process and how we can help, contact NQA today.