Business Continuity Management, Cyber Security & IT Continuity
Preparing a global manufacturer for ISO accreditation
February 10, 2022
Manufacturing
Background: In early 2019, an international manufacturing company employed 4C Strategies to identify gaps in its current Business Continuity Management System (BCMS) and make recommendations prior to seeking ISO 22301:2012 accreditation (the international Standard for a Business Continuity Management System).
Challenge: Although the company possessed extensive Health and Safety expertise and experience, there was less focus on business continuity. External help was sought to aid the company in obtaining ISO 22301 accreditation.
Solution: 4C Strategies was able to conduct a gap analysis using Exonaut®, focusing on a review of BCM documentation and information provided electronically and via interviews with relevant key individuals and subject matter experts.
Benefits: The results of the gap analysis provoked internal activity within the organisation to identify current-state compliance to the ISO 22301 standard. The findings were then used to inform subsequent decision-making in their BCMS readiness prior to seeking ISO 22301 accreditation.
Customer: An international manufacturer of semiconductor vacuum and abatement solutions
Selecting the right tools for Business Continuity Management
The key to the success of the project was the provision of Exonaut® and its capability as an integrated platform to manage the requirements of the different entities reviewed, including:
structured and efficient gap analysis and observation planning,
dynamic and flexible delivery options,
real-time evidence-based assessment and evaluation, irrespective of location (observations were taken remotely at the organisation’s sites and at 4C offices).
Design, delivery and evaluation
Each aspect of the gap analysis cycle, from design, development and delivery through to evaluation, was powered by Exonaut. The software’s capability to operate across multiple operating systems (Windows, Android, iOS) and devices enabled 4C evaluators to input observations in real-time and to monitor ISO 22301 compliance throughout the interview and document review process.
Asking the right questions about business continuity
The review utilised a standard question set, developed by 4C over a number of years. The questions were designed not only to determine compliance with the ISO standard, but also to cross-reference with the Business Continuity Institute (BCI)’sGood Practice Guidelines.
The question set was broken down into levels, with the first level establishing a theme or area, and the second level featuring a question designed to look at a specific part of that area or theme. There were six main themes or areas in the set:
Context or the organisation
Leadership
Planning
Support
Operations
Performance Evaluation
Read more about business continuity
What is Business Continuity Management?
Business Continuity Management (BCM) has moved up the agenda of organisations since the COVID-19 pandemic. What is Business Continuity Management and how do you make sure you get it right at your organisation?
A best-practice business continuity maturity model
A best-practice BCMS maturity model was used as a baseline for the comparison of relevant documentation, in addition to the scoring of interview responses. The maturity model required each question to be scored between one to six, in order to identify current levels of maturity by theme or area. In time, this data could be used as a benchmark to assess other areas of the business.
Methodology
There were two methods used to conduct the review. The first of which was the facilitation of short interviews with identified key personnel and subject matter experts, to ascertain their perception and knowledge of current BCMS capability. The most relevant questions from the question set were pulled in to make a specific question set for each interview.
The second method took the form of a detailed review of current BCM documentation using a list provided by the organisation.
Throughout the two methods and processes, observations against each question were made, including a score against the maturity model, plus comments and recommendations.
Analysis and assessment
Once all required data had been captured, either through interviews or documentation review, a number of observations were made against each question. These were then used to provide assessments against a theme or area. Finally, all assessments and observations were gathered to provide an overarching assessment for the report. Data captured using Exonaut could then be used for benchmarking future reviews of other operational areas.
Evaluation
The Exonaut Observer (OBS) mobile app enabled 4C Strategies consultants to capture observations in a consistent format, linked to real-time assessments with identified overarching objectives. Consultants were equipped with smartphones and tablets to capture data and build a fully auditable evaluation set for real-time analysis and post-exercise reviews.
The evaluation process began by reviewing all observations that had been made through the course of the project against a particular objective. Exonaut then facilitated the gathering of those observations into a single assessment. The grades applied throughout the project were also reviewed with a final grade, at the objective assessment level.
Get in touch
Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.
Related Case Studies
Business Continuity Management
Priority planning in an energy crisis with a National Energy Authority
Discover how 4C is supporting Styrel to map, prioritise and protect electricity-dependent critical societal functions.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookies are needed for correct functionality of the site.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Marketing Cookies
This website uses Google Analytics, LeadFeeder and MixPanel to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!