Selecting the right tools
The key to the success of the project was the provision of Exonaut® and its capability as an integrated platform to manage the requirements of the different entities reviewed, including:
- structured and efficient gap analysis and observation planning,
- dynamic and flexible delivery options,
- real-time evidence-based assessment and evaluation, irrespective of location (observations were taken remotely at the organisation’s sites and at 4C offices).
Design, delivery and evaluation
Each aspect of the gap analysis cycle, from design, development and delivery through to evaluation, was powered by Exonaut. The software’s capability to operate across multiple operating systems (Windows, Android, iOS) and devices enabled 4C evaluators to input observations in real-time and to monitor ISO 22301 compliance throughout the interview and document review process.
Asking the right questions
The review utilised a standard question set, developed by 4C over a number of years. The questions were designed not only to determine compliance with the ISO standard, but also to cross-reference with the Business Continuity Institute (BCI)’s Good Practice Guidelines.
The question set was broken down into levels, with the first level establishing a theme or area, and the second level featuring a question designed to look at a specific part of that area or theme. There were six main themes or areas in the set:
- Context or the organisation
- Performance Evaluation
A best-practice BCMS maturity model was used as a baseline for the comparison of relevant documentation, in addition to the scoring of interview responses. The maturity model required each question to be scored between one to six, in order to identify current levels of maturity by theme or area. In time, this data could be used as a benchmark to assess other areas of the business.
There were two methods used to conduct the review. The first of which was the facilitation of short interviews with identified key personnel and subject matter experts, to ascertain their perception and knowledge of current BCMS capability. The most relevant questions from the question set were pulled in to make a specific question set for each interview.
The second method took the form of a detailed review of current BCM documentation using a list provided by the organisation.
Throughout the two methods and processes, observations against each question were made, including a score against the maturity model, plus comments and recommendations.
Analysis and assessment
Once all required data had been captured, either through interviews or documentation review, a number of observations were made against each question. These were then used to provide assessments against a theme or area. Finally, all assessments and observations were gathered to provide an overarching assessment for the report. Data captured using Exonaut could then be used for benchmarking future reviews of other operational areas.
The Exonaut Observer (OBS) mobile app enabled 4C Strategies consultants to capture observations in a consistent format, linked to real-time assessments with identified overarching objectives. Consultants were equipped with smartphones and tablets to capture data and build a fully auditable evaluation set for real-time analysis and post-exercise reviews.
The evaluation process began by reviewing all observations that had been made through the course of the project against a particular objective. Exonaut then facilitated the gathering of those observations into a single assessment. The grades applied throughout the project were also reviewed with a final grade, at the objective assessment level.
Get in Touch
Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.