4C Insights

What is Business Continuity Management?

2021-02-19

Business Continuity Management (BCM) has moved higher and higher up the agenda of organisations since the COVID-19 pandemic. But what is Business Continuity Management and how do you make sure you get it right at your organisation?

In short, BCM is a set of policies, processes and plans designed to ensure that an organisation can maintain critical operations during a disruption. The overall objective is to ensure that organisations can uphold essential services at a tolerable predefined level, regardless of the disruption or its timing.

BCM policies, processes and plans are not reactive, but rather proactive measures that are put into place prior to a disruption based on an organisation’s risk appetite and potential threats, to safeguard operations brand reputation. BCM should be considered as a continuous cycle of measuring business continuity capabilities across an organisation, defining gaps, and developing an executable programme of continuous improvement.

A tailored Business Continuity plan can give a business a competitive advantage. Unprepared businesses must focus their energies on managing the disruption, while those that are more resilient can continue to focus on securing and even growing revenues.

"We wanted to look beyond the traditional BCM norms with a focus on better anticipating future business risk, while having solid foundations to minimise the risk of whatever unprecedented issues and potential threats may arise. This led us to work with 4C Strategies."
Bernie Auguste, Director of Security and Resilience, Openreach

ISO 22301 Business Continuity Management Standard

The second edition of The International Standard for Business Continuity Management ISO 22301:2019 defines the purpose for BCM as to ´prepare for, provide and maintain controls and capabilities for managing an organisation’s overall ability to continue to operate during disruptions.´ It then goes on to list different organisational benefits including:

  • supporting its strategic objectives
  • protecting and enhancing its reputation and credibility
  • contributing to organisational resilience
  • reducing direct and indirect costs of disruptions
  • protecting life, property and the environment
  • demonstrating proactive control of risks effectively and efficiently
"4C Strategies have contributed to our business continuity management and strategic crisis programme with their expertise as well as with their flexible and innovative working methods. This was key in preparing us for the ISO 22301 certification of our production facilities"
Niclas Johansson, Global Business Continuity Manager, Cytiva - GE Healthcare Life Sciences

Supporting standards for Organisational Resilience

Beyond ISO 22301 there are a number of other standards that pertain to effective BCM that should be acknowledged and followed where appropriate by an organisation to increase resilience to disruptions. These include:

  • BS 11200 – a crisis management standard for building a strategic capability. It is designed for stakeholders ­– policy decision makers, risk and BCM managers, senior management, etc. – that are involved in growing capabilities that can impact an organisation’s objectives, reputation, or operations. Although a British Standard, it is equally relevant for non-British organisations.
  • ISO 27031IT continuity and cyber security are now central to any BCM strategy. The ISO 27031 standard includes the concepts and principles of information and communication technology (ICT) readiness. It also provides a framework for identifying, categorising and improving ICT readiness – through such things as performance criteria and design – to support business continuity.
  • ISO 22318 – Supply chain management is vital for many organisations. For those industries and organisations whose business is intrinsically tied to a supplier of services or products, following ISO 22318 guidelines can prove extremely beneficial for mitigating the impact of a major disruption.
  • BCI Good Practice Guidelines – All BCI certification is based on the Good Practice Guidelines, a practitioner-driven information source for individuals and organizations seeking an understanding of business continuity as part of their awareness raising campaigns and training schedules.
  • For registered actors within the UK financial services sector, the soon to be implemented operational resilience regulations must also be considered. Operational resilience shifts focus from the actor, typical in BCM and incident management approaches, to the resilience of the important business services being offered.

The Business Continuity Institute (BCI) refers to Business continuity Management as a framework embedded into an organisation to identify threats and the impact to operations they pose. A BCM plan is then created and continually validated with the goal of enabling you to re-establish business operations as quickly as possible in the event of a disruption. A number of 4C consultants are certified to FBCI, MBCI and CBCI level, based on their extensive experience and training as business continuity practitioners.

To find out more about BCM and COVID-19 you can view the 4C webinar From Compliance to Capability – what does “good” look like in a post-COVID era? on the BCI website.

Three pillars of organisational resilience

Business Continuity Management is a governance issue that together with Enterprise Risk Management (ERM) and Incident & Crisis Management (ICM) interrelate and create organisational resilience. These are the three key pillars that should form part of any organisation’s resilience program as can be seen in the 4C Strategies Resilience Model below. The model also includes the key foundational attributes of any proactive resilience plan, namely cybersecurity and capability development.

Major disruptions – the need for effective BCM

Regardless of industry – public or private – all organisations can be subject to a major disruption at any time. Increased dependencies on IT and the security risks that come with it, as well as the growth in disinformation by antagonists, means the risks of incidents and major disruptions are greater and closer than ever before. Thus, building resilience is essential.

Major disruptions can be classed into the following categories:

  • Supply chain disruptions
  • Cyber-attacks and disinformation
  • Natural disasters
  • Loss of key data
  • Loss of essential staff
  • Large-scale workforce disruptions
  • Major disruptions at facilities
  • Political upheaval in key markets

Regardless of the disruption it’s important to follow the activity steps – as seen below – to manage the response. At each point it’s advisable to assess the organisation’s response before moving ahead.

A structured BCM strategy for increased resilience

  • Implementing a structured BCM strategy across an organisation will have an extensive impact on an organisation’s eco-system, which brings with its wide-reaching benefits on multiple levels.

    Organisational – Deploying a structured framework across departments, business units and/or production facilities – as opposed to using diverse and tailored BCM processes – make it easier to compare risks and capabilities and define where actions should be taken to assure business continuity.

    Operative – With a better and unified understanding of holistic and fine-grained risks and readiness capabilities, an operative plan can be developed to mitigate risk where the biggest gaps exist. These can be ranked by importance based on the potential impact and likelihood of occurrence vs the value they add to operations. Budgeting can be developed based on BCM and incident readiness plans.

    Regulatory – With a standardised BCM methodology you can ensure and prove that facilities follow the same framework and meet regulatory requirements. Updates to regulations can be easily incorporated centrally and implemented organisation-wide.

    Production – In an organisation with multiple facilities or a large proportion of staff working remotely, having a standardised BCM framework is critical. If, for instance, IT continuity issues are identified at one unit or within certain processes, steps can be put into place and implemented locally or globally to improve cyber resilience. Such issues may not be identified if fragmented BCM processes exist.

    Customers – A standardised BCM framework highlighting that your organisation can withstand major disruptions can prove invaluable to customers. Knowing that you have the processes in place that safeguard production and delivery of goods, builds a new sense of trust among customers.

    Suppliers – The implications on suppliers can be considerable. You may identify continuity risks among your suppliers in the event of a major disruption. The upshot of this can be that suppliers have to prove they can guarantee products or services, supplier KPI and SLAs change, or new, more resilient suppliers are contracted.

Digitalising Business Continuity for more effective results

The Exonaut® Business Continuity Manager, is a web-based and mobile solution designed to digitalise, test and invoke business continuity plans. Exonaut BCM forms part of the Exonaut readiness management platform, with fully integrated solutions for risk management, incident and crisis management, compliance management and training and exercises.

Discover more

Learn how we can help build your organisational resilience with our services and software solutions.
Request a free demo, initial consultation, or get in touch to help find the solution for your needs.
I want to
Request a demo Get in touch Request a consultation

Request a demo

Learn how we can help build your organisational resilience with our software solutions.
I want to
Request a demo
Request a demo Get in touch Request a consultation

    Solutions of interest

    To learn more about how 4C Strategies process data, please read our privacy statement.

    I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.

    Get in touch

    Please contact us if you have questions or would like help to find the solution for your needs.
    I want to
    Get in touch
    Request a demo Get in touch Request a consultation

      To learn more about how 4C Strategies process data, please read our privacy statement.

      I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.

      Request a consultation

      Learn how we can help build your organisational resilience with our services and software solutions.
      I want to
      Request a consultation
      Request a demo Get in touch Request a consultation

        To learn more about how 4C Strategies process data, please read our privacy statement.

        I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.

        Message sent

        Your message is being processed successfully! We will be back to you at our soonest opportunity.

        Implementing a BCM strategy – a lifecycle perspective

        Whether you are looking to implement business continuity management methodology for the first time or wish to make BCM a part of everyday operations – something that has become more common since the pandemic struck – taking a lifecycle perspective is essential. This will ensure the organisation remains resilient even when operations change, new trends evolve or the political sphere alters.

        Any BCM strategy must consider how business continuity policies will be implemented, controlled and validated at organisational and unit level to ensure success. The 4C BCM methodology is ideal for this.

        The 4C BCM methodology

        • Governance and Policy: Defines how organisational policy relating to business continuity will be implemented, controlled and validated.

          Analysis: Operations, objectives and constraints are reviewed and assessed.

          Design: Appropriate strategies and solutions are selected that determine how to achieve continuity and recovery from a disruption.

          Implementation: Agreed strategies and solutions are executed in the form of a business continuity plan.

          Validation: The business continuity plan is tested to ensure it is fit for purpose and that staff are familiar and confident in its application during a disruption.

          Embedding: Business continuity is integrated into business-as-usual (BAU) activities and organisational culture.

        Get started: Increase organisational resilience with effective BCM

        At 4C Strategies we can help you get started with BCM or help you grow your BCM capabilities. With over 20 years of experience we offer a unique  combination of expert consultant services with leading BCM/organisational resilience software to support your organisation. From the public sector, to international finance institutes to global manufacturers and telecom providers, we can help any organisation to be better prepared for the current or next major disruption.

        Contact us to find out more.

        Discover more

        Learn how we can help build your organisational resilience with our services and software solutions.
        Request a free demo, initial consultation, or get in touch to help find the solution for your needs.
        I want to
        Request a demo Get in touch Request a consultation

        Request a demo

        Learn how we can help build your organisational resilience with our software solutions.
        I want to
        Request a demo
        Request a demo Get in touch Request a consultation

          Solutions of interest

          To learn more about how 4C Strategies process data, please read our privacy statement.

          I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.

          Get in touch

          Please contact us if you have questions or would like help to find the solution for your needs.
          I want to
          Get in touch
          Request a demo Get in touch Request a consultation

            To learn more about how 4C Strategies process data, please read our privacy statement.

            I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.

            Request a consultation

            Learn how we can help build your organisational resilience with our services and software solutions.
            I want to
            Request a consultation
            Request a demo Get in touch Request a consultation

              To learn more about how 4C Strategies process data, please read our privacy statement.

              I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.

              Message sent

              Your message is being processed successfully! We will be back to you at our soonest opportunity.

              More Insights

              Message sent

              Your message is being processed successfully! We will be back to you at our soonest opportunity.

              Thank you!

              You are now registered.

              Download pack

              Photo credits

              License

              Choose size
              • Original image
              • Large image (2900px)
              • Medium image (1920px)
              • Small image (1024px)
              DOWNLOAD