Rather than being simply about a project or developing a “plan”, NetPillar understands that Business Continuity Management (BCM) is an ongoing management process requiring competent people working with appropriate support and structures that will perform when it is most needed.
NetPillar offers a range of services associated with BCM. Our assignments in this area usually involve an initial gap assessment against best practice and peer organisations. Because NetPillar works with a wide array of organisations in improving their Business Continuity Management process, we have established a large database of peer organisations to draw upon. Once the gap assessment is complete we draw up a plan to help organisations transition to a more robust and efficient approach to BCM.
Key features of NetPillar’s approach to Business Continuity Management
- Context – NetPillar helps organisations understand their context. This first step involves getting to know the organisation’s internal and external needs, as well as setting clear boundaries for the scope of the management system. This requires the organisation to understand the requirements of relevant interested parties, such as regulators, customers and staff. It must understand the applicable legal and regulatory requirements. This enables it to determine the scope of the Business Continuity Management System (BCMS).
- Leadership – NetPillar places emphasis on the need for appropriate leadership of BCM. This is so that top management ensures appropriate resources are provided, establishes policy and appoints people to implement and maintain the BCMS.
- Planning – NetPillar assists the organisation to identify risks to the implementation of the management system and sets clear objectives and criteria that can be used to measure its success.
- Support – NetPillar helps the organisation consider the important concept of competence. For business continuity to be successful, people with the appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and to respond to incidents when they occur. It is also important that all staff are aware of their own role in responding to incidents and this clause deals with these areas. The need for communication about the BCMS – for instance in telling customers that the organisation has appropriate BCM in place – and preparedness to communicate following an incident (when normal channels may be disrupted) is also covered here.
- Operations – NetPillar helps the organisation undertake business impact analysis to understand how its business is affected by disruption and how this changes over time. Risk assessment seeks to understand the risks to the business in a structured way and these inform the development of business continuity strategy. Steps to avoid or reduce the likelihood of incidents are developed alongside steps to be taken when incidents occur. As it is impossible to completely predict and prevent all incidents, the approach of balancing risk reduction and planning for all eventualities is complementary. It might be said to, “hope for the best and plan for the worst”.
- Evaluation – NetPillar evaluates BCM performance against the plan. To do this NetPillar helps the organisation select and measure itself against appropriate performance metrics. Internal audits must be conducted and there is a requirement that management review the BCMS and act on these reviews.
- Improvement – No management system is perfect at the outset, and organisations and their operating environments are constantly changing. NetPillar helps to define actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises and so on are appropriately addressed.