Introduction to BCM

The main purpose of any business is to provide the highest quality of services or products to their clients or customers. Any disruption in this purpose can affect the viability of the business to continue its activities. Nearly 1 in 5 businesses suffer a major disruption every year. The key point here is to prepare your business for such an eventuality. How quickly you manage to recover from such an event depending on the maturity of your Business Continuity Management (BCM) process. You must also avoid the common pitfall of treating your Business Continuity process as just document that ensures redundant IT infrastructure.

BCM is defined as:

'A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.' (Business Continuity Institute, 2001.)

The most important difference between an effective and non-effective BCM is senior management commitment. It is important that someone or a group of people within the senior management must take ownership of the BCM.

Methodology

Contact us for our detailed BCM Methodology

We may provide you with consultancy services for your BCM process at various stages. You may just be starting out on the BCM initiative, or you may have already completed the process and have a Business Continuity and/or Crisis Management Plan in place. We can help ensure that your BCM is effective, reliable, and fit-for-purpose at each stage of the process. This Methodology is based on the Business Continuity Institute's Good Practice Guidelines (based on PAS 56)

Business Continuity Management Methodology (BCM):

1. Formulate a Steering Committee with adequate representation from senior management. Also determine one person from senior management who will take ownership and responsibility for the BCM process
2. Study and Analyze the business of the organization
• Business objectives and strategies - the objectives of the BCM must be aligned with these
• Determine the deliverables (products and services) of the business
• Determine the Mission Critical Activities (MCA) that are necessary for the business to continue delivering its products or services
3. Carry out a Business Impact Analysis (BIA)
• Determine inter-dependencies of the MCA on other processes within the organization
• Determine the owner of the MCA
• Determine resources required for the MCA to function
• Determine single points of failure for the MCA
• Determine business impact due to loss, disruption or interruption of the MCA
• Determine Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for each MCA
4. Carry out a Risk Assessment (RA)
• Determine Threats that may impact the MCA of the organization
• Determine Vulnerabilities that may cause the threat to materialize
• Determine Probability of the Threat
• From the Impact derived in the BIA exercise, and the Vulnerability and Probability figures arrived at in this step, determine the risk levels to each MCA
5. Formulate a Risk Treatment Plan for the risks, depending upon the risk appetite of the organization - Transfer, Accept, Reduce or Avoid the risk
6. Document and develop the following:
• Business Continuity Plan
• Resource Recovery Solutions and Plan
• Crisis Management Plan
7. BCM Training and Awareness
8. Testing, Maintaining and Auditing the BCM process
9. Continuous Management of the BCM, based on the PDCA (Plan, Do, Check, Act) cycle

Why Titanium?

Our team of experts has thorough knowledge and understanding of the Publicly Available Specification 56 for the development of your organization's Business Continuity Management Process. We will ensure that your BCM is comprehensive, reliable, tested, and fit-for-purpose.