Protecting your organisation from the potential effects of natural or man-made events is critical. It is necessary to put in place robust plans and arrangements that will help you to respond and recover within acceptable timeframes following a disruption and to ensure that your customers, brand, reputation and priority activities are maintained.
Successful implementation of a BCM program requires senior management engagement from the beginning, supported by an effective framework that will establish expectations and governance oversight according to the business continuity objectives of the organisation.
We are experts in getting BCM programs off the ground. We will assist you to lay a solid foundation for an effective BCM program by establishing a BCM policy, the terms of reference for the BCM steering committee, the methodology and tools required for plan development, and the metrics for measuring and reporting performance. We will engage with senior management to ensure that the goals and objectives of the BCM program are aligned with the strategic objectives and priorities of the organisation.
Business Impact Analysis (BIA) is one of the most important elements of the BCM life-cycle and forms the cornerstone of the BCM program. The BIA seeks to provide an understanding of how the organisation delivers its products and services, its dependencies on people, technology and facilities, and interdependencies with supply chains. The BIA assesses the costs of disruption to the organisation over time and prioritises the business activities and services for recovery before the development of response strategies and plans.
We will work with you to scope, design and facilitate a BIA, capture and analyse the data, and report on the findings in a way that resonates with senior management. The recovery priorities, maximum tolerable period of disruption (MTPD) timeframes for each business activity, and resource dependencies will be clearly articulated. These will feed into the response strategies and plan development in later phases of the BCM life cycle.
Response plans provide guidance to the organisation on what needs to be done throughout the response process, ranging from the initial incident response through to crisis management, business continuity and long term recovery. They provide concise information to support decision making, communications and coordination but must be flexible and robust enough to deal with all types of incidents.
We do not take a pro forma approach to writing response plans but will customise the plans to suit the needs and practices of the organisation. We facilitate workshops with response teams to guide them through the writing process and in doing so, build ownership and increases awareness of the plans within the teams. The plans are action cards and checklists driven, and are thoughtfully designed to provide quick access to information and ease of maintenance.
The time to find out if your business continuity arrangements actually work is not during a real life incident. Exercising helps to validate the completeness, accuracy and relevance of business continuity strategies and plans, and assesses the organisation’s capacity and capability to respond and recover within expected timeframes before a disaster strikes. In addition, exercising provides critical training to response personnel and helps to confidence in their abilities to respond to an actual incident.
We will assist you to develop a multi-year exercise program to progressively build and sustain core response capabilities that focuses on continual improvement over time. We will also design, prepare and facilitate specific exercises using realistic and challenging scenarios that will test and validate every aspect of the response process, including incident response, crisis management, business continuity, and long term recovery. We will facilitate a de-brief after an exercise to identify lessons learned and opportunities for improvement to enhance the preparedness and resiliency of the organisation.
An independent review of the BCM program provides senior management useful feedback on how the program is progressing and what needs to be done to bring the state of preparedness to the next level. It provides a yardstick to confirm if the program is aligned with good professional practice and international standards, if the organisation is in compliance with regulatory requirements, and if stakeholders’ expectations are met.
We will conduct an objective review on the current state of your BCM program and check for gaps and opportunities for improvement. We will identify any areas where expectations are not met or are not in compliance, and provide detailed recommendations for remedial actions and a road map for advancement of the BCM program.
The ISO22301 BCM standard is designed to provide guidance in the implementation of a business continuity management system (BCMS) that will prepare and assist an organisation to recover in a timely manner following a disruption. An organisation that is certified to ISO22301 can demonstrate to its customers, business partners, regulators and other stakeholders that it has put international good practice in business continuity at the forefront of what it does. It shows that the organisation has taken appropriate steps to build resiliency, equip itself to survive a disruption and protect the interests of its business, customers and stakeholders.
Riskwest consultants are qualified ISO22301 Lead Auditors and Implementers, and are well positioned to prepare and guide organisations successfully through the certification process. We will ensure that you fully understand the ISO22301 requirements and will carry out a pre-audit gap analysis of your existing BCMS against the standard and identify areas that require more work prior to the auditors carrying out a formal assessment. This will help ensure a successful audit and save you time and money.
Executive leadership is paramount for effective response and management of complex and unpredictable events that threaten to harm people, business interests and reputation of an organisation. Crisis management is a critical organisational function aimed at preventing and minimising the damage that a crisis can inflict on an organisation. It involves identifying and reducing known risks that could lead to a crisis before it happens, preparing plans and developing organisational capabilities for responding to a crisis, and providing effective leadership, decision making and communications when a crisis actually happens.
Riskwest assists organisations to prevent, prepare for and respond effectively to complex and unpredictable events that may adversely impact the organisation. Our services include