What is it?
Business Continuity Management (BCM) is the management process that identifies risk, threats and vulnerabilities that could impact an entity's continued operations.
It also provides a framework for building organisational resilience and the capability for an effective response.
Made up of a number of individual BCM strategies, this document set, when complete, provides a comprehensive basis for the ongoing identification of risks, together with a strategic management plan for their mitigation.
An effective BCM will ensure that capability is established and maintained within an organisation. As the overarching strategic plan it sets out how the individual BCM strategies will be delivered. This will include the assigning of responsibilities, the establishment and implementation of BCM within the organisation and its ongoing management.
A BCM is made up of specific assessments and plans which identify important assets, threats, vulnerabilities, impact and probability. In addition the associated risk mitigation should be noted against the identified assets. Upon completion it is usually held as a document set which typically includes:
Together they provide an organisation with the capability to build in business resilience, adapting quickly to disruptions, maintaining continuous business operations, while safeguarding people, processes and technology.
Why have a BCM process?
Every organisation, from sole trader to large multi-national company, has assets which are essential to the continuation of its business. These assets are likely to include stock, premises and staff as well as IT systems and information. All or any of these assets are at risk of being affected by an incident, whether natural, accidental or deliberate, causing major disruption.
The financial consequences of an incident are likely to be manifold, not least the impact that delays or reputational damage have in providing an opportunity for competitors. BCM provides an organisation with the tools to identify what threats they are likely to face together with a step-by-step plan to ensure that the effect on business function is minimised and, if it is compromised, that it is resumed as quickly as possible.
An independent assessment will provide the basis for a complete set of BCM documents to build resilience into any size or scale of business. Identifying the specific risk profile of a company is the starting point and, through recommendations for a complete BCM document set, a mitigation strategy can be put in place with the capacity for ongoing review to respond to developing threats.