In every company, regardless of industry and size, there are critical business processes. If these processes are disrupted, interrupted or prevented by extreme events, the survival of the company can be jeopardized. Ensuring the functionality of critical business processes, maintaining day-to-day operations during or after a threat event, is the goal and benefit of business continuity management (BCM). Read more about the holistic management approach to better face future states of emergency.
CONTENT
- What is Business Continuity Management (BCM)?
- Business Continuity Management System according to ISO 22301
- A question of organizational culture
- Risk management as a possible basis for BCM
- Why does Business Continuity Management make sense?
- Clearly recognizable need for action
- What are the advantages of a BCM?
- Six tips for implementing business continuity management
- Resilient thanks to Business Continuity Management - Conclusion
- DQS - Simply leveraging Quality.
What is Business Continuity Management (BCM)?
States of emergency are an enormous challenge for every company. Outsourcing, diversified supply chains, interruption of energy supply, complete failure of IT processes and last but not least a pandemic like Covid-19 are just a few buzzwords that can lead to events with far-reaching effects - whether for an individual company, an industry or on a global scale. Emergencies usually come without warning. And all unforeseeable events have one thing in common: their existence-threatening character. It is not the event itself that is decisive, but the impact it has on the affected company. This makes preventive emergency and crisis management all the more important in order to be well prepared for an emergency.
Business continuity management (BCM) is a holistic management approach. Companies recognize which are their critical, organization-deciding key processes and values and how they can protect these from harmful influences or ensure the greatest possible reliability. By acting and communicating at the right time, by planning and practicing systematically, and by being able to respond effectively even in a state of emergency, companies thus gain the trust of their most important customers and partners.
Business Continuity Management System according to ISO 22301
The framework for implementing a BCM system in your company is provided by the internationally recognized ISO 22301 standard. The standard requirements are general in nature and apply to all organizations regardless of their type, size or nature. The holistic management approach enables companies to respond appropriately to significant incidents and limit the impact. This is done by identifying critical business processes and resources and defining an appropriate level of protection.
"A business continuity management system is an effective management tool for defining business processes that threaten the company's existence, and anchoring preventive measures against unforeseen events."
A particular focus is on early risk detection and the identification of potential damage and the anchoring of suitable measures. In this way, business operations can be maintained as far as possible, even under difficult conditions, and the process of restarting operations can be accelerated.
ISO 22301:2014 - Security and resilience - Business continuity management system - Requirements. More on the topic and certification of a BCM.
A question of organizational culture
Business continuity management - anchored in the organizational culture - is based on the PDCA cycle in its practical implementation. It includes planning, implementation, exercises and review, as well as continuous improvement of processes. A BCM has defined a "life cycle" in four steps. At the center of these is the BCM management program with the tasks of developing strategy, assigning responsibility, implementing business continuity and maintaining it permanently with the help of plans, exercises and checks.
Business processes are first analyzed on an organization-specific basis (business impact analysis) and prioritized accordingly. In this way, operations can be resumed in an optimal manner at the end of a crisis. ISO/TS 22317:2015-09 can be used as guidance and support for conducting and documenting a business impact analysis (BIA). Efficient business continuity management with preventive risk handling and structured emergency management strengthens your organizations' resilience against current and future risks.
ISO 22301 borrows its structure from the ISO basic structure for management system standards (High Level Structure), which means easy integration into an existing management system.
Risk management as a possible basis for BCM
To meet legal or regulatory requirements or requirements from the customer/supplier chain, many organizations have already established a risk management system, for example according to ISO 31000. Companies with an existing management system are experienced in identifying and assessing individual risks anyway.
The Business Continuity Management standard, on the other hand, is a holistic process for identifying potential threats and their impact on critical business operations. It focuses entirely on the aspects that threaten the company's existence, with the goal of first restoring survivability and then restoring the company to normal as quickly as possible after an incident that disrupts operations. A business continuity management system is thus clearly distinguished from conventional risk management.
Why does Business Continuity Management make sense?
Despite all foresight and planning, an emergency or crisis usually occurs suddenly and unexpectedly. Any company can be affected sooner or later. Sustainably successful companies are therefore intensively concerned with maintaining their ability to operate.
- Successful companies anticipate the occurrence of crises and prepare for specific scenarios using organizational measures.
- Decisions are made on the basis of facts.
- In an emergency, employees are prepared and can act in a focused and structured manner despite enormous emotional stress.
Depending on the crisis situation, it may be necessary to include the influence of the organizational environment on one's own company in the recovery process. A BCM as a component of risk management also serves the bearers of duties to fulfill averting and corporate obligations with regard to possible material and immaterial damages.
Business continuity management
Identifying risks before a significant incident occurs and anchoring appropriate measures to preserve business operations - minimizing the impact of threatening events and enabling you to respond and act quickly.
Clearly recognizable need for action
A look at a 2020 survey by Allianz Group ("Risk Barometer") of the most important business risks listed by more than 2,700 risk experts from over 100 countries is revealing. For the first time, cyber incidents are named as the most important business risk worldwide. The risk of business interruption (including supply chain disruption) continues to be a key challenge for companies, ranking second globally and remaining top in Germany. Risks from climate change are the biggest climbers in the ranking. Companies fear threats and property damage from extreme weather events.
"It is probable that many things will happen even against probability."
Aristotle
What are the advantages of a BCM?
A Business Continuity Management System
- Is an effective management tool to define business processes that threaten the existence of the company
- Enables optimal preventive measures against unavoidable threats
- Empowers your organization to respond to significant incidents and embed appropriate measures
- Minimizes downtime due to disruptions and reduces the extent of damage
- Shortens recovery times of vital business processes
- Reduces supply chain disruptions
- Provides a better negotiating position with financial service providers
- Strengthens trust of interested parties
Six tips for implementing business continuity management
Before your company introduces a BCM, the following basic steps are recommended:
- At the beginning, there is a comprehensive analysis of all significant risks and business processes by means of a BIA (Business Impact Analysis) as well as an individual risk assessment.
- Implement a BCM organization with clearly defined and known tasks, roles, responsibilities.
- Establish comprehensive business continuity plans covering identified risks.
- Define exercises and reviews and their ongoing practical execution involving key internal and external partners in business processes.
- Consistently update and develop business continuity management based on the results obtained.
- Leverage the proven ISO standard for business continuity management to focus on a comprehensive, holistic management approach.
Resilient thanks to Business Continuity Management - Conclusion
The specific focus of a Business Continuity Management is on the ability to maintain business operations as far as possible even under special conditions and to accelerate the process of restarting operations. The basis for business continuity management is the international standard ISO 22301. In the event of a crisis, a BCM system makes a significant contribution to the continued existence of your company. In doing so, your company should develop a level of operational capability commensurate with the size and nature of the impact that may or may not be accepted following a disruption.
Unpredictable crises are characterized by the fact that they bring about far-reaching changes, resulting in profound transformation. As a result, the framework for entrepreneurial action must be readjusted. In this sense, the path back to the old normality is largely ruled out. At this point, it pays to learn from experience - and to apply what has been learned both quickly and carefully to future crisis and emergency management.
DQS - Simply leveraging Quality.
DQS is your specialist for audits and certifications - for management systems and processes. Within the scope of an accredited, independent assessment of your management system, you receive the assurance that your BCM system is compliant with the standard. More important, however, are findings from our audits on whether your management system is effective and capable of handling the scenarios considered in business continuity plans (BCP). Our industry-experienced auditors provide improvement guidance and direction for decision-making processes. Take us at our word!
We will be happy to answer your questions!
Contact us - without obligation and free of charge.
Trust and expertise
Our articles, webinars and brochures are exclusively written by our standards experts or long-standing auditors. If you have any questions about the text content or our services to our author, please feel free to contact us.
DQS Newsletter
Guido Eggers
Managing Director of DQS CFS GmbH. Long-standing auditor for ISO 9001 and second party audits, BCM Manager and member of the Compliance Working Group of DQS. In addition to more than ten years of experience in certification, the graduate Master Brewer has many years of professional experience in the food industry. Guido Eggers also contributes his expertise as author of numerous publications, in lectures and expert committees of the German DIN and VDMA.