Résilience face aux crises avec le management de la continuité des activités

Le 11 mars 2011, la terre a tremblé à plusieurs centaines de kilomètres au nord-est de Tokyo, au milieu de l'océan Pacifique. Le tremblement de terre a déclenché un tsunami avec une vague de marée atteignant jusqu'à 40 mètres de hauteur. Il a dévasté de grandes parties du Japon, détruit des infrastructures et causé plus de 22 000 victimes. En conséquence, la centrale nucléaire de Fukushima a été gravement endommagée. Un accident nucléaire s'est produit, et 150 000 personnes ont été évacuées.

Le tsunami a affecté de nombreuses entreprises, y compris les usines de production de Toyota. Étant donné que de nombreuses usines ont été gravement endommagées, les chaînes d'approvisionnement et de production ont été interrompues pendant longtemps. Cela a entraîné d'importantes pertes de production et des goulots d'étranglement mondiaux dans l'approvisionnement en véhicules. En réponse à la crise, Toyota a développé un système amélioré de management de la continuité des activités (BCM) qui prend mieux en compte les grandes catastrophes telles qu'un tsunami.

BCM: more than just risk management
This type of BCM goes far beyond traditional risk management, which is primarily aimed at identifying and reducing potential hazards. BCM aims to maintain or quickly restore a company's business operations in crisis situations. To achieve this, BCM considers all possible hazards that could disrupt business operations, ranging from hacker attacks to natural disasters such as floods, earthquakes, or pandemics to geopolitical crises and interruptions to global supply chains due to unforeseen events. 

In particular, the growing threat of climate change makes BCM indispensable for companies. Extreme weather events such as heavy rainfall, heat waves, or storms are becoming more frequent and cause significant damage. Companies are increasingly integrated into complex supply chains that can be disrupted by such events. An affected organization must be able to find alternative procurement channels for raw materials and ensure that its communication and IT infrastructure can withstand the challenges.

Effective strategies for crisis resilience
Effective business continuity management (BCM) integrates all potential threat scenarios into a comprehensive corporate strategy. The first step is to conduct a detailed business impact analysis (BIA). This identifies and prioritizes the critical business processes and resources that are essential to the company's survival in a crisis. 

The goal is to develop plans that enable the company to remain operational even under difficult conditions. That's why a comprehensive BCM system requires the involvement of all areas of the company. Focusing on the IT department is not enough. Departments such as human resources, purchasing, production, and logistics must also be included. 

Another important aspect of BCM is the continuous training and sensitization of employees. To maintain business operations, they need to know exactly how to act in an emergency. In addition, all emergency plans and continuity strategies should be regularly reviewed and adapted to current conditions.

How ISO 22301 facilitates certification
ISO 22301 provides a globally recognized framework for establishing and operating a business continuity management system (BCMS). Companies can use the standard as a guide to ensure that they systematically address all key aspects of business continuity, from risk identification and assessment to developing and implementing contingency plans. 

Implementing a BCMS is a complex task, but one that synergies can facilitate. In particular, it is common practice in the IT industry to implement an information security management system (ISMS) in accordance with ISO 27001 and to have it audited by external certification bodies. According to ISO 27001, an ISMS already contains many central elements that are also relevant for a BCMS, especially concerning IT failures. These overlaps enable the use of existing security structures so that the implementation effort of a BCMS is reduced. 

This combined implementation also facilitates the certification process for external audits, which can be carried out efficiently in a single step. Both management systems increase stakeholder trust and provide a competitive advantage. This is particularly important in industries with high delivery capability and demands for resilience. 

In the face of growing challenges such as climate change, geopolitical instability, and increasing cyber threats, business continuity management is becoming more and more important. It enables companies to remain operational in crisis situations and to recover quickly. It is not just about risk avoidance but also about crisis preparedness and rapid response. A well-developed BCM is an important tool for managing business risks, maintaining business operations, and reducing the risk of claims for damages due to a lack of preparedness.