Bad things happen: Natural or industrial disasters, fires, floods, power failures, telecommunications failures, data-processing malfunctions, hacking, malevolence, terrorism…
In a context of globalization ruled by “just-in-time” principles, organisations are in constant competition. The ability to deliver services and products to customers represents a major challenge.
A disruption to the operations, even for a short period of time, can threaten the market share and, even, the survival of an organisation. We believe it is of the greatest importance for all organisations, small or large, to develop a Business Continuity capability that enables facing all situations.
You are invited to join us for our upcoming Business Continuity Management training events in Calgary, AB, Canada in January.
","before_title":"<h3 class="widget-title">","after_title":"</h3>","widget_id":"widget-1-0-0"}}” />[/siteorigin_widget]
Regus – Sun Life Building
144-4 Avenue SW, Suite 1600
Calgary, AB, T2P 3N4
BCM FOUNDATION 14-16 January
BUSINESS IMPACT ANALYSIS 17-18 January
The BCM foundation training will initiate you to the recognized BCM professional best practices as well as the Business Continuity Management System (BCMS) implementation cycle.
This course is based on a comprehensive and thorough model providing you with a solid BCM knowledge base, the methodology and the tools required to understand, implement and maintain a complete BCMS.
Business Impact Analysis
The Business Impact Analysis (BIA) is the foundation on which to build an organisation-wide Business Continuity Management System. The instructor will walk you through all the steps associated to completing a BIA.
This course is designed around a tried and true BIA model providing you with the methodology, the associated tools and the confidence required to complete a thorough Business Impact Analysis.
A well-designed, implemented, and maintained Business Continuity Management System (BCMS) always results in a more resilient organization!
A well-designed BCMS always results in a more resilient organization!
It would then seem to follow that any inclusive discussion of Business Continuity (BC) today requires addressing the use of standards, guidelines, and best practices that provide guidance in continuity planning that has as its goal to protect against, prepare for, respond to, and recover from disruptive incidents.
- We need guidance, a set of best practices, a roadmap when tasked with the implementation of a new BC initiative – Using a standard or best practices as a model will help ensure an end product that will serve the organization and all interested parties well.
- For those designing and implementing a new continuity program this guidance and help is invaluable – While a BC capability is being created, there is a need to know that steps taken will result in the organization being better prepared and more capable and that stakeholders can be assured that the resulting BC program will provide for the continuation of operations at a level that allows meeting their needs. This guidance is vital for those newly assigned to Business Continuity responsibilities.
- We need ways to measure and verify the sufficiency and value of existing continuity programs as we seek to maintain and continually improve – Using a recognized standard or set of best practices as a “measuring stick” provides an unbiased expert opinion of whether the BCMS is functioning properly to protect products and services and the interests of stakeholders.
- Organizations require a way to effectively measure Business Continuity programs, as well as a need for an objective method to assess the continuity capability of suppliers, outsourcing companies, contractors, and those who supply goods and services that directly and indirectly support critical operations – A globally recognized and accepted benchmark provides a way in which we can uniformly and equitably measure the continuity capability of all the links in our Supply Chain.
Standards, Guidelines, Best Practices, and Certifications
Today there are a wide range of continuity standards, guidelines, best practices, and certifications from which to choose. When making the decision about which to adopt, it is important to evaluate those under consideration and then select the one that will result in the greatest benefit for the organization.
Determine whether the selected standard or set of guidelines is the best vehicle for continually improving the organization’s continuity capability. Selecting the right one for the organization can help raise the continuity bar beyond simply meeting the requirements of a standard or following guidelines to the letter.
When considering what is best for your organization:
- Learn whether there is a Business Continuity standard that is preferred or recommended by your organization’s business sector, industry, or profession;
- Ascertain whether key customers or clients or other business partners have selected a standard or prescribed set of guidelines to apply to their continuity management planning;
- Investigate the value of using a standard that allows the organization, either currently or in the future, to obtain formal certification;
- Determine whether official certification is of benefit to the organization now or may be in the future;
- Consider if a globally recognized standard or set of guidelines has greater value than one that is recognized in a smaller geographic area;
- Ask whether the standard or guidelines meet the organization’s requirements well beyond the data center including executive commitment, inclusion of the Supply Chain links, maintenance, and training and exercises.
Strategic and essential
For full transparency, I fully and absolutely believe in the importance and value of using standards and guidelines.
To prove it, I hold multiple certifications, have experience applying them, and frequently provide related training.
I absolutely believe in the importance and value of using standards and guidelines
Yet, a caution. Gaining certification or being in full alignment with a set of guidelines or best practices should never be the only or even the foremost goal. The intent, the objective, is not simply to check all the boxes detailed in the standard or guidelines.
Rather, we must keep in mind the fundamental reason for having a Business Continuity program “(…) provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities”. – ISO 22301
Even when using a standard, view Business Continuity Management as strategic and essential to the organization’s welfare, not only a compliance / check-the-box requirement. The ultimate objective is to protect the organization, its employees, and other interested parties from the negative effects of disruptions and disasters.
To do that requires developing a strong continuity capability and ultimately making continuity a core element of organizational culture by providing an environment in which all employees work collaboratively to minimize the likelihood of losing the ability to function at a level that enables the company to meet its obligations to all concerned parties.
To BIA or not to BIA
In all cases it is ultimately the results that matter. Consider these often-discussed topics:
The order of conducting the Business Impact Analysis (BIA) and the Risk Assessment conundrum and the “to BIA or not to BIA” question. In both these examples there is no dictated order, process, or methodology. What is required is gathering and applying sufficient, appropriate, and accurate information needed to develop workable strategies that can then be documented in plans.
When people at all levels in the organization have the knowledge to carry out their continuity roles they have continuity capability
Capability should remain the focus: Measure of the ability of an entity (organization, department, person, system) to achieve its objectives, especially in relation to its overall mission. When people at all levels in the organization have the knowledge and experience to carry out their continuity roles and responsibilities and understand how what they do fits in the big picture, they have continuity capability.
- No standard, no set of best practice guidelines is intended to provide a detailed, one-size-fits-all, do it exactly this way or else Business Continuity process.
- They should be viewed as providing a framework, an outline, a code of practice, and defined content for business-specific continuity planning and implementation.
- Adapt them to avoid failed attempts to put square pegs in round holes.
- Avoid a “check-the-box” mentality. Keep your eyes on the prize: establishing and maintaining a robust organization-wide Business Continuity management system.
- The emphasis must be on what works for the organization – not what has always been done before, what other organizations are doing, the latest trend, or guidance that was chosen at random or because it was a perfect fit another company.
To succeed in the real world…
The purpose, the ongoing goal, should be an organization that is better prepared to face the challenges of operational disruptions and disasters. Ultimately, it must be understood that even fully meeting the requirements for certification does not necessarily guarantee success.
To succeed in the real world and not just on paper, Business Continuity must have the full commitment of executive management and be incorporated into the organization’s policies, day-to-day operations, and culture.
The goal should always be to develop, maintain, and continually improve a Business Continuity capability that serves the organization and all its stakeholders well.
Check out our complete training schedule for upcoming courses dates and booking options to help you plan your training needs.
|ISO 22301 Lead Implementer||Brussels, Belgium||11-15 June||Registration|
|ISO 22301 Lead Auditor||Amsterdam, Netherlands||25-29 June||Registration|
|BCM Plans Exercises||London, UK||14 September||Registration|
|BCM Foundation Training||London, UK||17-19 September||Registration|
|Business Impact Analysis||London, UK||20-21 September||Registration|
Your team, your dates
Yes, we offer public classes. But sometimes timing, location, budget, availability simply do not work for you. Yet, there are many other ways to get the ISO training and the ISO certifications you need.
Get your team together at your location and at a time that fits your calendar. We will go pretty much anywhere and at anytime to deliver your training for a group of 5 or more participants. Save on travel expenses and get a discount growing with the size of your group.
Click here to let us know about your in-house training requirements.
Is your organisation ready to face any unexpected interruption?
You were having a quiet day at work when a slip with an excavator cuts through your mains connection, breaks through a supply pipe or causes a gas leak.
When your organization is faced with the threat of sudden disruption to its operations, being able to respond quickly and effectively is the key to its survival!
Is your organisation ready to face any unexpected interruption? How long can you interrupt your critical business activities?
BCM FOUNDATION TRAINING
09-11 April | Ottawa, ON
This course will initiate you to the recognised BCMS professionals best practices as well as the BCMS implementation cycle. This course is fully compatible with the ISO 22301 standard.
BUSINESS IMPACT ANALYSIS
12-13 April | Ottawa, ON
This course is designed around a tried and true BIA model providing the participants with the methodology, the tools and the confidence required to complete a thorough BIA.
Simply put, Business Continuity is the art of maintaining your critical operations at the level required for the survival of your organization, no matter what happens!
When disaster strikes, there can be consequences on customer service, reputation, sales, market share, etc… Customers still need your products or services and if you are not available to deliver, maybe your competitors are!
Never underestimate the impacts of disasters and the havoc they can wreak. Get prepared! Join us for the BCM Foundation Training.
BCM Foundation Training
During this course, you will review a complete Business Continuity Management System (BCMS) implementation life-cycle and several practical tools used in the various implementation phases.
This 3-day training is designed for professionals with minimal or no BCMS experience and is fully compatible with the ISO 22301 and ISO 22313 standards.
After this class, you will be able to:
✔ Identify internationally recognised standards and best practices in the field of BCM;
✔ Identify and understand the components of a complete BCMS;
✔ Understand and describe the implementation process of a BCMS;
✔ Identify success factors and risks associated with a BCMS.
Special offer! Back to school discount!
All aboard! Heavy discount on our Business Continuity training classes in Ottawa! Register to the BCM Foundation Training and receive a free seat on the Business Impact Analysis course.
Use promo code BCMBIA100 upon registration to the two courses.
This offer is valid for registration paid before 31 August 2017. Register today!
Disaster strikes when you least expect it, and it’s increasingly been shown that organizations can no longer afford to believe that such emergencies won’t happen to them.
Business continuity and disaster recovery (BCDR) planning has become a major priority for companies, but a number of them are still lacking the strategy necessary to ensure that their operations can continue in the event of a disaster. A 2016 survey by ITProPortal found that nearly half of respondents don’t have a comprehensive BCDR plan. Let’s take a look at the top tips that you should follow to build a solid BCDR plan:
1. Analyze Environments and Threat Tolerance
When creating a BCDR plan, leaders must start by looking at their critical environments and analyzing the risks they might face.
Prioritizing consequences will be a significant part of your continuity planning effort, as it provides necessary guidance to how much certain assets should be protected and what systems must be recovered first. The speed of response for these individual systems also will be a key factor in the costs associated with the fault or disaster. Leaders must take a critical look at their infrastructure and determine what items are necessary for their operations and what resources could wait to be restored.
2. Align With Business Standards
This one should be self-explanatory, but it’s easy for organizations to skip this step during BCDR planning because there are so many other factors to consider. TechTarget contributor Paul Kirvan noted that industry standards will provide a great framework for your strategy and will increase your chance of passing a future audit. Aligning the BCDR plan with this guidance helps maintain compliance requirements and establishes a solid starting point to rein in the plan’s scope.
Find out more about ISO 22301 Business Continuity Management System standard
3. Exercise, Revise and Exercise Again
Once the strategy has been created, businesses cannot become complacent. Instead, they must regularly exercise their continuity plans to have peace of mind that those plans will fulfill their intended purpose. Your testing might depend of the type of organization, amount of turnover and any process changes that have occurred since the last evaluation.
CIO contributors Kim Lindros and Ed Tittel noted that leaders can use tabletop exercises, structured walk-throughs and simulations to test specific disaster scenarios, identify gaps and ensure that staff understand what to do. It will be important to include new employees on the test team to detect lapses in information that experienced members might overlook. Organizations cannot let the plan go stale and should revise it at least annually.
Learn how to create an efficient Business Continuity exercise with ContinuityLink
4. Have the Proper Systems in Place
The biggest thing a business can do is to have the proper systems in place that will ensure that operations will continue in the event of a disaster. Organizations should also have backup solutions to streamline recovery efforts and restore assets quickly. With these types of tools, users will be able to reduce damage and serve customers during the recovery process.
Continuity planning should be a major priority for businesses. By having the proper systems in place, aligning with business standards, analyzing threat tolerance and testing the strategy, organizations can create a solid business continuity and disaster recovery plan that will see them through a variety of disaster scenarios and help them recover quickly.
Source: Wester Jounalism
One of the differentiators of the new approach to business continuity advocated by Adaptive BC is the removal of the business impact analysis and risk assessment from the business continuity process. But is that a realistic proposal? Continuity Central is currently conducting a survey to assess whether this is a realistic proposal. The interim results to the survey, based on the first 150 responses, can be seen below. To read the full introduction to the survey and to take part, click here.
Do you think that it is possible to omit the risk assessment from the business continuity process?
- Yes, and the resulting business continuity plan would be fully functional: 31.17%
- Yes, but the resulting business continuity plan would be weakened: 12.99%
- No, the risk assessment is a vital part of the business continuity process: 47.40%
- I’m not sure: 8.44%
Do you think that it is possible to omit the business impact analysis from the business continuity process?
- Yes: and the resulting business continuity plan would be fully functional: 21.43%
- Yes: but the resulting business continuity plan would be weakened: 6.49%
- No: the BIA is a vital part of the business continuity process: 65.58%
- I’m not sure: 6.49%
Respondents were asked to identify the business continuity standard which they are most familiar with and then were asked the following question:
Thinking about compliance with the business continuity standard, which comes closest to your view:
- A risk assessment and a BIA are both essential for compliance with this standard: 75.00%
- A risk assessment is essential for compliance with this standard but not a BIA: 4.73%
- A BIA is essential for compliance with this standard but not a risk assessment: 12.84%
- Neither a risk assessment nor a BIA are essential for compliance with this standard: 7.43%
The survey will remain open for a further week.
Source: Continuity Central
Are you surprised by the preliminary results? Do you believe that it is really possible to omit risk assessments and BIAs and still develop a functional business continuity plan? Please share your thoughts in the comment section below.
One of the differentiators of the new approach to Business Continuity advocated by Adaptive BC is the removal of the Business Impact Analysis and risk assessment from the business continuity process. But is that a realistic proposal? This survey seeks the views of business continuity professionals on this issue.
Adaptive BC is an alternative approach to traditional business continuity planning. It is ‘based on the belief that the practices of traditional business continuity planning have become increasingly ineffectual’ and proposes nine principles to found its new approach. Of these the one which had proved to be the most controversial is the principle that Adaptive BC omits risk assessments and business impact analyses.
The rational behind this omission is as follows:
The risk assessment (RA) and the Business Impact Analysis (BIA) form the backbone of traditional continuity planning. They are considered fundamental components in virtually every best practice guide and industry standard. Employing these two practices leads practitioners along a trajectory that further entangles their work in the many related techniques of traditional continuity planning, along with the negative outcomes of these techniques. Practitioners should eliminate the use of the risk assessment and business impact analysis.
If you remove the BIA from the business continuity process, what, if anything, would take it’s place? David Lindstedt, one of the founders of the Adaptive BC approach, explains as follows:
“Let’s go ahead and assume that the BIA could, in fact, provide an hourly or daily cost in terms of lost revenue or lost market share for each service or department that could be temporarily eliminated due to an incident. (Naturally, I think this is a problematic assumption based on commentators and research, but let’s make the assumption anyway.) Shouldn’t leadership know what is important without having to conduct a BIA? Don’t the Board, executives, and top leadership have clear knowledge of what is most important to the continued functioning of their organization without a BIA? Or, perhaps more precisely, is leadership so inaccurate in their estimations of departmental value that the BIA properly changes these estimations and provides a more accurate picture of value to executives?”
Is it really possible to omit risk assessments and BIAs and still develop a functional business continuity plan? Please give your views in the following survey and in the comment section below.