Drive Operational Resiliency with Regular BCM Plan Maturity Assessments
Business Continuity Management (BCM) plans, help, prepare an organization for survival should crisis strike - and with so many risks now hitting businesses from all angles a well-developed BCM plan is more critical than ever.
Ensuring that it mitigates key exposures and ultimately drives operational resiliency over the long term requires that risk managers facilitate performing regular maturity assessments.
A BCM maturity assessment:
An effective maturity assessment requires a structured framework, access to qualified staff or external consultants, including the potential assistance from your broker to help generate high-quality results.
Maturity Assessment Activities Checklist
These 10 maturity assessment activities are frequently part of a strong BCM program:
-
Interviewing key stakeholders and participants in the program
-
Reviewing plan development documents including business impact analysis and risk assessments
-
Verifying current state of recovery strategies
-
Verifying recovery time objectives and recovery point objectives
-
Reviewing individual business unit continuity planning and disaster recovery plans to ensure that they are complete, accurate and up to date
- Reviewing communication/notification protocols among management, staff and external stakeholders
- Examining training materials, procedures, and guidelines
- Reviewing plan exercise results and exercise criteria
- Reviewing contractor and service provider contingencies
- Verifying senior management sign-off responsibility and accountability
A sound BCM plan identifies risk and quantifies its impact to an organization’s critical business processes, customer satisfaction, financial stability, contractual and regulatory compliance, operational capabilities and brand reputation.
If you have a BCM program in place, you want to be confident that your investment in business continuity planning will respond effectively in the event of a disaster. A viable plan should not only help protect your organization’s interests but should also consider the extent of a company’s responsibilities to other entities and be cognizant of supply chain exposures.
Risk managers should ensure that maturity assessments are regularly applied to measures are developed to track your risks and assure that management is regularly informed of, and ready to assess and improve, the organization’s preparedness and continuity capabilities in the event of a disaster.
Note: The BCM Maturity Assessment is designed to determine whether the applicable best practice processes have been followed as part of the preparedness plan. It is not intended to validate the viability or effectiveness of the plan. Beyond these standards, there are other codes and standards that address the technical aspects of planning, such as evacuation and sheltering in place, among other critical components, that need to be considered as part of business continuity plan development, depending on specific organizational requirements.
References:
ISO 22301:2012: Societal security -- Business continuity management systems
NFPA 1600: Disaster/Emergency Management and Business Continuity Programs, 2013 edition
Disaster Recovery International
FEMA