SlideShare uma empresa Scribd logo

Business continuity management and risk -The role of standards

BSI British Standards Institution
BSI British Standards Institution

Greater awareness in recent years of the volatility of the risk environment, together with the regulatory impetus provided by corporate governance requirements, has placed effective risk management high on the corporate agenda. Changing attitudes to risk management have also resulted in the emergence of a more holistic and proactive approach to managing exposures.

NegóciosEconomia e finanças
1 de 15
Baixar para ler offline
Business continuity management and risk The role of standards raising standards worldwide™
Executive summary Greater awareness in recent years of the volatility of the risk environment, together with the regulatory impetus provided by corporate governance requirements, has placed effective risk management high on the corporate agenda. Changing attitudes to risk management have also resulted in the emergence of a more holistic and proactive approach to managing exposures. During this evolutionary process, business continuity management (BCM) has emerged as an increasingly important element of an organization’s risk mitigation strategy. Developing out of the areas of information security and disaster management, effective BCM can enable an organization to reduce its exposure to disruptive events, implement mechanisms to limit the impact of an incident on business processes and operations, and provide reputational resilience in the most difficult of circumstances. However, a lack of consistency in approach, confusion over definitions and terms, and the inability to benchmark BCM strategies have hindered its development, and led to calls for a formal standard to be produced. Based upon proven methodologies, BS 25999 Business continuity management establishes the process, principles and terminology of effective business continuity management.
The rise of risk management up the corporate agenda reflects an increased understanding by organizations, both public and private, of their risk profiles and the need to effectively manage exposures. High-profile incidents such as Enron, 9/11, Hurricane Katrina, the summer floods in the United Kingdom, Northern Rock and Société Générale – as well as the regulatory structures implemented in some cases in the aftermath, such as Sarbanes-Oxley, Basel II and the Turnbull report – have served to shape attitudes to risk management and achieve greater boardroom awareness. More proactive … Organizations are becoming increasingly proactive in their approach to managing their risk exposures and developing bespoke strategies rather than simply relying upon the parameters set by regulatory authorities. In tandem with this has been a change in the stance taken by regulators towards a more principles-based approach to regulation – a move that places the onus on organizations themselves to take greater responsibility for their risk management strategies. Julia Graham, chief risk officer at DLA Piper and chair of the committee for BS 31100 Code of practice for risk management, believes that this change in the attitude of regulators is a very positive step, as it means that “organizations are then in a position to manage risk in line with their own context, nature, scale, complexity and jurisdictional spread of their business”. Risk in a standard In February 2008, BSI released the second draft of BS 31100 Code of practice for risk management. The standard is designed to provide a guide to risk management principles, models, frameworks and processes, in order to assist organizations to achieve their risk management objectives. But can a concept as broad as risk management be captured effectively in a single standard? “The standard is intended to be high level and generic, and not specific to any business, country or discipline,” says Julia Graham, chief risk officer at DLA Piper and chair of the committee for BS 31100. “It is viewed as part of a family of standards.” The discipline of risk management has, however, been the subject of many guidelines, documents and standards. “The committee which developed the standard looked long and hard at this issue – there are some excellent standards already available, which BS 31100 was not designed to replace,” explains Ms Graham. “Rather, BS 31100 is seen as a positional document which helps to set the overall risk scene, language, framework and process.” Business continuity management and risk • 1
RESEARCH Business Barometer According to the latest findings of BSI British Standards’ annual Business Barometer, UK businesses are continuing to enhance their levels of disaster preparedness. The survey of FTSE 250 companies in 2007 revealed that over 80% of respondents were confident their organization could continue to operate for up to a week following a disruption before experiencing serious detrimental effects. Almost two-thirds considered themselves ready to respond to a major IT failure, while 50% were fully prepared for a forced office relocation. These figures reflect the fact that some 71% of respondents – up 10% from 2006 – now acknowledge the vital role played by BCM in ensuring their company remains competitive and wins new business in the future. With some 62% of businesses indicating that customers now require them to show that they have effective BCM measures in place – up 16% on the previous year – expectations are that this figure will continue to rise. Commenting on the findings, Mike Low, director of BSI British Standards, says: “The scale of risk and opportunity in the FTSE 250 is enormous and these organizations are recognizing that BCM has to be at the heart of their operations.” However, he emphasized that it was also crucial “for smaller organizations and those in other sectors to look seriously at how they would cope in the event of a disaster”. 2 • Business continuity management and risk
More holistic … This evolution is encouraging a much more holistic approach to the management of risk. Organizations are endeavouring to remove the silos which exist within their operations to achieve a more expansive and integrated risk strategy, founded upon an enhanced understanding of their risks, business processes and dependencies. The removal of these silos has contributed to the emergence of business continuity management (BCM) as an integral part of an organization’s risk management strategy. Seen for decades as an IT and disaster recovery-related issue, BCM is now gaining a much more prominent position in the risk mitigation mechanisms of many organizations. In the majority of cases, business continuity has evolved independently from risk management operations. James Crask, resilience policy manager at the Civil Contingencies Secretariat, attributes this to the factors that have driven its development. “In many organizations risk management has traditionally been driven by finance, while business continuity has developed from security and crisis management arrangements. Because they have often developed independently of each other they are frequently situated in different parts of an organization, meaning they could be moving in different directions.” However, Mr Crask is confident that attitudes are now changing and that, increasingly, companies are realising that these two disciplines should be working together. Ms Graham views risk management and business continuity as two parts of the same governance framework. “Risk management provides the umbrella under which a variety of risk management categories and capabilities can reside,” she says. “Business continuity is part of risk management and notably part of an organization’s risk control environment.” More integrated … Attitudes are changing as While still in its relative infancy as a discipline compared to risk management, components of business continuity can be found companies realize that risk in virtually all organizations. It is basic common sense to ensure management and business measures are in place so that activities essential to the delivery of products or services are protected. Therefore, they can still be continuity disciplines should be maintained should an incident occur. Yet the effectiveness of working together. such processes is highly dependent upon the extent to which these measures are integrated into the organization. Business continuity management and risk • 3
“Traditionally most organizations understand the core components of their business and are aware of what needs to be protected,” says Mr Crask. “That is where they build in continuity. However, what they have failed to do is view the organization as a whole, obtain the full support of senior management, understand interdependencies, embed business continuity into the culture of the operation and ensure that employees are aware of their roles and undergo regular training.” There is also a tendency on the part of some companies to limit the scope of business continuity to the areas of incident BCM is less about the plan itself management and risk mitigation, believes Steve Mellish, head and more about ensuring that of business continuity at Sainsbury’s. “This in my opinion doesn’t make for a really effective business continuity capability. the requirements are built into You need to have – and understand – the whole picture to every facet of the business. devise a business continuity capability that really ensures that it meets the business requirements and is fit-for-purpose.” The value of BCM can only be achieved if it becomes an integral part of the operational structure of an organization. Business continuity is less about the plan itself and more about ensuring that the requirements are built into every facet of the business, starting with the internal operations and extending out along the supply chain. Adding value to the business If an organization successfully integrates a robust and effective BCM plan into every facet of its operations, then the potential benefits that can be gained are extensive. Providing assurance One of the primary aims of an effective BCM strategy is to provide a level of assurance that, in the event of a disruptive incident, the organization can not only continue to provide critical services but also become fully operational again in as short a time frame as possible – no matter how severe the disruption. Peter Sierwald, director of Phoenix Continuity Services, describes the goal of effective business continuity: “A sound BCM strategy provides assurance that all necessary aspects of the organization’s value chain can be protected and recovered to an acceptable level of emergency operation at an acceptable cost.” 4 • Business continuity management and risk
CASE STUDY Bits not pieces The development of a standard for information and communication technology (ICT) continuity is no easy task, particularly given the increasing complexity and interdependency of the systems involved. The situation is further compounded by the fact that few organizations have a thorough understanding of the systems that they operate. “Systems are complex enough to manage when we understand their end-to-end make-up,” says Oscar O’Connor, an adviser with Adam Continuity, “but when we do not, we are simply asking for trouble.” The British Standard for ICT continuity, BS 25777, is designed to provide guidance on how to apply business continuity principles to an organization’s ICT systems. Employing the same basic structure as BS 25999, the standard is designed to enable companies to implement appropriate levels of resilience for ICT services, as well as the processes required to respond to and recover from a disruptive incident. “BS 25777 aims to ensure that not only are the organization’s ICT services as resilient and recoverable as is appropriate,” says Mr O’Connor, “but also that the organization’s BCM requirements for ICT support are completely covered.” Business continuity management and risk • 5
Competitive advantage In an increasingly volatile environment, the ability to offer such levels of assurance through the implementation of a well-structured BCM plan is becoming a discernible competitive advantage. The value of having mechanisms in place that enable you to limit the detrimental impact of an event on your business activities, thereby enabling you to outperform competitor organizations during a crisis and return to normal levels of service in a shorter time frame, is immense. Strengthening client relationships Being able to demonstrate From the perspective of existing – and potential – clients, being able to demonstrate that, even in the most trying of that, even in the most trying circumstances, an organization is capable of maintaining its operations can serve not only to strengthen existing circumstances, an organization relationships but also stimulate new ones. Such a competitive is capable of maintaining benefit is encouraging the emergence of a more proactive commercial approach to business continuity rather than simply operations, can impress clients. viewing it as a mechanism for managing a disruption to operations. Tendering for business In recent years there has been a marked rise in the number of companies that now stipulate that an organization must have a BCM plan as a prerequisite for a bidding process. “We have seen more organizations over the last year asking about business continuity during the tendering process than we have ever seen before,” confirms Simon Beesley, operations excellence manager at TDG. Preserving and enhancing reputation Reputational risk is considered by many organizations to be the number one risk they face. Taking years, if not decades, to build up, a company’s reputation can lie in tatters in an instant. While the aim of a BCM plan is both to limit an organization’s exposure to a disruptive event and to improve its ability to return to normal service quickly in the aftermath of any such incident, by succeeding on these two fronts the organization will not only preserve but actually enhance its reputation. 6 • Business continuity management and risk
Increasing share value The effective management of a crisis not only provides a defence mechanism for your bottom line by enabling you to continue to operate, it can also provide long-term share value benefits. In The Impact of Catastrophes on Shareholder Value, Rory Knight and Deborah Pretty examined how shareholder value was affected by a major incident. They found that while share prices initially crashed, those organizations which managed the crisis effectively saw their share value not only return to pre-incident levels, but actually rise above them – which was then sustained for a long period of time. In contrast, those organizations that mismanaged the disruption never saw their share price recover to the same position. A worthwhile investment Martin Caddick, head of UK business continuity management at Marsh, believes that in order to encourage board level buy-in to business continuity, you must make members aware that BCM You can reduce expenditure on is an effective investment. By adopting a more holistic view of insurance, protection measures risk and BCM, such investments can provide much greater bang for your risk buck. “You can potentially reduce your levels of and even BCM, while at the insurance, spend less on protection measures and even reduce same time enhancing overall expenditure on BCM,” he says, “while at the same time enhancing your overall protection.” protection. Understanding your organization In another recent survey by Marsh, The Upside to Business Continuity, respondents were asked to highlight the benefits of BCM they had experienced over the last 12 months. Surprisingly, over 50% of respondents found that they had achieved a better understanding of their business, while 37% highlighted improved risk-intelligent decision making. Mr Beesley believes that by gaining a thorough understanding of your business processes you can then see areas where these processes can be enhanced or streamlined to facilitate the overall stability of your operation. “Any time when you start a project which looks at how your business processes operate, you will always find ways of improving these processes.” Business continuity management and risk • 7
CASE STUDY As strong as the weakest link Following a review of its approach to BCM in importance of involving those people “on 2007, TDG, a supply chain management the shop floor”, as they are best placed to company, launched a pilot project to provide describe their particular operations and also its site in Rugby with a business continuity to propose solutions should a disruption management system developed and occur. “As long as you engage the people implemented following the BS 25999 code that understand each part of your business of practice. and ask them the right questions, the process can become a very straightforward “The way we used to approach BCM as an one.” organization was that it was pretty much every site for itself, with little in the way of It is imperative that those who will manage central control,” says Simon Beesley, the disruption also develop the business operations excellence manager at TDG, who continuity management system. “The is responsible for the project. approach that we are taking at TDG is that my role is to support the sites in Admitting that he knew “nothing” about implementing their plans, not to develop BCM before beginning the project, Mr them,” he explains. Local ownership of the Beesley enrolled on a one-day introductory project must be established so that each site workshop to BS 25999 – hosted by BSI – can develop its own bespoke solutions based which enabled him to understand how to upon the templates and guidance provided. apply the standard within his organization. “In terms of providing a framework for this While acknowledging that being the first project, BS 25999 was incredibly helpful,” he logistics company to achieve BS 25999 explains. “It is written in plain English and certification has provided TDG with a unique provides a clear process that you can selling point, Mr Beesley is keen to point out follow.” that this is not why TDG undertook the project. “It should never be about ‘getting While it was important to ensure that senior the badge’, but rather about companies management were involved in the project gaining real benefit from going through the from the start, he also highlighted the process.” 8 • Business continuity management and risk
By obtaining a thorough understanding of your organization you gain “an improved understanding of the risks you face, both within the walls of your organization and across the wider supply chain, ” says Mr Beesley. He believes this process has helped his organisation to enhance relationships not only internally, but also with external customers and suppliers. Establishing best practice However, despite the myriad benefits which business continuity can bring to the table, its effectiveness has been hindered by the relative lack of clear guidance on the processes required to implement a successful BCM strategy. Prior to the publication of BS 25999, there were a number of business continuity guidelines in existence, such as BSI’s PAS 56:2003 Guide to business continuity management and the Business Continuity Institute’s Good Practice Guidelines. On the international front, there are also a range of business continuity-related standards and guidelines available. In Australia, for example, the HB 221 Business Continuity Guidelines were drawn up in 2004, becoming HB 292 A Practitioners Guide to Business Continuity Management following a review in 2006. In Singapore, TR 19 Technical Reference for Business Continuity Management is a well-used best-practice mechanism for BCM managers, while in the United States NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs has been in existence for a number of years. The publication of BS 25999 was in response to a market-wide demand from both public and private sectors for a formal The market demands clarity standard that would introduce a level of consistency to the discipline, provide clarity as to what constituted BCM, establish and consistency, accepted accepted terminology and definitions, and create a means of benchmarking between companies, industries and regions. terminology and a means of benchmarking on BCM. Business continuity management and risk • 9
In November 2006, BSI published BS 25999 Part 1, which A proactive, non-prescriptive provided a guide to business continuity best practice. Kevin Brear, business continuity manager on the information and approach to business continuity security group, practice protection, at Deloitte & Touche, described it as “a paradigm shift for the business continuity encourages organizations to industry in the UK”. While there are a number of organizations find the solutions that best meet and societies with an interest in business continuity, he believes that “by placing it under the stewardship of BSI, the standard their own needs. is, and can clearly be seen to be, an independent document”. The standard provides guidance and recommendations on business continuity best practice. “The goal is to enable organizations operating in any sector, including industrial, commercial, public and voluntary, to understand, develop and implement business continuity within their operations,” says Mike Low, director of BSI British Standards. “Rather than a prescriptive document, BS 25999 seeks to encourage organizations themselves to find the solutions that best meet the demands of their own risk framework. By facilitating a more proactive approach to business continuity, the standard places the control firmly in their hands.” BS 25999 has introduced a consistent approach to business continuity best practice founded upon proven methodologies. It enables organizations to clearly demonstrate to the markets they serve that they have a robust BCM strategy in place which can now be measured and also benchmarked against the strategies of competitors. “As a benchmark to set UK plc, I think it is excellent,” says Mr Caddick at Marsh. As the standard becomes more established, companies are increasingly able to use BS 25999 as a marketing tool as it provides a mechanism for evidencing competitive advantage and a means of enhancing their reputation and brand perception as a secure supplier or provider of goods or services. “With BCM also now playing an increasingly prominent role in the tender process,” says Mr Low, “companies can provide, by adopting a British Standard, measurable evidence of the existence not only of a plan, but also an effective, robust strategy which is embedded into the culture of their organization.” 10 • Business continuity management and risk
Reassuring the market “The arrival of the British Standard for BCM has marked a significant milestone in establishing business continuity as a basic commonsense approach to managing a business – and managing it responsibly,” says Mr Mellish at Sainsbury’s. “In my view, the British Standard has provided the credibility and gravitas to make it a standard requirement in future corporate governance legislation. The sooner senior executives recognize this and address it then greater assurance can be provided to all of their stakeholders. “The standard will also ensure a more consistent approach is applied,” he continues, “and this will in turn assist in benchmarking and provide insurance companies with a more effective way of measuring the effectiveness of a company’s ability to minimize the impact of any major incident.” The universality of BS 25999 also provides international appeal for the standard. Mr Sierwald of Phoenix Continuity Services in Sydney believes that the very fact that BS 25999 is a good fit with most BCM approaches in Australia makes it of real interest. Commenting on its potential impact on the wider Asian market, he adds: “My experience with organizations in India is that those which act as service providers to ‘Western’ companies are keen to have a certifiable standard as extra assurance for clients who choose to outsource business processes.” “BSI has seen a lot of interest from Asia and other areas around the world,” concurs Mr Crask, “which suggests to me that countries outside of the EU wish to comply with the standard to demonstrate their reliability and security to foreign investors.” “We are seeing a growing awareness of business continuity, and BS 25999 has played a part in this,” believes Mr Beesley at TDG. “My view is that over the next few years, particularly in The standard will provide a the industry in which I operate, business continuity will become more effective way of increasingly important because of the influence of BS 25999 and the focus that this has given people.” measuring the effectiveness of a company’s ability to minimize If this proves to be the case, then the question every company must ask itself is: What does not having adopted the standard the impact of major incidents. say to the market about how we run our business? Business continuity management and risk • 11
The role of standards A standard provides a mechanism for facilitating the proactive implementation of best practice. The principles of any British Standard are based upon good management practice, and set out clear and unambiguous provisions and performance objectives. “There are no rules laid down,” explains Mike Low, director of A proactive, non-prescriptive BSI British Standards, “but rather a series of recommendations and guidelines which provide an organization with the flexibility approach to business continuity to hand-pick those elements and procedures which best fit their specific requirements.” encourages organizations to find the solutions that best meet In the development of any formal standard, a national committee is established which includes representatives from their own needs. government, business, consumer groups, manufacturers, suppliers, academic institutions, trade associations, regulators and societal interest groups. “Only by achieving consensus across such a diverse range of practitioners,” believes Mr Low, “can a standard successfully embody what is considered best practice for that particular sector.” A draft of the standard is then placed into the public domain for consultation. All comments and responses are reviewed by the committee and the standard is amended where necessary. Only then, when approved, will the standard be published. In order to ensure that each standard continues to remain current, it undergoes a process of maintenance and review whereby it is updated, revised or, if necessary, withdrawn. “BSI is not seeking to create an array of stand-alone standards,” says Mr Low, “but rather a family of interrelated standards.” In compiling each standard, the process takes into consideration other related standards. Effort is made to provide a level of uniformity across the documents, which enables organizations to implement additional complementary standards more easily. 12 • Business continuity management and risk
How BSI can help Standards matter. They contribute at least £2.5bn each year to the UK economy and play a key role in enabling innovation, improving competitiveness, increasing reliability, ensuring safety, improving accessibility, controlling quality, managing risk and improving business performance. As the world’s first national standards body, BSI British Standards has a globally recognized reputation for independence, integrity and innovation. Part of the BSI Group operating in 86 markets worldwide, BSI British Standards serves the interests of a wide range of industry sectors, as well as government, consumers, employees and society overall, to make sure not just British but European and international standards are useful, relevant and authoritative. BSI champions UK interests at home and abroad and is an incubator of many of the world’s leading standards. It is the national gateway to all the European and worldwide standards bodies promoting fair trade, technology transfer, economic prosperity and security. Several publications describe the benefits of using standardization to achieve broader organizational and national strategic objectives. Information about these is available from BSI British Standards. To find out more about how BSI can help you, visit the website at www.bsigroup.com or email britishstandards@bsigroup.com. BSI Group Headquarters 389 Chiswick High Road London W4 4AL UK Tel +44 (0)20 8996 9001 Fax +44 (0)20 8996 7001 www.bsigroup.com © The British Standards Institution raising standards worldwide™ BSI Group: Standards • Information • Training • Inspection • Testing • Assessment • Certification

Recomendados

CMI Business Continuity Report 2008
CMI Business Continuity Report 2008CMI Business Continuity Report 2008
CMI Business Continuity Report 2008Navneet Shrivastava
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management InfographicSAP Analytics
 
Managing Threats in a Dangerous World
Managing Threats in a Dangerous WorldManaging Threats in a Dangerous World
Managing Threats in a Dangerous WorldChartered Management Institute
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Steven McLaren
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
The 3 C's of Business Resumption
The 3 C's of Business ResumptionThe 3 C's of Business Resumption
The 3 C's of Business ResumptionCris Mattoon, J.D., CCEP, MCM
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 

Recomendados

CMI Business Continuity Report 2008
CMI Business Continuity Report 2008CMI Business Continuity Report 2008
CMI Business Continuity Report 2008Navneet Shrivastava
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management InfographicSAP Analytics
 
Managing Threats in a Dangerous World
Managing Threats in a Dangerous WorldManaging Threats in a Dangerous World
Managing Threats in a Dangerous WorldChartered Management Institute
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Steven McLaren
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
The 3 C's of Business Resumption
The 3 C's of Business ResumptionThe 3 C's of Business Resumption
The 3 C's of Business ResumptionCris Mattoon, J.D., CCEP, MCM
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry MetricStream Inc
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperNetIQ
 
IBM Leading Sustainable Enterprise
IBM Leading Sustainable EnterpriseIBM Leading Sustainable Enterprise
IBM Leading Sustainable EnterpriseDoctor Aal-Anubia
 
The Risk Earnings Ratio
The Risk Earnings RatioThe Risk Earnings Ratio
The Risk Earnings RatioSimon Baker-Chambers
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management MetricStream Inc
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
FRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
FRT - 110530 - BED - Why are some companies luckier than others - Frank LeendersFRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
FRT - 110530 - BED - Why are some companies luckier than others - Frank LeendersFlevum
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM caseAlexey Chekanov
 
Insights on it risk bcm
Insights on it risk bcmInsights on it risk bcm
Insights on it risk bcmVladimir Matviychuk
 
A strategic framework_for_governance,_ri
A strategic framework_for_governance,_riA strategic framework_for_governance,_ri
A strategic framework_for_governance,_rinmbbhe001
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
The RM To BC Route Presentation Notes John Agius 21052012
The RM To BC Route Presentation Notes John Agius 21052012The RM To BC Route Presentation Notes John Agius 21052012
The RM To BC Route Presentation Notes John Agius 21052012John Agius
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 
The 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitThe 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitGSMIweb
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSCAMMS
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookChris Cornillie
 
Climate-smart Approaches to Agriculture: lessons from recent experience
Climate-smart Approaches to Agriculture: lessons from recent experienceClimate-smart Approaches to Agriculture: lessons from recent experience
Climate-smart Approaches to Agriculture: lessons from recent experienceFAO
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...BCM Institute
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongBCM Institute
 

Mais conteúdo relacionado

Mais procurados

Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry MetricStream Inc
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperNetIQ
 
IBM Leading Sustainable Enterprise
IBM Leading Sustainable EnterpriseIBM Leading Sustainable Enterprise
IBM Leading Sustainable EnterpriseDoctor Aal-Anubia
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
FRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
FRT - 110530 - BED - Why are some companies luckier than others - Frank LeendersFRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
FRT - 110530 - BED - Why are some companies luckier than others - Frank LeendersFlevum
 
A strategic framework_for_governance,_ri
A strategic framework_for_governance,_riA strategic framework_for_governance,_ri
A strategic framework_for_governance,_rinmbbhe001
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
The RM To BC Route Presentation Notes John Agius 21052012
The RM To BC Route Presentation Notes John Agius 21052012The RM To BC Route Presentation Notes John Agius 21052012
The RM To BC Route Presentation Notes John Agius 21052012John Agius
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 
The 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitThe 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitGSMIweb
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSCAMMS
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookChris Cornillie
 
Climate-smart Approaches to Agriculture: lessons from recent experience
Climate-smart Approaches to Agriculture: lessons from recent experienceClimate-smart Approaches to Agriculture: lessons from recent experience
Climate-smart Approaches to Agriculture: lessons from recent experienceFAO
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 

Mais procurados (20)

Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White Paper
 
IBM Leading Sustainable Enterprise
IBM Leading Sustainable EnterpriseIBM Leading Sustainable Enterprise
IBM Leading Sustainable Enterprise
 
The Risk Earnings Ratio
The Risk Earnings RatioThe Risk Earnings Ratio
The Risk Earnings Ratio
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
FRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
FRT - 110530 - BED - Why are some companies luckier than others - Frank LeendersFRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
FRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
 
Insights on it risk bcm
Insights on it risk bcmInsights on it risk bcm
Insights on it risk bcm
 
A strategic framework_for_governance,_ri
A strategic framework_for_governance,_riA strategic framework_for_governance,_ri
A strategic framework_for_governance,_ri
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
The RM To BC Route Presentation Notes John Agius 21052012
The RM To BC Route Presentation Notes John Agius 21052012The RM To BC Route Presentation Notes John Agius 21052012
The RM To BC Route Presentation Notes John Agius 21052012
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
The 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitThe 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance Summit
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMS
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
 
Climate-smart Approaches to Agriculture: lessons from recent experience
Climate-smart Approaches to Agriculture: lessons from recent experienceClimate-smart Approaches to Agriculture: lessons from recent experience
Climate-smart Approaches to Agriculture: lessons from recent experience
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 

Destaque

Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...BCM Institute
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongBCM Institute
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...BCM Institute
 
Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...Association for Project Management
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementCody Shive
 
Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...Sukumar Jena
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
 

Destaque (8)

Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy Wong
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
 
Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and Management
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity Management
 
Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 

Semelhante a Business continuity management and risk -The role of standards

Regus / URM Business Continuity Survey
Regus / URM Business Continuity SurveyRegus / URM Business Continuity Survey
Regus / URM Business Continuity SurveyRegus
 
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...Richard Brooks
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureAndrew Smart
 
Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationOffice 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationMary Marks
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...Mubeen Yaqoob
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
The evolving role of IT managers and CIOs
The evolving role of IT managers and CIOsThe evolving role of IT managers and CIOs
The evolving role of IT managers and CIOsIBM Rational software
 
BCM whitepaper
BCM whitepaperBCM whitepaper
BCM whitepaperOmniComm
 
Business Continuity Management in India (white paper)
Business Continuity Management in India (white paper)Business Continuity Management in India (white paper)
Business Continuity Management in India (white paper)OmniComm
 
Business Continuity Management in India white paper
Business Continuity Management in India white paperBusiness Continuity Management in India white paper
Business Continuity Management in India white paperOmniComm
 
"Bringing the Discipline of Direct Cost Management to G&A Costs"
"Bringing the Discipline of Direct Cost Management to G&A Costs""Bringing the Discipline of Direct Cost Management to G&A Costs"
"Bringing the Discipline of Direct Cost Management to G&A Costs"William Thimme
 
Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS MetricStream Inc
 
Article quality growth and sustainability
Article quality growth and sustainabilityArticle quality growth and sustainability
Article quality growth and sustainabilityWilliam 'Bill' Holmberg
 
Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Franco Ferrario
 
Grooming A BCM Culture
Grooming A BCM Culture Grooming A BCM Culture
Grooming A BCM Culture Eneni Oduwole
 

Semelhante a Business continuity management and risk -The role of standards (20)

Regus / URM Business Continuity Survey
Regus / URM Business Continuity SurveyRegus / URM Business Continuity Survey
Regus / URM Business Continuity Survey
 
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And Exposure
 
Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationOffice 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk Management
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
CMI Business Continuity Management
CMI Business Continuity ManagementCMI Business Continuity Management
CMI Business Continuity Management
 
The evolving role of IT managers and CIOs
The evolving role of IT managers and CIOsThe evolving role of IT managers and CIOs
The evolving role of IT managers and CIOs
 
BCM whitepaper
BCM whitepaperBCM whitepaper
BCM whitepaper
 
Business Continuity Management in India (white paper)
Business Continuity Management in India (white paper)Business Continuity Management in India (white paper)
Business Continuity Management in India (white paper)
 
Business Continuity Management in India white paper
Business Continuity Management in India white paperBusiness Continuity Management in India white paper
Business Continuity Management in India white paper
 
"Bringing the Discipline of Direct Cost Management to G&A Costs"
"Bringing the Discipline of Direct Cost Management to G&A Costs""Bringing the Discipline of Direct Cost Management to G&A Costs"
"Bringing the Discipline of Direct Cost Management to G&A Costs"
 
Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS Compliance, Risk and Audit - BCBS
Compliance, Risk and Audit - BCBS
 
Article quality growth and sustainability
Article quality growth and sustainabilityArticle quality growth and sustainability
Article quality growth and sustainability
 
Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
Grooming A BCM Culture
Grooming A BCM Culture Grooming A BCM Culture
Grooming A BCM Culture
 

Mais de BSI British Standards Institution

BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...BSI British Standards Institution
 
Guide to making a new standard - Standards & Standardization - Making a New W...
Guide to making a new standard - Standards & Standardization - Making a New W...Guide to making a new standard - Standards & Standardization - Making a New W...
Guide to making a new standard - Standards & Standardization - Making a New W...BSI British Standards Institution
 
PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...
PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...
PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...BSI British Standards Institution
 
PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...
PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...
PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...BSI British Standards Institution
 
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...BSI British Standards Institution
 
Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?
Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?
Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?BSI British Standards Institution
 

Mais de BSI British Standards Institution (20)

BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...
 
BSI's Top 10 standards that matter to consumers
BSI's Top 10 standards that matter to consumersBSI's Top 10 standards that matter to consumers
BSI's Top 10 standards that matter to consumers
 
BSI leaflet on easy-to-open packaging
BSI leaflet on easy-to-open packagingBSI leaflet on easy-to-open packaging
BSI leaflet on easy-to-open packaging
 
Defining social responsibility with BS ISO 26000
Defining social responsibility with BS ISO 26000Defining social responsibility with BS ISO 26000
Defining social responsibility with BS ISO 26000
 
Guide to making a new standard - Standards & Standardization - Making a New W...
Guide to making a new standard - Standards & Standardization - Making a New W...Guide to making a new standard - Standards & Standardization - Making a New W...
Guide to making a new standard - Standards & Standardization - Making a New W...
 
Standards & standardization handout
Standards & standardization handoutStandards & standardization handout
Standards & standardization handout
 
A proposal for working with higher education
A proposal for working with higher educationA proposal for working with higher education
A proposal for working with higher education
 
Standards and standardization
Standards and standardization Standards and standardization
Standards and standardization
 
Standards and standardization
Standards and standardizationStandards and standardization
Standards and standardization
 
The perfect business continuity manager
The perfect business continuity managerThe perfect business continuity manager
The perfect business continuity manager
 
Nano website presentation bsi template december 2010
Nano website presentation bsi template december 2010Nano website presentation bsi template december 2010
Nano website presentation bsi template december 2010
 
Nano website presentation bsi template december 2010
Nano website presentation bsi template december 2010Nano website presentation bsi template december 2010
Nano website presentation bsi template december 2010
 
PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...
PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...
PAS 2015: The Disruptive Challenges facing the NHS, Dr Penny Bevan CBE Direc...
 
PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...
PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...
PAS 2015: NHS Resilience Next Steps, Phil Storr Head of NHS Resilience Projec...
 
Fire safety brochure
Fire safety brochureFire safety brochure
Fire safety brochure
 
BSI Presentation: Working with Higher Education
BSI Presentation: Working with Higher EducationBSI Presentation: Working with Higher Education
BSI Presentation: Working with Higher Education
 
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...
 
Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?
Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?
Case Study: The BS25999 Experience: how BS25999 is delivering for HDNL?
 
Case Study: BS25999 in a multi-site enterprise
Case Study: BS25999 in a multi-site enterpriseCase Study: BS25999 in a multi-site enterprise
Case Study: BS25999 in a multi-site enterprise
 
PD25888: Recovery Planning
PD25888: Recovery PlanningPD25888: Recovery Planning
PD25888: Recovery Planning
 

Último

Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Doge Mining Website
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 

Último (20)

Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 

Business continuity management and risk -The role of standards

  • 1. Business continuity management and risk The role of standards raising standards worldwide™
  • 2. Executive summary Greater awareness in recent years of the volatility of the risk environment, together with the regulatory impetus provided by corporate governance requirements, has placed effective risk management high on the corporate agenda. Changing attitudes to risk management have also resulted in the emergence of a more holistic and proactive approach to managing exposures. During this evolutionary process, business continuity management (BCM) has emerged as an increasingly important element of an organization’s risk mitigation strategy. Developing out of the areas of information security and disaster management, effective BCM can enable an organization to reduce its exposure to disruptive events, implement mechanisms to limit the impact of an incident on business processes and operations, and provide reputational resilience in the most difficult of circumstances. However, a lack of consistency in approach, confusion over definitions and terms, and the inability to benchmark BCM strategies have hindered its development, and led to calls for a formal standard to be produced. Based upon proven methodologies, BS 25999 Business continuity management establishes the process, principles and terminology of effective business continuity management.
  • 3. The rise of risk management up the corporate agenda reflects an increased understanding by organizations, both public and private, of their risk profiles and the need to effectively manage exposures. High-profile incidents such as Enron, 9/11, Hurricane Katrina, the summer floods in the United Kingdom, Northern Rock and Société Générale – as well as the regulatory structures implemented in some cases in the aftermath, such as Sarbanes-Oxley, Basel II and the Turnbull report – have served to shape attitudes to risk management and achieve greater boardroom awareness. More proactive … Organizations are becoming increasingly proactive in their approach to managing their risk exposures and developing bespoke strategies rather than simply relying upon the parameters set by regulatory authorities. In tandem with this has been a change in the stance taken by regulators towards a more principles-based approach to regulation – a move that places the onus on organizations themselves to take greater responsibility for their risk management strategies. Julia Graham, chief risk officer at DLA Piper and chair of the committee for BS 31100 Code of practice for risk management, believes that this change in the attitude of regulators is a very positive step, as it means that “organizations are then in a position to manage risk in line with their own context, nature, scale, complexity and jurisdictional spread of their business”. Risk in a standard In February 2008, BSI released the second draft of BS 31100 Code of practice for risk management. The standard is designed to provide a guide to risk management principles, models, frameworks and processes, in order to assist organizations to achieve their risk management objectives. But can a concept as broad as risk management be captured effectively in a single standard? “The standard is intended to be high level and generic, and not specific to any business, country or discipline,” says Julia Graham, chief risk officer at DLA Piper and chair of the committee for BS 31100. “It is viewed as part of a family of standards.” The discipline of risk management has, however, been the subject of many guidelines, documents and standards. “The committee which developed the standard looked long and hard at this issue – there are some excellent standards already available, which BS 31100 was not designed to replace,” explains Ms Graham. “Rather, BS 31100 is seen as a positional document which helps to set the overall risk scene, language, framework and process.” Business continuity management and risk • 1
  • 4. RESEARCH Business Barometer According to the latest findings of BSI British Standards’ annual Business Barometer, UK businesses are continuing to enhance their levels of disaster preparedness. The survey of FTSE 250 companies in 2007 revealed that over 80% of respondents were confident their organization could continue to operate for up to a week following a disruption before experiencing serious detrimental effects. Almost two-thirds considered themselves ready to respond to a major IT failure, while 50% were fully prepared for a forced office relocation. These figures reflect the fact that some 71% of respondents – up 10% from 2006 – now acknowledge the vital role played by BCM in ensuring their company remains competitive and wins new business in the future. With some 62% of businesses indicating that customers now require them to show that they have effective BCM measures in place – up 16% on the previous year – expectations are that this figure will continue to rise. Commenting on the findings, Mike Low, director of BSI British Standards, says: “The scale of risk and opportunity in the FTSE 250 is enormous and these organizations are recognizing that BCM has to be at the heart of their operations.” However, he emphasized that it was also crucial “for smaller organizations and those in other sectors to look seriously at how they would cope in the event of a disaster”. 2 • Business continuity management and risk
  • 5. More holistic … This evolution is encouraging a much more holistic approach to the management of risk. Organizations are endeavouring to remove the silos which exist within their operations to achieve a more expansive and integrated risk strategy, founded upon an enhanced understanding of their risks, business processes and dependencies. The removal of these silos has contributed to the emergence of business continuity management (BCM) as an integral part of an organization’s risk management strategy. Seen for decades as an IT and disaster recovery-related issue, BCM is now gaining a much more prominent position in the risk mitigation mechanisms of many organizations. In the majority of cases, business continuity has evolved independently from risk management operations. James Crask, resilience policy manager at the Civil Contingencies Secretariat, attributes this to the factors that have driven its development. “In many organizations risk management has traditionally been driven by finance, while business continuity has developed from security and crisis management arrangements. Because they have often developed independently of each other they are frequently situated in different parts of an organization, meaning they could be moving in different directions.” However, Mr Crask is confident that attitudes are now changing and that, increasingly, companies are realising that these two disciplines should be working together. Ms Graham views risk management and business continuity as two parts of the same governance framework. “Risk management provides the umbrella under which a variety of risk management categories and capabilities can reside,” she says. “Business continuity is part of risk management and notably part of an organization’s risk control environment.” More integrated … Attitudes are changing as While still in its relative infancy as a discipline compared to risk management, components of business continuity can be found companies realize that risk in virtually all organizations. It is basic common sense to ensure management and business measures are in place so that activities essential to the delivery of products or services are protected. Therefore, they can still be continuity disciplines should be maintained should an incident occur. Yet the effectiveness of working together. such processes is highly dependent upon the extent to which these measures are integrated into the organization. Business continuity management and risk • 3
  • 6. “Traditionally most organizations understand the core components of their business and are aware of what needs to be protected,” says Mr Crask. “That is where they build in continuity. However, what they have failed to do is view the organization as a whole, obtain the full support of senior management, understand interdependencies, embed business continuity into the culture of the operation and ensure that employees are aware of their roles and undergo regular training.” There is also a tendency on the part of some companies to limit the scope of business continuity to the areas of incident BCM is less about the plan itself management and risk mitigation, believes Steve Mellish, head and more about ensuring that of business continuity at Sainsbury’s. “This in my opinion doesn’t make for a really effective business continuity capability. the requirements are built into You need to have – and understand – the whole picture to every facet of the business. devise a business continuity capability that really ensures that it meets the business requirements and is fit-for-purpose.” The value of BCM can only be achieved if it becomes an integral part of the operational structure of an organization. Business continuity is less about the plan itself and more about ensuring that the requirements are built into every facet of the business, starting with the internal operations and extending out along the supply chain. Adding value to the business If an organization successfully integrates a robust and effective BCM plan into every facet of its operations, then the potential benefits that can be gained are extensive. Providing assurance One of the primary aims of an effective BCM strategy is to provide a level of assurance that, in the event of a disruptive incident, the organization can not only continue to provide critical services but also become fully operational again in as short a time frame as possible – no matter how severe the disruption. Peter Sierwald, director of Phoenix Continuity Services, describes the goal of effective business continuity: “A sound BCM strategy provides assurance that all necessary aspects of the organization’s value chain can be protected and recovered to an acceptable level of emergency operation at an acceptable cost.” 4 • Business continuity management and risk
  • 7. CASE STUDY Bits not pieces The development of a standard for information and communication technology (ICT) continuity is no easy task, particularly given the increasing complexity and interdependency of the systems involved. The situation is further compounded by the fact that few organizations have a thorough understanding of the systems that they operate. “Systems are complex enough to manage when we understand their end-to-end make-up,” says Oscar O’Connor, an adviser with Adam Continuity, “but when we do not, we are simply asking for trouble.” The British Standard for ICT continuity, BS 25777, is designed to provide guidance on how to apply business continuity principles to an organization’s ICT systems. Employing the same basic structure as BS 25999, the standard is designed to enable companies to implement appropriate levels of resilience for ICT services, as well as the processes required to respond to and recover from a disruptive incident. “BS 25777 aims to ensure that not only are the organization’s ICT services as resilient and recoverable as is appropriate,” says Mr O’Connor, “but also that the organization’s BCM requirements for ICT support are completely covered.” Business continuity management and risk • 5
  • 8. Competitive advantage In an increasingly volatile environment, the ability to offer such levels of assurance through the implementation of a well-structured BCM plan is becoming a discernible competitive advantage. The value of having mechanisms in place that enable you to limit the detrimental impact of an event on your business activities, thereby enabling you to outperform competitor organizations during a crisis and return to normal levels of service in a shorter time frame, is immense. Strengthening client relationships Being able to demonstrate From the perspective of existing – and potential – clients, being able to demonstrate that, even in the most trying of that, even in the most trying circumstances, an organization is capable of maintaining its operations can serve not only to strengthen existing circumstances, an organization relationships but also stimulate new ones. Such a competitive is capable of maintaining benefit is encouraging the emergence of a more proactive commercial approach to business continuity rather than simply operations, can impress clients. viewing it as a mechanism for managing a disruption to operations. Tendering for business In recent years there has been a marked rise in the number of companies that now stipulate that an organization must have a BCM plan as a prerequisite for a bidding process. “We have seen more organizations over the last year asking about business continuity during the tendering process than we have ever seen before,” confirms Simon Beesley, operations excellence manager at TDG. Preserving and enhancing reputation Reputational risk is considered by many organizations to be the number one risk they face. Taking years, if not decades, to build up, a company’s reputation can lie in tatters in an instant. While the aim of a BCM plan is both to limit an organization’s exposure to a disruptive event and to improve its ability to return to normal service quickly in the aftermath of any such incident, by succeeding on these two fronts the organization will not only preserve but actually enhance its reputation. 6 • Business continuity management and risk
  • 9. Increasing share value The effective management of a crisis not only provides a defence mechanism for your bottom line by enabling you to continue to operate, it can also provide long-term share value benefits. In The Impact of Catastrophes on Shareholder Value, Rory Knight and Deborah Pretty examined how shareholder value was affected by a major incident. They found that while share prices initially crashed, those organizations which managed the crisis effectively saw their share value not only return to pre-incident levels, but actually rise above them – which was then sustained for a long period of time. In contrast, those organizations that mismanaged the disruption never saw their share price recover to the same position. A worthwhile investment Martin Caddick, head of UK business continuity management at Marsh, believes that in order to encourage board level buy-in to business continuity, you must make members aware that BCM You can reduce expenditure on is an effective investment. By adopting a more holistic view of insurance, protection measures risk and BCM, such investments can provide much greater bang for your risk buck. “You can potentially reduce your levels of and even BCM, while at the insurance, spend less on protection measures and even reduce same time enhancing overall expenditure on BCM,” he says, “while at the same time enhancing your overall protection.” protection. Understanding your organization In another recent survey by Marsh, The Upside to Business Continuity, respondents were asked to highlight the benefits of BCM they had experienced over the last 12 months. Surprisingly, over 50% of respondents found that they had achieved a better understanding of their business, while 37% highlighted improved risk-intelligent decision making. Mr Beesley believes that by gaining a thorough understanding of your business processes you can then see areas where these processes can be enhanced or streamlined to facilitate the overall stability of your operation. “Any time when you start a project which looks at how your business processes operate, you will always find ways of improving these processes.” Business continuity management and risk • 7
  • 10. CASE STUDY As strong as the weakest link Following a review of its approach to BCM in importance of involving those people “on 2007, TDG, a supply chain management the shop floor”, as they are best placed to company, launched a pilot project to provide describe their particular operations and also its site in Rugby with a business continuity to propose solutions should a disruption management system developed and occur. “As long as you engage the people implemented following the BS 25999 code that understand each part of your business of practice. and ask them the right questions, the process can become a very straightforward “The way we used to approach BCM as an one.” organization was that it was pretty much every site for itself, with little in the way of It is imperative that those who will manage central control,” says Simon Beesley, the disruption also develop the business operations excellence manager at TDG, who continuity management system. “The is responsible for the project. approach that we are taking at TDG is that my role is to support the sites in Admitting that he knew “nothing” about implementing their plans, not to develop BCM before beginning the project, Mr them,” he explains. Local ownership of the Beesley enrolled on a one-day introductory project must be established so that each site workshop to BS 25999 – hosted by BSI – can develop its own bespoke solutions based which enabled him to understand how to upon the templates and guidance provided. apply the standard within his organization. “In terms of providing a framework for this While acknowledging that being the first project, BS 25999 was incredibly helpful,” he logistics company to achieve BS 25999 explains. “It is written in plain English and certification has provided TDG with a unique provides a clear process that you can selling point, Mr Beesley is keen to point out follow.” that this is not why TDG undertook the project. “It should never be about ‘getting While it was important to ensure that senior the badge’, but rather about companies management were involved in the project gaining real benefit from going through the from the start, he also highlighted the process.” 8 • Business continuity management and risk
  • 11. By obtaining a thorough understanding of your organization you gain “an improved understanding of the risks you face, both within the walls of your organization and across the wider supply chain, ” says Mr Beesley. He believes this process has helped his organisation to enhance relationships not only internally, but also with external customers and suppliers. Establishing best practice However, despite the myriad benefits which business continuity can bring to the table, its effectiveness has been hindered by the relative lack of clear guidance on the processes required to implement a successful BCM strategy. Prior to the publication of BS 25999, there were a number of business continuity guidelines in existence, such as BSI’s PAS 56:2003 Guide to business continuity management and the Business Continuity Institute’s Good Practice Guidelines. On the international front, there are also a range of business continuity-related standards and guidelines available. In Australia, for example, the HB 221 Business Continuity Guidelines were drawn up in 2004, becoming HB 292 A Practitioners Guide to Business Continuity Management following a review in 2006. In Singapore, TR 19 Technical Reference for Business Continuity Management is a well-used best-practice mechanism for BCM managers, while in the United States NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs has been in existence for a number of years. The publication of BS 25999 was in response to a market-wide demand from both public and private sectors for a formal The market demands clarity standard that would introduce a level of consistency to the discipline, provide clarity as to what constituted BCM, establish and consistency, accepted accepted terminology and definitions, and create a means of benchmarking between companies, industries and regions. terminology and a means of benchmarking on BCM. Business continuity management and risk • 9
  • 12. In November 2006, BSI published BS 25999 Part 1, which A proactive, non-prescriptive provided a guide to business continuity best practice. Kevin Brear, business continuity manager on the information and approach to business continuity security group, practice protection, at Deloitte & Touche, described it as “a paradigm shift for the business continuity encourages organizations to industry in the UK”. While there are a number of organizations find the solutions that best meet and societies with an interest in business continuity, he believes that “by placing it under the stewardship of BSI, the standard their own needs. is, and can clearly be seen to be, an independent document”. The standard provides guidance and recommendations on business continuity best practice. “The goal is to enable organizations operating in any sector, including industrial, commercial, public and voluntary, to understand, develop and implement business continuity within their operations,” says Mike Low, director of BSI British Standards. “Rather than a prescriptive document, BS 25999 seeks to encourage organizations themselves to find the solutions that best meet the demands of their own risk framework. By facilitating a more proactive approach to business continuity, the standard places the control firmly in their hands.” BS 25999 has introduced a consistent approach to business continuity best practice founded upon proven methodologies. It enables organizations to clearly demonstrate to the markets they serve that they have a robust BCM strategy in place which can now be measured and also benchmarked against the strategies of competitors. “As a benchmark to set UK plc, I think it is excellent,” says Mr Caddick at Marsh. As the standard becomes more established, companies are increasingly able to use BS 25999 as a marketing tool as it provides a mechanism for evidencing competitive advantage and a means of enhancing their reputation and brand perception as a secure supplier or provider of goods or services. “With BCM also now playing an increasingly prominent role in the tender process,” says Mr Low, “companies can provide, by adopting a British Standard, measurable evidence of the existence not only of a plan, but also an effective, robust strategy which is embedded into the culture of their organization.” 10 • Business continuity management and risk
  • 13. Reassuring the market “The arrival of the British Standard for BCM has marked a significant milestone in establishing business continuity as a basic commonsense approach to managing a business – and managing it responsibly,” says Mr Mellish at Sainsbury’s. “In my view, the British Standard has provided the credibility and gravitas to make it a standard requirement in future corporate governance legislation. The sooner senior executives recognize this and address it then greater assurance can be provided to all of their stakeholders. “The standard will also ensure a more consistent approach is applied,” he continues, “and this will in turn assist in benchmarking and provide insurance companies with a more effective way of measuring the effectiveness of a company’s ability to minimize the impact of any major incident.” The universality of BS 25999 also provides international appeal for the standard. Mr Sierwald of Phoenix Continuity Services in Sydney believes that the very fact that BS 25999 is a good fit with most BCM approaches in Australia makes it of real interest. Commenting on its potential impact on the wider Asian market, he adds: “My experience with organizations in India is that those which act as service providers to ‘Western’ companies are keen to have a certifiable standard as extra assurance for clients who choose to outsource business processes.” “BSI has seen a lot of interest from Asia and other areas around the world,” concurs Mr Crask, “which suggests to me that countries outside of the EU wish to comply with the standard to demonstrate their reliability and security to foreign investors.” “We are seeing a growing awareness of business continuity, and BS 25999 has played a part in this,” believes Mr Beesley at TDG. “My view is that over the next few years, particularly in The standard will provide a the industry in which I operate, business continuity will become more effective way of increasingly important because of the influence of BS 25999 and the focus that this has given people.” measuring the effectiveness of a company’s ability to minimize If this proves to be the case, then the question every company must ask itself is: What does not having adopted the standard the impact of major incidents. say to the market about how we run our business? Business continuity management and risk • 11
  • 14. The role of standards A standard provides a mechanism for facilitating the proactive implementation of best practice. The principles of any British Standard are based upon good management practice, and set out clear and unambiguous provisions and performance objectives. “There are no rules laid down,” explains Mike Low, director of A proactive, non-prescriptive BSI British Standards, “but rather a series of recommendations and guidelines which provide an organization with the flexibility approach to business continuity to hand-pick those elements and procedures which best fit their specific requirements.” encourages organizations to find the solutions that best meet In the development of any formal standard, a national committee is established which includes representatives from their own needs. government, business, consumer groups, manufacturers, suppliers, academic institutions, trade associations, regulators and societal interest groups. “Only by achieving consensus across such a diverse range of practitioners,” believes Mr Low, “can a standard successfully embody what is considered best practice for that particular sector.” A draft of the standard is then placed into the public domain for consultation. All comments and responses are reviewed by the committee and the standard is amended where necessary. Only then, when approved, will the standard be published. In order to ensure that each standard continues to remain current, it undergoes a process of maintenance and review whereby it is updated, revised or, if necessary, withdrawn. “BSI is not seeking to create an array of stand-alone standards,” says Mr Low, “but rather a family of interrelated standards.” In compiling each standard, the process takes into consideration other related standards. Effort is made to provide a level of uniformity across the documents, which enables organizations to implement additional complementary standards more easily. 12 • Business continuity management and risk
  • 15. How BSI can help Standards matter. They contribute at least £2.5bn each year to the UK economy and play a key role in enabling innovation, improving competitiveness, increasing reliability, ensuring safety, improving accessibility, controlling quality, managing risk and improving business performance. As the world’s first national standards body, BSI British Standards has a globally recognized reputation for independence, integrity and innovation. Part of the BSI Group operating in 86 markets worldwide, BSI British Standards serves the interests of a wide range of industry sectors, as well as government, consumers, employees and society overall, to make sure not just British but European and international standards are useful, relevant and authoritative. BSI champions UK interests at home and abroad and is an incubator of many of the world’s leading standards. It is the national gateway to all the European and worldwide standards bodies promoting fair trade, technology transfer, economic prosperity and security. Several publications describe the benefits of using standardization to achieve broader organizational and national strategic objectives. Information about these is available from BSI British Standards. To find out more about how BSI can help you, visit the website at www.bsigroup.com or email britishstandards@bsigroup.com. BSI Group Headquarters 389 Chiswick High Road London W4 4AL UK Tel +44 (0)20 8996 9001 Fax +44 (0)20 8996 7001 www.bsigroup.com © The British Standards Institution raising standards worldwide™ BSI Group: Standards • Information • Training • Inspection • Testing • Assessment • Certification