HIGHLIGHT
Business Continuity Management Certification: Safeguarding your interests and maintaining your operations
There is increasing awareness and growing concern in the business world about companies’ preparedness for two emerging threats reaching pandemic proportions: the Swine Flu pandemic caused by the H1N1 virus and Cyber Criminality. At the same time, companies are dealing with the worst economic recession in 80 years. This convergence of phenomena is sorely testing the resilience of many companies.
In order to be in the best position to weather these challenges, as well as other disruptions that can damage their business, companies have planned for as many risks as they are able to identify. Their best defense is to implement Business Continuity Management (BCM) programs that enable them to constantly review risks and their readiness to respond in the event that a worst-case scenario actually occurs.
Business Vision interviewed Nathalie Kreppert, Global Product Manager for Risk Management Services, Bureau Veritas Certification
Business Vision: What is Business Continuity Management?
Nathalie Kreppert: BCM is an ongoing process of risk assessment and management with the purpose of ensuring that a business can continue to function in the event a risk materializes. It is first and foremost a holistic management process that identifies potential impacts that threaten an organization and it provides a framework for building resilience.
Business Vision: What are some of the risks Business Continuity Management is designed to deal with?
NK: In addition to the current Swine Flu pandemic and rising cyber criminality, there are other significant examples of risks companies should be prepared to manage. For example, the Tsunami in the Indian Ocean, and more recently, Hurricane Katrina, fires near Los Angeles and Athens are examples of catastrophes that are driving many corporations to develop BCM planning if they have not already done so and to reevaluate any plans they may already have.
Of course, BCM is not limited to preparing for natural disasters and terrorist attacks. Other types of disruptions can be just as damaging to companies in terms of the loss of trust and confidence of their customers. For example, in South Africa, there have been scheduled power cuts for 2 hours every 2 days, damage to undersea cables has recently affected Internet services to India, Bahrain, Egypt, the United Arab Emirates and Saudi Arabia and Network/Telephony failures have affected the UK, Germany, Portugal, Italy, Spain and Switzerland. Furthermore, companies must not overlook issues of fraud, theft, employee sabotage or the possibility of the collapse of a key supplier or the sudden loss of a customer base. Therefore, companies must keep in mind a range of risks to assess in BCM planning, from catastrophic events, to more commonly occurring events they might not ordinarily worry about or even foresee.
Business Vision: What is the level of awareness of these risks in the business world?
NK:Recent surveys show that most companies still do not have business continuity or solid security plans in place. In addition, among the companies with Business Continuity plans most have never taken the steps to actually test and evaluate these vital plans.
Business Vision: What are the benefits of BCM?
NK: Although it may be possible to calculate the financial losses of a disruption, the most significant impact is usually in damaged reputation or loss of trust that results from a mismanaged incident. Conversely, a well-managed incident can enhance an organization’s reputation and that of its management team’s too. Research by Knight and Pretty of Oxford Metrica indicates that organizations affected by catastrophes fall into two distinct groups – “recoverers” and “non-recoverers”. Where organizations have successfully dealt with a crisis their share value has increased in the long term. In marked contrast, those who were perceived as having failed to manage a crisis well generally saw their share price decline with recovery taking well over a year or not at all. More recent research has shown that those organizations which budget most on risk, BCM and governance are the most profitable companies in their sector. It is really important to view BCM for what it is, an investment and not a cost.
BCM Certification is also a strategic element for companies which want to ensure their supply chain reliability.
Business Vision: What steps can companies take to obtain BCM certification?
NK: The first step would be to assess a company’s level of readiness against BS25999 (the acknowledged standard in the field) most likely through an initial Gap Analysis. Of course, companies already certified with ISO 9001 or ISO 27001 (Information Security) may be in a better position to achieve their Business Continuity Management Certification, as they already have a well-documented management system in place.
Business Vision: Why is Bureau Veritas Certification so well placed to provide certification services for BS 25999-2 ?
NK: Bureau Veritas Certification offers a wide range of certifications in the quality, environment, health and safety and social responsibility fields. Business Continuity can be combined with certification of any other type of management system. This is a real advantage because, as I mentioned earlier, BCM is a holistic approach and therefore touches on all aspects of a company’s business. Our proven methodology and experience provides the assurance companies and their stakeholders require. We start with a Gap Analysis, followed by an initial audit to verify the conformity of the basic Business Continuity Management System, including the Policy, the Business Impact Analysis, Risk Assessment, Business Continuity Strategy and Incident Management Plans as well as applicable legislation. This process is completed with the certification audit and followed up with Surveillance Audits designed to monitor continuous improvement.
Photo: A/S Dansk Shell
Business Vision: What is Business Continuity Management?
Nathalie Kreppert: BCM is an ongoing process of risk assessment and management with the purpose of ensuring that a business can continue to function in the event a risk materializes. It is first and foremost a holistic management process that identifies potential impacts that threaten an organization and it provides a framework for building resilience.
Business Vision: What are some of the risks Business Continuity Management is designed to deal with?
NK: In addition to the current Swine Flu pandemic and rising cyber criminality, there are other significant examples of risks companies should be prepared to manage. For example, the Tsunami in the Indian Ocean, and more recently, Hurricane Katrina, fires near Los Angeles and Athens are examples of catastrophes that are driving many corporations to develop BCM planning if they have not already done so and to reevaluate any plans they may already have.
Of course, BCM is not limited to preparing for natural disasters and terrorist attacks. Other types of disruptions can be just as damaging to companies in terms of the loss of trust and confidence of their customers. For example, in South Africa, there have been scheduled power cuts for 2 hours every 2 days, damage to undersea cables has recently affected Internet services to India, Bahrain, Egypt, the United Arab Emirates and Saudi Arabia and Network/Telephony failures have affected the UK, Germany, Portugal, Italy, Spain and Switzerland. Furthermore, companies must not overlook issues of fraud, theft, employee sabotage or the possibility of the collapse of a key supplier or the sudden loss of a customer base. Therefore, companies must keep in mind a range of risks to assess in BCM planning, from catastrophic events, to more commonly occurring events they might not ordinarily worry about or even foresee.
Business Vision: What is the level of awareness of these risks in the business world?
NK:Recent surveys show that most companies still do not have business continuity or solid security plans in place. In addition, among the companies with Business Continuity plans most have never taken the steps to actually test and evaluate these vital plans.
Business Vision: What are the benefits of BCM?
NK: Although it may be possible to calculate the financial losses of a disruption, the most significant impact is usually in damaged reputation or loss of trust that results from a mismanaged incident. Conversely, a well-managed incident can enhance an organization’s reputation and that of its management team’s too. Research by Knight and Pretty of Oxford Metrica indicates that organizations affected by catastrophes fall into two distinct groups – “recoverers” and “non-recoverers”. Where organizations have successfully dealt with a crisis their share value has increased in the long term. In marked contrast, those who were perceived as having failed to manage a crisis well generally saw their share price decline with recovery taking well over a year or not at all. More recent research has shown that those organizations which budget most on risk, BCM and governance are the most profitable companies in their sector. It is really important to view BCM for what it is, an investment and not a cost.
BCM Certification is also a strategic element for companies which want to ensure their supply chain reliability.
Business Vision: What steps can companies take to obtain BCM certification?
NK: The first step would be to assess a company’s level of readiness against BS25999 (the acknowledged standard in the field) most likely through an initial Gap Analysis. Of course, companies already certified with ISO 9001 or ISO 27001 (Information Security) may be in a better position to achieve their Business Continuity Management Certification, as they already have a well-documented management system in place.
Business Vision: Why is Bureau Veritas Certification so well placed to provide certification services for BS 25999-2 ?
NK: Bureau Veritas Certification offers a wide range of certifications in the quality, environment, health and safety and social responsibility fields. Business Continuity can be combined with certification of any other type of management system. This is a real advantage because, as I mentioned earlier, BCM is a holistic approach and therefore touches on all aspects of a company’s business. Our proven methodology and experience provides the assurance companies and their stakeholders require. We start with a Gap Analysis, followed by an initial audit to verify the conformity of the basic Business Continuity Management System, including the Policy, the Business Impact Analysis, Risk Assessment, Business Continuity Strategy and Incident Management Plans as well as applicable legislation. This process is completed with the certification audit and followed up with Surveillance Audits designed to monitor continuous improvement.
|
Photo: A/S Dansk Shell