About Business Continuity Management (BCM)
What Is Business Continuity Management (BCM)
The ability to respond effectively is the key to business survival in face of sudden threats or disruptions. To be caught unprepared in averting and managing potential disruptions to your operations would not only result in the loss of business opportunities but could also affect your bottom-line, particularly with the current volatile market situation.
Business Continuity Management (BCM) is a holistic management process which helps to assess, plan and strengthn the resilience of your value chain. BCM is a tool that enables organisations to identify potential threats and thus provides a framework for your organisation to build up its resilience and capabilities for an effective response. The aim is to safeguard the value-creation and reputation of the business as well as the interests of stakeholders.
Back to Top
Importance of Business Continuity Management (BCM)
BCM-readiness provides reassurance to your internal and external stakeholders that your operations are able to meet the needs of the constituency and you are prepared for the 'worst case scenario' situations. As a robust BCM system also requires the collaboration of your key suppliers, the upgrading of your key suppliers' BCM plans will improve your entired supply chain. The ability to weather adversity will give you company an edge against your competitors. In Summary, BCM is more than just insurance for your business.
A BCM ready organization is able to:
■Be recognized as a reliable and sustainable business partner
■Enhanced business reputation and consumer confidence
■Protect assets and the business infrastructure
■Maintain operations and minimize financial impact during crisis
By increasing the resilience of businesses in Singapore, it will further boost Singapore's status as a trusted business hub. This will help to attract more business opportunities and fuel the growth of your company. Your preparedness for crisis will collectively enhance the nation's resilience to crisis.
Back to Top
Singapore Standard for BCM (SS 540:2008)
To purchase SS540:2008
Introduction to the BCM Framework
This Singapore Standard is applicable to all organisations regardless of their size. Each of these organisations has concerns for its survival against threats (unintentional/intentional), and naturally/emergencies, crises, and disasters that disrupt the organisation's functions). This standard provides the framework for these entities to analyse and implement strategies, processes and procedures to address these concerns.
This standard emphasises resilience and protection of critical assets, human, environmental, intangible and physical. It focuses on continuity management and recovery of critical business functions. This standard enables an organisation to:
a) Develop a policy applicable to prevention, preparedness, response, continuity and recovery programmes;
b) Establish objectives, processes and procedures to achieve the policy commitments;
c) Assure competency, awareness and training within the organisation;
d) Monitor and review its performance;
e) Demonstrate its efforts to conform to the requirements of this standard; and
f) Establish and apply a process for continual improvement.
The Process Approach
This standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation's preparedness, response and continuity management system.
This standard presents business continuity management (BCM) as a strategic management programme that defines the organisation's efforts to ensure continuity of its functions, in part and/or in whole, should the organisation suffer disruptions. BCM focuses on the organisational pre-incident analysis and prevention, and its response planning to disruptions, be they expected or unexpected. These analyses and prevention efforts require the integration of management, people, technology, facilities and business processes to ensure the resiliency of the organisation. An organisation needs to identify and manage many activities in order to function effectively. Often the output of one activity forms the input to the next activity and so in this context the approach is holistic.
To achieve such a holistic approach, this standard adopts the "Plan-Do-Check-Act" (PDCA) methodology. Figure 1 illustrates how a BCM system takes BCM requirements and expectations of stakeholders as inputs and through the PDCA to produce risk management outcomes.
|
Plan
|
Establish BCM policy, objectives, processes and procedures relevant to managing risk and improving
prevention, preparedness, response, continuity and recovery programmes.
|
|
Do
|
Implement and operate the BCM policy, controls, processes and procedures.
|
|
Check
|
Assess and, where applicable, measure process performance against BCM policy, objectives and
practical experience and report the results to management for review.
|
|
Act
|
Take corrective and preventive actions, based on the results of the internal BCM audits and management review or other relevant information, to achieve continual improvement of the BCM.
|
This standard provides an organisation with the assurance that its preparedness, response and continuity management performance not only meets, but will also continue to meet, its legal and policy requirements. This standard provides an organisation with the elements of an effective and structured management system that can be integrated with other management requirements. Therefore, this standard is designed so that it can be integrated with quality, safety, environmental information, security, risk and other management systems within an organisation. Organisations that have adopted a process approach to management systems (e.g., ISO 9001:2000 and ISO 14001:2004) may be able to use their existing management system as a foundation for BCM as prescribed in this standard.
This BCM standard provides a framework for reducing the risks and their impacts on the operation processes, staff and organisation's infrastructure. Figure 2 summarises the BCM framework in a matrix format. The matrix helps identify potential gaps in an organisation's BCM efforts. For example, the implications of selecting a particular recovery strategy should be linked to the corresponding policies set forth by senior management. Corresponding infrastructure, training of recovery personnel and establishing the associated recovery processes should support implementation of the recovery strategy.
a) BCM areas
To ensure BCM, each organisation must identify the threats and assess their ensuing impacts. A BCM framework (see Figure 2), comprising the selection of appropriate strategy and action plan, should be established to tackle these threats. BCM needs to address issues and concerns in six broad areas in the following order:
| Risk analysis and review |
The threats to an organisation can be identified via a risk analysis and review of its internal operations and external operating environment. |
| Business impact analysis |
The potential impact of these threats on an organisation and its ability to continue business operations and service can be obtained by conducting a business impact analysis. This would include, where possible, the loss impact from both a number of days of business disruption and a financial standpoint. |
| Strategy |
The organisation would determine the appropriate strategy (ies) to safeguard its interests. These strategies can be preventive or pre-emptive in nature. |
| Business continuity plan |
A detailed business continuity plan should be formulated to specify the resources and capabilities required of the organisation to prepare, respond and recover from potential threats. |
| Tests and exercises |
An established BC plan shall be subject to verifcation via tests and exercises. These seek to highlight errors/omissions and verify if the resources committed are accessible, available and adequate for efficient and effective recovery. It also verifies if the staff is familiar with recovery procedures, and whether the BC plan meets its recovery objectives. |
| Programme management |
The organisation shall demonstrate commitment in maintaining the currency of its plan through regular and systematic review of its risks and business impacts, re-aligning its BCM strategies and re-validating its BC plan(s) on a continuous basis1. BCM should become an integral part of the organisation's operations and culture. Ownership of BCM becomes embedded in individual business units where potential BCM risks exist. |
1 Tests and Exercises serve to verify if the BC plan can be carried out without errors or omissions. Programme Management serves to validate the capability of the BC plan to fulfill the plan's objectives. Validation aims to uncover flaws in the plan design, for example inaccuracies and incompleteness of the design of the plan.
b) BCM components
BCM is an ongoing management process essential to safeguard the interests of key stakeholders, and the reputation, brand and value-creating activities. This process can be examined from two standpoints specifically:
- impact of issues and concerns arising from each BCM area: and
- required direction and support to implement and sustain BCM efforts.
BCM can be examined in terms of the following four components:
| Policies |
Senior management must stipulate policies to guide BCM efforts by the staff. The policies should set out the organisation's aims, principles and approach specifying what is to be achieved or delivered, and shall serve as the rationale and support for all BCM areas. In addition, policies provide the rationale for establishing the processes, people and infrastructure to support BCM on an ongoing basis. |
| Processes |
The set of activities with defined outcomes, deliverables and evaluation criteria to attain the objectives of the BCM policies. They include formal change control and documentation processes. |
| People |
Participation from various business units should be established to oversee BCM efforts and the skill sets of participants are crucial to the success of BCM. The roles and responsibilities of staff involved in the organisation's BCM efforts should be clearly defined. |
| Infrastructure |
The organisation should allocate resources to support critical business functions against potential risk events. This invariably requires a good understanding and application of available technology and equipment, and physical facilities to respond to risk occurrences. |
Scope of the Standard
This Singapore Standard specifies the requirements for organisations intending to build competence, capacity, resilience and readiness to respond to and recover from events taht threaten to disrupt normal business operations and activities. It stipulates the requirements to attain and maintain readiness to deal with risks and risk events faced by organisations due to the nature of their businesses, external environment or regulatory requirements.
Back to Top
|
|