Friday, 31 October 2014
Resource-based contingency planning – an alternative approach to ISO22301 certification
Those who are practitioners in the profession may have already realized that the theoretical strategies and tactics as outlined by the BCM Lifecycle approach may not always meet the needs and possibilities of an organization seeking to implement BCM. The business impact analysis for instance needs processes, since it aims to operationalize the damage because of failed process. But, which organization does have a complete and operationalized process document which allows it to just sum up losses and damages along process chains? And, how can the BCM organization define the so-called BCM-Strategies when they haven’t even asked the business what they think they need as workarounds to cover a resource which was lost or damaged because of some crisis situation?
Here we already have the word, what this presentation is about: Resources. What I do call resource-based contingency planning is actually not just contingency planning, but part of a new approach to business continuity, which offers an alternative to the BCM Lifecycle. In the first part of the presentation, I will briefly introduce this system, which covers all parts of what we know is demanded by the BCM Lifecycle, however in a quite different sequence and with partly completely different methods and tools, and which addresses all controls of the ISO22301 standard.
In the few minutes I have for the presentation, I cannot go through the complete methodology what I call resource-based business continuity. I only show a core part of it, one of the 15 deliverables and work objects of a business continuity management system – the business continuity plan, the probably most important one of five different plan types which need to be created for a complete BCMS (the others being the disaster recovery plans, the emergency and rescue plans, the crisis communication plan and the crisis management plan).
The most astonishing part of these BCPs may be the inclusion of a risk assessment as a part of this plan. The risk assessment, being a core element of ISO22301 requirements, is no longer a work package of its own, but an integral part of contingency planning. The reasons for this, and why this makes much more sense than to emulate the work of a risk manager prior to actually planning for catastrophes, will be given in my presentation. The same by the way, is true for the identification of critical suppliers and clients, which also is done in the course of discussing and deciding on a workaround in the case of the loss of a critical resource.
However, in the title of my presentation, you find the most important difference between the BCM Lifecycle approach to business continuity compared to what I am doing. Where the lifecycle’s objective and basis of action and contingency planning is the business process, in my world it is the resource. One does not need the availability of documented and operationalized business processes to implement a BCMS, but only knowledge about what resources an organization has. And, differently from processes, this bit of information is most often readily available, and if not, can be created without much work.
With the presentation, I will provide a view into a core part of an alternative approach to ISO22301 certification, which delivers some novel ideas how to structure a contingency plan, how to identify critical clients and suppliers, and how to identify and assess operational risks. And if you pay attention, you might get an idea, why this approach to implement business continuity allows for applying for certification some six months after start of the project already, and why this approach reduces the cost of BCM between 50% and 80%.
Rainer Hubert will be discussing ISO22301 further on day two of the BCI World Conference and Exhibition on Thursday 6th November. You will find him in seminar room 1 starting at 13.10.
- Resource-based contingency planning – an alternati...
- Becoming certified to ISO22301 - what NOT to do! (...
- Developing simple recovery plans for key processes...
- A case study of the integration of ERM and BCM as ...
- Business continuity: human resources as powerbroke...
- Business continuity and information security – a g...
- Genoa: The city where maths kills people
- Business continuity vs risk management
- Deriving X factors to support your BCM programme
- Design and implementation of a business continuity...
- ISO22301 certification at the UK's Houses of Parli...
- Think you're an expert in business continuity?
- ▼ October (12)
- ► 2013 (59)