Smart About Risk  
Business Continuity Management

Business Continuity Management

Business continuity management ensures that an organization can recover quickly from a potential crisis (caused by process failures, system outages, etc.). The goal is to ensure that, in the event of a disruption to its key processes, the organization is able to restore those processes within a (defined) short period of time, at least to a (specified) minimum level.

Within BCM, the following areas require close attention:

  • Business Impact Analysis (BIA) process in which the following is evaluated:
    • importance of processes/activities for the company, and
    • consequences that may arise in the event of disruption of processes/activities;
  • internal strategies to minimize the impact of potential threats:
    • creation of Business Continuity Plans (BCP), their testing and related trainings;
    • enhancement of company's resilience to potential threats (precautionary measures);
  • in case of an accident, recovery of processes/activities according to BCP.
 
In connection with BCM, we can offer consultancy and services in the following areas:
 

Design/Revision of BCM Methodology

  • Description of basic principles of BCM
  • Description of BIA process
  • Design of management and regular monitoring of BCM processes
  • Description of BCP plans
  • Design of information and training mechanisms
  • Definition of roles and responsibilities, and description of the control framework
 

Assistance in Identifying Potential Threats and Estimating Their Impacts on Processes/Activities (BIA)

  • Identification of crisis situations based on:
    • internal assessment of risks and incidents that have occurred recently
    • situations that have taken place in institutions of similar focus and size within relevant historical context
  • Developing a BIA methodology (to serve as a manual for business impact analysis)
  • Assessment of the significance of processes/activities in the company’s operations
  • Estimation of the impacts of disruptions to specific processes/activities
  • Identification of key processes/activities
  • Identification of resources necessary for the operation of key processes/activities
  • Establishment of the risk assessment system
    • proposal of rules for risk identification (choice of an appropriate method and description of its principles)
    • proposal of rules and principles for risk assessment (impact assessment and frequency of identified risks, overall risk assessment)
    • risk catalogue creation
  • Establishment of a system for collecting relevant external events (e.g., processing of related press releases)
  • Determination of
    • Maximum Tolerable Period of Disruption (MTPD)
    • Recovery Time Objectives (RTO)
    • Level of Business Continuity (LBC)
  • Design of a strategy to minimize the impact of crisis situations on key processes/activities
  • Design of documents necessary for:
    • development and documentation of the BIA (quantitative and qualitative identification of the impacts of business interruptions or the loss of individual resources/processes)
    • development of a catalogue of assets
 

Design/Revision/Testing of BCP

ARM can assist you in creating or designing:

  • implementation methodology including methodology for IT systems recovery and IT services continuity (Disaster Recovery Plans, DRP),
  • scenarios of undesirable events for the purpose of defining individual BCPs,
  • template documents necessary for:
    • documentation of individual BCP,
    • BCP testing and recording the result of testing,
    • recording requirements for backup resources/locations,
    • BCP assessment, 
    • related reporting on deficiencies (including a template for proposing corrective actions);

and also with:

  • selecting appropriate test types for BCP verification,
  • reviewing and testing of created scenarios and developed methodologies,
  • describing responses to crisis situations and methods of incident management,
  • designing procedures for risk management of external suppliers (outsourcing) and third parties.
 

Assessment of BCM Methodology Compliance with Regulatory Requirements

  • Review of existing methodologies and assessment of their compliance with regulatory requirements and standards
  • Recommendations for possible corrective actions
  • Verification of the interconnection of BCM processes with the risk management system and the company's management system
  • Verification of mutual consistency of internal regulations and logical correctness
 
[Back]