Business Continuity Assessments

BCMS Current State Assessment

1: BCMS Current State Assessment

“Companies that aren't able to resume operations within ten days (of a disaster hit) are not likely to survive.
(Strategic Research Institute)”
1. Overview

Business Continuity Health check and Current State Assessment by Seven Step Consulting Business Continuity Services   will help you identify where your organization is vulnerable and give you practical advice on how you can be prepared for any disruption.

It will also give an objective view of the current state of business continuity within the organization for:

  1. Determining the key business continuity objectives for their key business processes performance
  2. Take into consideration the mission and vision of the company, strategic goals, project portfolio, services, products, partnerships, and external relationships
  3. The organization’s current business continuity structure, roles and responsibilities, policies and risks
  4. The current IT environment including hardware, software applications, local area network
  5. Audit of current gaps with respect to the best practices for an information business continuity management system as laid down by BCM standards such as ISO 22301, ISO 22317 and NCEMA 7000 (in the UAE), FFIEC, BCI Good Practices, and NFPA 1600.
  6. Find out if there are any requirements from federal or international bodies, state authorities, or industry-specific regulations that your firm will need to adhere to.
2. Approach

The assignment is a preliminary consultancy and assessment service aimed at smaller organisations that can be delivered onsite /online.

It follows a risk-based approach for evaluating the effectiveness of an organization’s business continuity plans in line with the international business continuity management Standards such as ISO 22301, ISO 22317 and NCEMA 7000 (in the UAE) FFIEC, BCI Good Practices, and NFPA 1600.

3. Deliverables

The key deliverable of your BCMS Health Check by Seven Step Consulting Business Continuity Services is detailed report for your leadership team. It sets out in detail an evaluation and an audit of the following areas

  1. Your current business continuity risk environment
  2. Your current business continuity management programme
  3. Gap analysis of your BCM arrangements in relation to ISO 22301 and NCEMA 7000 (in the UAE)
  4. Provide your organization a prioritized strategic roadmap of recommended activities and solutions aimed at meeting internationally recognized best practices and key steps for improvement in your business continuity management (BCM) arrangements.

We will give your organization details of recommended actions, resources and support that must be developed as part of the overall business continuity architecture to help your management team develop an overall Business Continuity Management System that can be certified by a third-party auditor.

4. Benefits

Your BCMS Current State Assessment (sometimes called current state analysis) is the first step in getting where you want to go.

Knowing where you are today gives you a clear picture of how far away your goal is and lets you begin planning a path to get there. It builds a solid foundation for the strategy that will drive your organization towards their goal of effective BCMS. To some our approach may seem “old school,” but time and time again it’s proven to be an investment that pays off many times over.

Listed below are some of the primary benefits of a current state analysis.

  1. To establish the baseline against which to benchmark the organization
  2. To collect baseline data as the input for a gap analysis
  3. To help establish the organization’s maturity level relative to a selected best practice
  4. To help the stakeholders make an informed decision

2: Business Impact Analysis

“41% of CEOs, risk managers and other industry experts cite business interruption as their biggest risk.”
— Allianz Risk Barometer 2021

Business Impact Analysis is Key to Business Continuity!  Without the BIA, creating the rest of the plan would be best-guess or simply random. Has your company done a thorough Business Impact Analysis?

1. Overview

A Business Impact Analysis (BIA) is a process that allows us to identify critical business functions and predict the consequences a disruption of one of those functions would have.

Gartner defines “A business impact analysis (BIA) is the process of determining the criticality of business activities and associated resource requirements to ensure operational resilience and continuity of operations during and after a business disruption. The BIA quantifies the impacts of disruptions on service delivery, risks to service delivery, and recovery time objectives (RTOs) and recovery point objectives (RPOs). These recovery requirements are then used to develop strategies, solutions and plans.”

ISO 22317 is the first and the only standard which solely addresses analysis of impacts of disruption to determine resumption priorities. It is designed to complement ISO 22301; nonetheless, it can be used as a stand-alone standard.

By conducting a comprehensive Business Impact Analysis, your organization will ascertain the scope of your business continuity program, determine your contractual, legal, and regulatory obligations, give clarity on business continuity strategy and encompass preliminary plan content.

2. Approach

At Seven Step Consulting we believe that a solid business impact analysis (BIA) is the vital first step key to starting your business continuity program right.

Our clients will tell you we provide the best results for getting your business impact analysis right the first time using the guidelines for business impact analysis (BIA) provided by ISO 22317. Our experts will help your organization to establish, implement, and maintain a formal and documented business impact analysis (BIA) process and demystify the same.

Seven Step Consulting experts will help

  1. Identify activities supporting how a business provides products and services
  2. Assess how not performing those products and services over time will impact the organization including financial, legal, regulatory and reputational impacts both direct and indirect.
  3. Plan and set priorities and timeframes for business resumption at a minimum acceptable level
  4. Estimate the resources required for resumption.
  5. Identify the connection and dependencies between supporting resources for the impacted value of BIA
3. Benefits

Stated another way, the value of our BIA is that it ensures the most cost-effective strategies by focusing on the correct business continuity requirements. Moreover, BIA provides evidence to company managers that business continuity aligns with organizational objectives and strategies.

  1. Helps achieve a better understanding and determination of the actual business impact of multiple disruptive scenarios.
  2. Helps identify interdependencies between key business processes.
  3. Improvements in interface between departments and groups along with a better understanding of their role within the organization.
  4. Identifications of key IT functions, often with critical business dependency and a better understanding of the nature and complexity (or lack thereof) of the IT and recovery processes.
  5. Develops an understanding of actual applications and systems used being used in the company along with a better understanding of their importance.
  6. Gaps in IT recovery and business availably/recovery requirements are eliminated.
  7. Identification of potential issues or gaps in regulatory compliance and reduction of potential fines related to regulatory requirements.
4. Deliverables

Some key outcomes of the business impact analysis (BIA) are

  1. Gather information needed to develop recovery strategies and limit the potential loss.
  2. Assess the risks of a disaster on the organization.
  3. Allow for each department within your organization to explain and discuss how an unexpected event would affect their business function.
  4. Prioritize specific functions through the use of Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

3: Continuity Risk Assessment

“60 percent of companies that lose their data will shut down within 6 months of the disaster.”
National Archives & Records Administration - Washington

“The coronavirus pandemic is a reminder that risk management and business continuity management need to further evolve in order to help businesses prepare for, and survive, extreme events.”

— Joachim Müller, CEO of Allianz Global Corporate & Specialty SE (AGCS)

Does your organization know the risks of its non -preparedness?

Business Continuity Risk Assessment by Seven Step Consulting Business Continuity Services   will help you identify where your organization is vulnerable and give you practical advice on how you can be prepared for any disruption.

Risk Assessment is the overall process of risk identification, risk analysis and risk evaluation. The main purpose of this analysis is the identification and the assessment of all the threats that could affect the critical elements of the BCMS. The Risk Analysis process includes

  1. Review the criteria existent for risk tolerance and risk appetite.
  2. Identification of the different stakeholders and regulations (or legal implications) that can apply to the organization regarding the continuity of their services and products
  3. Identification of threats, evaluation of the likelihood and impact of these threats, application of countermeasure to avoid, handle or mitigate the risks,
  4. Identify and prioritise potential business risks and disruptions based on severity and likelihood of occurrence. and finally
  5. Actions in order to monitor and review that the controls are in place and the protected assets are safe.

The key deliverable of your BCMS Risk Assessment by Seven Step Consulting Business Continuity Services   is detailed report for your leadership team. It sets out in detail an evaluation and an audit of the following areas

  • Identifying and Evaluating of your company’s risks and exposures
  • Assessment of the potential impact of various business disruption scenarios
  • Determination of the most likely threat scenarios
  • Assessment of telecommunication recovery options and communication plans
  • Prioritize with your company’s Senior Management which risks they will actively address;
  • Prioritization of actions to address them and development of a roadmap of BCMS implementation.
“On average, an infrastructure failure can cost $100,000 an hour and a critical application failure can cost $500,000 to $1 million per hour.” - IDC