Crisis Management and Business Continuity Management

Business Continuity refers to an organisation’s ability to continue to deliver products and services within an acceptable timeframe and at a predefined capacity, during a disruption (“An anticipated or unanticipated incident that results in an unplanned negative deviation from the planned delivery of products and services according to an organisation’s objectives”).

This long and precise definition, inherited from the new ISO 22301 standard, clearly underpins the importance of the challenge for companies, whatever their size or field of activity, to integrate into their Management System the proactive and possibly reactive management of major crises of all types that they may face at any time.

Examples of such major crises include the death of an employee on site, a major fire or pollution incident, a manufacturing stoppage by a key supplier, a long-term breakdown in the production management system, etc.

This is why a Business Continuity Management System (BCMS) offers a number of advantages:

• Implementation of preventive solutions to reduce vulnerability to potential incidents and increase the resilience and robustness of normal operations.
• More effective responses to incidents in order to :
  • • Protect the lives of employees;
    • Protect company assets and limit material and financial losses;
    • Ensure the continuation of essential activities, thereby preserving income and facilitating a return to normal;
    • Preserve the company’s reputation.
• Highlighting the image of a responsible company (“CSR” impact) to employees, customers, shareholders, investors, banks and insurers.
• Compliance with the expectations of specific customers who may require a formalised Business Continuity Plan (BCP).
• Compliance with sector-specific requirements such as EN9100 and IATF 16949…

Business Continuity Management is a systematic process that includes the following phases:

• • Identification of the priority activities that support the delivery of products and services and assessment of the risks of disruption;
  • Assessment of the impact over time of the disruption to these activities (using ISO 31000 – Risk management);
  • Identification of the period beyond which the impact of not resuming these activities would become unacceptable;
  • Determination of the resources and dependencies (internal and external) needed to support priority activities;
  • Identification and selection of business continuity strategies that take into account options for managing before, during and after a disruption. Business continuity strategies must include one or more solutions, with provision for the necessary resources (people, data and information systems, infrastructure, partnerships, funding, etc.);
  • Establishment of plans and procedures (including the “BCP”) for managing the organisation during a disruption (including communication aspects). Plans and procedures must be used when necessary to activate business continuity solutions;
  • Implement and maintain a programme of exercises and tests to validate the effectiveness of its business continuity strategies and solutions over time;
  • Finally, where appropriate, establishing and integrating feedback for the future following an actual major crisis.

Training course No. 223 “ISO 22301 – Business Continuity Management System” will enable you to go into the details of these best practices in a very practical way, so that you can build and/or integrate a Continuity Management System that is both effective and sustainable.