why bcm
Why Business Continuity Management?
Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and value creating activities.

External Drivers
• Pressure from audit committees
• Pressure from financial institutions
• Pandemic concern
• New threats &risks since 9/11
• Demands from customers
• Cost of insurance/takaful
• Perceived as competitive edge
• Reliance on third parties (supply chain)
• Increased regulator and self-regulated requirements
Effects
• Loss of customers or inability to attract new customers
• Loss of revenue / market share
• Decrease in stock value
• Increase of insurance premiums/takaful contributions
• Loss of assets and employees
• Regulatory sanctions
• Downgrading of debt securities or corporate ratings
• Access to inter-bank liquidity declines
• Loss of confidence by foreign investors and potential investors
• Default on financial commitments and contracts
ISO 22301
vs
DRI INTERNATIONAL
10 PROFESSIONAL PRACTICES
CLICK TO SHOW MORE  

ISO 22301

1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information
8. Operation
8.1 Operational planning and control
8.2 Business impact analysis and risk assessment
8.3 Business continuity strategy
8.4 Establish and implement business continuity procedures
8.4.1 General
8.4.2 Incident response structure
8.4.3 Warning and communication
8.4.4 Business continuity plans
8.4.5 Recovery
9. Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.2.2 Evaluation of business continuity procedures
9.2 Internal Audit
9.3 Management review
10. Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
CLICK TO SHOW MORE  

DRI INTERNATIONAL
10 PROFESSIONAL PRACTICES

1. Program Initiation and Management
2. Risk Assessment
3. Business Impact Analysis
4. Business Continuity Strategies
5. Incident Response
2. Risk Assessment
3. Business Impact Analysis
6. Plan Development and Implementation
7. Awareness and Training Programs
8. Business Continuity Plan Exercise, Assessment, and Maintenance
9. Crisis Communications
10. Coordination with External Agencies
CLICK TO SHOW MORE  

international glossary for resilience

PROFESSIONAL PRACTICE SUBJECT AREA OVERVIEW
Program Initiation and Management

• Establish the need for a business continuity program.

• Obtain support and funding for the business continuity program.

• Build the organizational framework to support the business continuity program.

• Introduce key concepts, such as program management, risk awareness, identification of critical functions/processes, recovery strategies, training and awareness, and exercising/testing.

01
Risk Assessment

• Identify risks that can adversely affect an entity’s resources or image.

• Assess risks to determine the potential impacts to the entity, enabling the entity to determine the most effective use of resources to reduce these potential impacts.

02
Business Impact Analysis

• Identify and prioritize the entity’s functions and processes in order to ascertain which ones will have the greatest impact should they not be available.

• Assess the resources required to support the business impact analysis process.

• Analyze the findings to ascertain any gaps between the entity’s requirements and its ability to deliver those requirements.

03
Business Continuity Strategies

• Select cost-effective strategies to reduce deficiencies as identified during the risk assessment and business impact analysis processes.

04
Incident Response

• Develop and assist with the implementation of an incident management system that defines organizational roles, lines of authority and succession of authority.

• Define requirements to develop and implement the entity’s incident response plan.

• Ensure that incident response is coordinated with outside organizations in a timely and effective manner when appropriate.

05
Plan Development and Implementation

• Document plans to be used during an incident that will enable the entity to continue to function.

06
Awareness and Training Programs

• Establish and maintain training and awareness programs that result in personnel being able to respond to incidents in a calm and efficient manner.

07
Business Continuity Plan Exercise, Assessment, and Maintenance

• Establish an exercise, assessment and maintenance program to maintain a state of readiness.

08
Crisis Communications

• Provide a framework for developing a crisis communications plan.

• Ensure that the crisis communications plan will provide for timely, effective communication with internal and external parties.

09
Coordination with External Agencies

• Establish policies and procedures to coordinate incident response activities with public entities.

10