Increasingly businesses are seeing the value in BCM but what impact will another standard have on risk management within the UK
There are many things which can cause disruption to business, ranging from relatively frequent occurrences such as staff sickness and IT downtime, to major disturbances such as natural disasters or terrorist attacks.
Many of these incidents have the potential to cause problems in the delivery of products and services or, in extreme cases, a failure to deliver at all. By adopting business continuity management (BCM), many organizations hope to better equip themselves to meet the challenges they face when a disruption occurs. Others, including most SMEs, do not see the requirement for formal BCM and will not put it in place unless there is pressure from regulators, insurers or business partners.
Events such as the floods of summer 2007, the 7/7 bombings and the Buncefield oil depot blaze have increased awareness of the possible fallout from a disaster. According to recently published figures from the British Standards Institute (BSI) 71% of FTSE 250 companies recognise the importance of BCM in staying competitive, a 10% increase over figures from the previous year.
Nevertheless, despite an increase in overall preparedness on last year, the survey finds that many businesses would be affected by disruption or disaster more quickly than in 2006. 58% said that their business would be seriously affected in under a day, compared with 46% in 2006.
Meanwhile, recent research carried out by the Confederation of British Industry showed that, despite the fact that 60 % of medium-sized firms currently use the internet in their supply chains, less than half of these have security to cope with online attacks or have a backup plan in place.
“In a fast moving business environment subject to multiple sources of risk, business continuity management is regarded by most boards as essential and today it is widely recognised as a core corporate governance issue. This is why the first British Standard for business continuity has been developed.
BSI Management Systems managing director, Flemming Norklit
Following on from their findings, BSI published BS 25999-2, a new standard, alleged to help organisations verify their BCM plans through independent certification. BSI said the standard provides a mechanism to ensure that organisations and their partners have appropriate BCM procedures in place.
This was tempered by Jamie Jameson of Link Associates, who said BS25999 would not fundamentally alter the risk management landscape within UK businesses: ‘BS25999 is not the only standard with which multi-national corporations and large businesses may wish to comply; indeed whole sectors of industry have developed their own guidelines of best practice as illustrated by the Financial Services Authority issuing its BCM guide in November 2006.’
According to figures from the BSI those companies already implementing British or international standards as a matter of course were found to be better prepared for disruption.
BSI Management Systems managing director, Flemming Norklit said: ‘In a fast moving business environment subject to multiple sources of risk, business continuity management is regarded by most boards as essential and today it is widely recognised as a core corporate governance issue.’
BSI figures also revealed that the pressure was on firms to implement standards, with 62% of businesses, compared with 46% in 2006, being required by customers to show that they have effective business continuity measure in place.
“BSI's in general are only taken up by a tiny fraction of organisations and it is probable that BSI 25999 will follow the trend.
Jamie Jameson of Link Associates
Added Jameson: ‘The commercial opportunity principally lies within the supply chain where certification should give a commercial advantage, when bidding for contracts from multi-nationals and government, over those companies who remain uncertified. In time certification could become a pre-requisite in certain industry sectors.’
Two UK companies were the first to have achieved certificates confirming compliance with BS 25999; these were awarded to TDG and SunGard Availability Services.
Simon Beesley of TDG, said that achieving the certification would give his company a competitive edge: ‘Our major clients such as supermarket retailers have long insisted that we prove we have solid plans in place to provide business continuity and thus assurance of supply. Now that we have BSI’s certificate, proving that fact is significantly easier.’ TDG will now be insisting its suppliers are certified.
BSI’s in general are only taken up by a tiny fraction of organisations and it is probable that BSI 25999 will follow the trend, concluded Jameson: ‘A 1% take-up across all businesses would be a huge success.’
Findings from the annual Business Barometer survey revealed an overall improvement in the preparedness of organisations.
The research found:
81% of FTSE companies would expect to last up to one week before feeling serious detrimental effects following disruption or disaster
Almost two thirds (63%) are very well prepared for serious IT failure (compared with 51% in 2006; 27% in 2005)
Half of businesses surveyed are fully prepared for a forced office relocation (41% in 2006; 15% in 2005)
Almost half (47%) are fully prepared for comprehensive supply chain failure (45% in 2006; 18% in 2005)
No comments yet