Our approach to business continuity management
Contingensee’s proven Business Continuity Management methodology encompasses the following elements:
Risk Mapping and understanding an organization's risk appetite
- How much risk is the organization authorized and willing to take?
- How much pain is the organization willing to endure?
- Who gets to make the decisions?
Threat Risk Assessment (TRA), Risk Assessment (RA), Vulnerability Assessment (VA) or Privacy Impact Assessment (PIA)
- Understand the threats and vulnerabilities that affect the organization.
- Provides scope and perspective to planning activities.
Business Impact Analysis
- Dependencies
- Inputs
- Actions
- Outputs
- Consumers
- Cost of disruptions (pain)
- RTOs, RPOs and ROLs
Mitigation and recovery strategy development
- Resilience in design
- Recovery strategies and steps
- Technological strategies
- Mitigation
- Pre-positioning of resources
- Contracts and SLAs for recovery and restoration services
Business Continuity and Disaster Recovery Plans
- Write the plans so they are easy to follow, even with replacement employees.
- Ensure the plans are accessible when they are needed, and by the people who need them.
Employee training
- All personnel must know what is expected of them before, during and at the time of disruption.
- They must know how, where and when to execute specific tasks.
Exercising
- No plan is complete until it has been exercised and proven fit for purpose.
- "Successful" exercises find strategies that fail as well as those that work.
Refresh and update to ensure currency and applicability
- The BCM program must participate in and be an integral part of the organization's change management process.
- The interval of refresh should support the organization's risk appetite.
- Some changes may be reflected in the plans immediately as they occur. Other changes will be captured as part of a regular refresh and update program.
- Implement self-review and create a link to the organization's internal audit and review processes.