Risk has always been a part of business, whether it is related to investment in new technology or taking on board a new vendor. There is a risk factor in all daily decisions. Standards have been applied for a long time as a tool to reduce risk and assist better decision making. ISO 14001 helps companies deal with environmental risk, ISO 27001 offers companies a way to manage information security risk and ISO 9001 is all about quality.
London was the victim of terrorist attacks three years ago, hurricane Wilma and Katarina shook USA and tsunami devastated Indonesia. It seems that every month a new type of threat shows up. Today, companies need to start thinking about the swine flu as a threat to business continuity. Most recent news states that the flu virus may mutate into a drug resistant dangerous illness. So we have to hope for the best but be prepared for the worst. The H1N1 virus started a chain of events which greatly affected the world economy. Based on those facts it is not strange that risk management and business continuity are issues frequently seen in the media. Despite an increased awareness of these things, companies continue to expose themselves to unnecessary risk by not organizing protection for their information systems and preventing disruptions in their supply chain.
Surveys reveal a direct correlation between the level of implementation of information security standards within an organization and how prepared that organization is for dealing with security incidents. A survey conducted by British Standards Institution (BSI) found that 78% of companies that have implemented security standards feel they are ready for security attacks compared to 28% of e companies that have not implemented information security standards.
Additionally 71% of companies that have implemented information security standards feel they are ready to deal with incidents in their supply chain compared to 43% that have not implemented information security standards.
The same survey also revealed that many companies realize the benefits of implementing standards yet they don’t do anything about it. 87% of senior management acknowledged that with increased outsourcing, the importance of implementing information security standards increase as well. Such standards provide greater assurance that an outsourcing provider is operating at a certain level of quality.
Knowing this, it is difficult to understand the relaxed approach of companies who are not applying Information Security Standards. It is important to realize that business continuity plans are not limited to systems and information technology within the organization.
Business continuity deals with all aspects of the business, from staff to buildings and vendors. It also addresses legal reaction and communication in the aftermath of an incident.
It is in fact the holistic risk management that matters. Some say that risk management is a subsector in business continuity planning i.e. all risk means a threat to continuous business.
Not everybody agrees on that. There are many managerial and business issues (such as theft of intangible assets, delayed payments, and changes in plans) which belong to risk management in the broad spectrum, though not related to business continuity directly.
Risk management deals with the basic elements that make a business function. Plans on business continuity are an important factor in business. Through business continuity plans, companies strive to analyze what needs to be done before and after an incident occurs to ensure the safety of staff, property and systems. Plans on business continuity also shed light on the knowledge that is required to keep the business running, and to deal with issues regarding the company’s reputation.
Business continuity plans is a holistic managerial process which create an environment to protect the company from possible negative incidences. They are not limited to one division or a vendor but needs to be considered for the entire company. The key element in risk management is good business continuity plans that protect the business, its reputation, goodwill and trademarks.
Business continuity is a framework dealing with knowledge management, health, safety, crisis management and Public Relations.
There are many reasons why companies should start thinking about risk management and particularly business continuity plans. Corporate management is about demonstrating good risk management and thus good management practices. For companies listed on the stock market it is especially important to be prompt in establishing risk management practices. Successful business continuity management can bring enormous benefits to a company in such cases as when there is a need to verify responsibility to multiple parties. It can create goodwill, and increase a company’s chances of survival.
Read the rest of this entry »