If you want proof that it’s worth investing in a business continuity management system (BCMS), ask an organisation that’s had one in place for a few years. They will tell you that, once your BCMS has matured, it will form an essential part of your cyber security posture.
The Business Continuity Institute’s Horizon Scan Report 2018 found that 44% of respondents have had a BCMS for more than five years, and of those, 86% are planning to maintain or increase their investment levels in 2018. By contrast, only 71% of organisations that have had a BCMS for less than five years said they would do the same.
Investing in a BCMS
The thought of having to spend more money each year might be concerning, but this overlooks the way in which a BCMS works. The additional spending is a result of identifying new areas that a BCMS could help with. For example, an organisation might expand the number of threats its BCMS covers or add processes to improve remediation.
This suggests that organisations only expand the scope of the system when it’s proven to be effective, which makes sense – trying to cover every aspect of business continuity from the outset would require a huge investment, and it would be hard to monitor the success of every process.
However, this doesn’t mean that organisations should go into their implementation project blind. ISO 22301, the international standard that describes best practice for a BCMS, outlines measures that organisations can be confident will work. Implementing an ISO 22301-compliant BCMS can be tricky, particularly if you don’t have in-depth knowledge of the Standard. You might therefore benefit from our ISO22301 BCMS Documentation Toolkit, which includes templates and advice to help you document your BCMS compliance measures.
How does our toolkit help?
Our toolkit was designed and developed by experienced business continuity consultants, and enables you to:
- View ISO 22301-compliant documentation;
- Embed the documentation in your organisation quickly and easily; and
- Mitigate the effects of unplanned business disruptions, and develop plans to cope with incidents.
It also includes professional guidance and advice, which helps you become your own expert while also saving time and money.