Business Continuity Management
What is Business Continuity Management (BCM)
It examines what the impacts of those threats are if they are realized, on the organization and provides a framework to ensure organizational resilience with built-in capabilities, prepared to effectively safeguard the interests of stakeholders, brand reputation, and other value-defined activities.
- Emergency Response,
- Crisis Management,
- Disaster Recovery (technology continuity) and
- Business Continuity (organizational/operational relocation).
BCM involves the creation and validation of business continuity plans (BCPs) to ensure your organization is capable to respond to and recover from potential threats as efficiently and effectively as possible.
Maintaining BCM ensures an acceptable level of service throughout a disruptive incident that helps to preserve corporate reputation, and ultimately, revenue.
By demonstrating that effective business continuity measures are in place, can impact an organizations insurance premiums and provide new contract opportunities.
USE CASE: BCM / BIA
Proactive compliance
Create portable process manuals / BCPs
Ensure transparency
Implement standard methodologies
Encourage collaboration
Manage workflow
Business Continuity Management (BCM)
Process Management
Key Features:
- Analysis – The goal is to gain an understanding of how things are done and if the results are aligning with the business expectations.
- Definition – Involves scoping, prioritizing, and mapping business processes.
- Monitoring – Key performance indicators need to be established (often in the process definition phase) so metrics can be tracked against them.
- Optimization – Using process management tools in identifying process bottlenecks, resource issues, etc. and finding ways to improve the process on a regular basis.
Role and Asset Management
By using the RASCI-VS matrix to assign responsibilities, individuals can better understand what is expected from them and see which assets have been made available to them. This will increase employee accountability.
Key Features
- Recurrent Notifications
- Process Subscriptions
- Read Confirmations
- Automated revision cycles
Business Impact Analysis (BIA)
The full scope of BIA covers much more than that and can be extended to include any of your own attributes. EPC supports User-defined attributes (UDAs) that can be used to extend any module.
Key Features:
- Keys Processes – Documenting processes and procedures are required to ensure the fully operational functioning of the organization in case of disaster.
- Systems & Assets – This includes physical equipment such as laptops but also hardware such as server.
- Documents – Maintaining an archive of your most important documents in an easily retrievable and secure spot is a sure way to ensure business continuity
- Applications – Key applications may include your CRM, ERP, or other systems that are critical in the continuity of your operations
- Key Controls and Regulatory Requirements – Risk mitigation strategy can permeate through your policies and procedures.
- Enterprise Risk Management – Risk policy, identification, assessment, treatment.
- Direct Financial impact – business revenue losses
- In-direct Financial impact – reputation, market share
- Disaster types – natural (e.g. fire, flood, earthquake, tornado) financial, technology security, medical (e.g. pandemic)
Business Continuity Planning (BCP)
From minor to catastrophic, business are prone to a variety of potential disasters. Business continuity planning’s purpose involves assisting company’s to continue to operate in the event of major disasters (fire, flood, financial or system breach, pandemic etc.). BCPs are not the same as disaster recovery plans (DRPs). A DRP is focused on IT systems recovery after a crisis only, while a BCP involves addressing disaster loss mitigation and recovery for the entire organization.
Key Features:
Risks and potential business impact
Planning an effective response
Roles and responsibilities
- Communication plan in terms of continuity
- Identifying set of action items
- Prioritizing processes and assets
BCPs and Disaster Recovery Plans: Simulation and Execution
These simulations will involve running a wide variety of disaster scenarios potentially possible in each location. The goal is to restart the technologies necessary to maintain business operations quickly and effectively. This process will also determine if staffing levels will meet the DR plan’s proper execution.
Disaster recovery simulation and execution checklist
- Run simulation of your continuity and recovery plans
- Run multi-factor scenarios
- Activate relevant actions based on the scenarios, systems & stakeholders affected
- Filter your executable actions per Disaster type, Locations and /or Categories
- Notify relevant stakeholders of actions that will be taken during the execution (or simulation)
- Automatically collect all results for the simulation or execution
Action Item Management
Action items are usually created during a discussion by a group of people who are meeting about one or more topics and during the discussion it is discovered that some kind of action is needed. The act required is then documented as an action item and usually assigned to someone, usually a member of the group. The person to whom the action is assigned is then obligated to perform the action and report back to the group on the results.
Key Features:
- Designate the set of actions necessary for your recovery and continuity plans
- Identify clear ownership to any actions to automatically notify the right owners in case of execution
- Assign relevant applicability for your actions per Disaster type, Locations and /or Categories
- For DR actions, you can track RTO, and RPO on your DR actions as well
Mass Notification Management
Key Features:
- Choose to Notify Groups, Users, Roles
- In-App Notification
- Email Notification
- SMS Notification
Risk Management
Key Features:
- Detailed risk library including identifier, description, type, category, responsible resources (via RASCI-VS)
- Customizable risk matrices including risk likelihood, impact, score, percentage, color and priority
- Import/export risk details via Excel
- End-to end process visibility associated with risks
- Filter, search, & report risks by attributes
- Reusable risks & controls
- Trigger CAPA based on process & task risk analysis
- View the cause & effect of risks to track critical risk information; risk managers analyze and prioritize risk mitigation
- Extended risk editing (gross risk per process, net risk per control on process, specific controls per process, override roll-up calculation per process)
- Detect a risk’s occurrence; automated risk roll-up algorithm for risk scoring
- Residual risk provides realistic view of potential impact
- Risk matrix visualizes 5 different levels of risks residing in processes
Control Management: Risk Mitigation Strategies
Key Features:
- Monitor controls through audits
- Recurrent audit scheduling
- Implement CAPAs based on test results
- COSO Cube ERM framework
- General analysis, critical path analysis & high-risk path analysis generated in a dynamic manner
- General controls and risks report & custom report
- Reusable key risk & control indicators (KRIs, KCIs) for more than one source
- Target threshold setting for continuous improvement
Documents & Records Management
Teams dispersed geographically, are now able to connect, collaborate, co-author, proof-read, revise, comment and sign documents – all done electronically and securely within the system. Auto email notifications and read receipts support the systems expediting distribution process throughout the organization. Automatic document retention, printing, periodic reviews, and archiving are all in full compliance and controlled using USFDA 21 CFR part 11 encryption, making audits and quality inspections worry free.
Additionally, your BCM solution provides the secure storage, and management required to maintain accurate and up-to-date Business Continuity Plans that are electronically approved using eSignature; with all documents being downloadable as files.
Key Features:
- Adding new Documents
- Unique IDs and tags by document
- Version control by document
- Archive, move and delete existing documents
- Structure document in a hierarchy, folders
- Creates templates for Records and ability to reuse the workflow template
- Audit log / trail on changes to metadata
- Workflow for approvals, reviews
- Electronic signature on approvals
- Delegation on reviews, approvals
- Notifications, emails for workflows
- System check for publications and approvals
- Collaborate and raise change requests
- Multi-lingual support – UI, Metadata translation suggestions & Documents
Powerful Doc Search by:
- Document Name
- Document ID
- Organizational Unit
- Full Text
- Meta data (Type, Categories, Attributes)
- Filterable columns
- Last modified data
- Last modified by
- Any user-defined attributes (UDAs)
Business Continuity:Management and Compliance
We understand that the requirements placed on organizations in terms of compliance are very high and that ISO9000, ISO13845, ISO17025, ISO27001, and SOC 2 for example, is an essential part of that program. By using our Integrated Management System BCM solutions, your company gains the preparedness, accountability and consistency that will give you a cutting edge over your competition.
Our tools ensure full visibility and tracking from end-to-end, all the way from the creation and amendment of a regulation to the approval and revision of the content through to the update and retraining of employees for standard operating procedures (SOPs). We see the full lifecycle management as moving parts of a complete ecosystem providing a unique approach that combines regulatory requirements, documents, processes, work instructions, and governance.
International standard that specifies requirements for a QMS. It is the most popular standard in the ISO 9000 series and the only standard in the series to which organizations can certify.
First published in 1987 by the International Organization for Standardization (ISO). The current version of ISO 9001 was released in September 2015.
In short, ISO 13485 is an internationally recognized standard that the following countries have adopted: Europe, Canada, Australia and other markets. Excluding Canada, the application of ISO 13485 is not a requirement but is the de facto standard in use today as a measurement of full QMS compliance set forth on medical device regulations.
ISO/IEC 17025 defines the general requirements for competence in testing and calibration for all laboratories. For testing and calibration laboratories, this is the definitive ISO standard.
On many occasions, regulatory authorities and suppliers will not accept test or calibration results from a lab that runs independent of any accreditation oversight. This is where ISO/IEC 17025 (originally known as ISO/ISO/IEC 17025 Guide 25) comes into play.
ISO 27000 is a series of standards that were designed to safeguard organizations’ information assets. ISO 27000 also gives an overview of an Information Security Management System (ISMS), defining and describing the logically organized set of processes that guide organizations to align their business goals and objectives with their information security.
Lesser known as the longer version, “Systems and Organizations Controls 2”, SOC 2 (or SOC II) is a framework used to assist companies demonstrate security controls that are in place to protect customer data in the cloud. These controls became known as the Trust Services Principles: Security, Availability, Processing Integrity, Confidentiality, and lastly Privacy.
Other countries will have their own criteria to meet nuanced QMS requirements. For example while both Brazil and Japan have their own requirements, they are both based on existing US FDA QSR and ISO 13485 standards.
On a positive note, these standards achieve harmonized quality management requirements to meet US, Canadian, European and all other QMS standards in effect.
The US FDA QSR (also known as 21 CFR Part 820) was introduced prior to ISO 13485. All medical device companies in the US are required to meet this standard for national distribution but must comply with both regulations in order to distribute devices internationally. US FDA QSR must also be met by international companies wanting to do business with US customers.
As part of our ongoing commitment to compliance and ensuring that our clients meet their regulatory requirements, we are always on the lookout for ways to help our clients attain and maintain full compliance. Interfacing is ISO 27001 certified and we are partnering with Amazon Web Services (AWS) for cloud-hosting since their commitment to compliance is proven, with global data centers compliance to SOC 1 Type II and ISO 27001. For more information on AWS compliance for ISO 18345, FDA QSR and GxP, please refer to their compliance program.
Why Interfacing?
To explore further or discuss how Interfacing can assist your organization, please complete the form below.
Gain Transparency with the Enterprise Process Center®
Interfacing’s Digital Twin Organization software provides the transparency and Governance to improve Quality, Efficiency and ensure Regulatory Compliance.
Read Our Blogs
Take a moment to read blogs about GXP, Regulatory Compliance, today’s trends, and much much more!
Discover how your organization benefits from an Interfacing Business Continuity Management focused solution.
A key differentiator of Interfacing to other digital and business transformation consulting firms is that Interfacing offers its own innovative technology solution in support of transformation programs. Interfacing’s BCM supported solutions deliver the transparency required to reduce complexity, improve execution and facilitates agility and change.
Interfacing’s flagship integrated management system solution is a one-stop-shop for managing transformation programs. We know it’s a very competitive environment out there. It is for that reason our strength is in our commitment to maintain flexibility throughout the project lifecycle whether it is in our innovative products or in our team of experts.