An outline for an exercise, maintenance and review programme

The Business Continuity Institute Good Practice Guidelines 2013 states the purpose of the BCM Exercise, Maintenance and Review programme is to ensure that emergency management capability, “Reflects the nature, scale and complexity of the organization it supports and that it is current, accurate, and complete, and that actions are taken to continually improve organizational resilience.” (Business Continuity Institute Good Practice Guidelines 2013; p94)

Exercises

When exercises and tests are conducted it is usually accepted that a “No Fault” concept will apply under which exercise evaluation is intended only to identify systemic weaknesses and be used to suggest corrective actions that enhance will organisational resilience. Following exercises and tests, an after-action report should normally be completed where any corrective actions are identified and subsequently implemented. To avoid disruption to the organisation, it is important that all exercises should be planned, costed and approved. This will mean having in place a business case for each exercise in order that they do not cause a ‘real disaster’, ensure staff safety, and do not cost too much in time and resources than the benefits that can be accrued from carrying them out.

Maintenance

The maintenance part of the exercise programme would need to have included an after action plan which would follow on from a debrief session which would take place on completion of the exercise. A so-called “Hot debrief” would normally occur immediately after the end of the exercise and would be recorded by a member of the exercise support staff. Once obtained the comments would be used to create a report that would form the basis of lessons learnt and this would be shared to update the BCM Plan and advise on best practice.

Review

The BCM Programme then needs to be monitored by the organisation’s senior managers to ensure the continued delivery of its objectives otherwise there would be a danger that the BCM Programme could be weak and uncoordinated.  They will need to get information on performance to ascertain the resource requirements, costs, and schedules for key elements of the BCM programme and dealing with the associated risks. There also needs to be a process for regular evaluation of BCM Plans, and instructions on the frequency of, or criteria for, BCM evaluation.  A good way to obtain the information would be to capture it through key performance indicators (KPIs) which would be used to evaluate the effectiveness of the BCM Programme.

Examining the results of exercises and tests could be adopted as part of the company’s audit process so that senior management could get regular updates on the status of the BCM Programme. This would enable them to be kept abreast of changing circumstances and whether the organisation still has the capacity to respond to disruptive incidents.  A lack of this type of information and KPIs could mean that senior managers would not have an overall view of where the organisation stood in terms of its BCM Programme, and could not measure BC programme performance and resource use and take measures to deal with any shortfalls.

How can Biscon help?

Biscon Planning Limited is a leading and well respected independent supplier of Risk and Business Continuity Management requirements, who have expertise experience, and access to specialist knowledge. Biscon have successfully introduced and implemented business continuity strategies, policies and plans into many organisations through recognising both commonalities and differences in their approach and using their knowledge, personal experience and industry best practices to facilitate the successful implementation of your BCM system.

At Biscon, we do not believe in a one-size-fits-all approach and so create bespoke plans that are tailored to suit the individual needs of our clients. A BCP delivered by Biscon would help your organisation meet its core objectives of maintaining its operations following any acute disruption to your normal activities. Our programmes of work can deliver such requirements as an operational Risk Register, a Business Impact Analysis that highlights the impact on functions and activities and a comprehensive Business Continuity Management Plan.

Biscon can provide you with a FREE ‘Health Check’ of your current levels of resilience; just give us a call to arrange yours.

If you need assistance with any aspect of your Business Continuity programme, then call Biscon on +44 1453 889250 or email Jim Nield at jimnield@biscon.co.uk. Also please see our website; www.biscon.co.uk for further information.