Management of Risk is an inherent, and often subconscious component of business management for any organisation. We manage risks every day and these vary from simple basic risks in some organisations, to technical and / or life threatening risks on others.
Quality Management Systems tend towards more informal base requirements of Risk Based Thinking, this of course increasing in technicality depending on the organisation in question and the sector they operate in.
Environmental Management Systems require us to manage the risks associated with Aspects and their Impacts.
Health & Safety Management Systems of course require us to manage risks associated with Hazards and implement appropriate Controls.
Information Security Management Systems require us to formally consider risks and implement controls at various levels, including policy, human, technical, and others as applicable.
To compliment all of these disciplines, there are additional standards for Risk Assessment and Management like ISO 31000 along with proven methodologies like the PPRR Model (Prevention, Preparedness, Response & Recovery). At other levels, you may use simple Brainstorming, perhaps employing the Delphi Technique, an RCA (Root Cause Analysis) or a SWIFT Analysis (Structured What-If Technique), an FMEA (Failure Mode & Effect Analysis), SWOT (Strengths, Weaknesses, Opportunities, Threats), PESTLE (Political, Economic, Social, Technological, Legal, Environmental). There are many more and their use is highly dependent on the specific needs at hand.
We can help you choose the correct tools and implement these for your specific needs.
Business Continuity is a term most people are familiar with, as is a Business Continuity Plan. However, most would also admit that their BCP is not a trusted document (if it exists), nor currently accurate as it has not been reviewed and revised in line with changes to the business.
We can help you develop not only an accurate BCP, but a process by which you ensure it is a trusted and valued document that is the first thing leadership go to in the event of a disaster event. Whether we use PPRR, ISO 22301 or another formal framework, we can help you deliver confidence and reliability to your organisations ability to endure whatever crisis event occurs.
A subset of Business Continuity Planning is Disaster Recovery Planning. It is an ICT (Information and Communication Technology) focused initiative that when done correctly, ensures the ICT’s readiness for Business Continuity and the support of business operations in the event of varying levels of events, incidents and disruptions to normal business routines.
ISO/IEC 27031 provides a valuable framework for delivering a reliable DR plan that will complement your BCP.