BPM Business Continuity
The BPM Business Continuity System is dedicated to organizations that plan to implement or maintain a business continuity management system compliant with ISO 22301. The module is also an invaluable support for companies using only selected elements of the BCMS (Business Continuity Management System) – such as BIA (Business Impact Analysis), risk assessment, supervision of improvement activities and risk treatment plans, or the maintenance of emergency procedures and organization of continuity tests. It is perfect for supporting the implementation of the National Cybersecurity System requirements, NIS directives and other requirements related to ensuring the continuity of operation, e.g. ISO 28000 (supply chain), AEO .
- implementation of business impact analysis,
- risk management,
- testing business continuity plans and procedures.
As part of the remaining modules, BPM provides all functionalities enabling comprehensive business continuity management and documenting evidence of compliance with the requirements of international norms and standards, including ISO 22301. They mainly include:
The BPM Business Continuity module enables the analysis of processes and services defined in the system. The analysis is performed as a planned and cyclical process or ad hoc if necessary. Thanks to the use of the system, it is possible to commission BIA analysis tasks to all process owners in the Organization.
The business impact assessment is performed on the basis of the adopted parameters and criteria established at the module configuration stage. Usually it consists in assessing the financial, image, legal and operational consequences occurring in the event of a break in the implementation of the assessed process. In addition, the system collects information about business continuity parameters, such as RTO, RPO, MBCO, MTPD. The value of some of the parameters is proposed to the user on the basis of the entered process assessments.
The module has reporting functionalities, which significantly relieves the persons supervising the BIA implementation in the field of collecting partial surveys, analyzes, materials and preparing reports.
When identifying processes and performing BIA, the system allows you to assign critical and supporting resources / assets. Asset owners are tasked with assessing the required availability, identifying security and assessing the likelihood of an asset / resource not being available. The system calculates the risk of continuity and guides the user through the process of planning activities related to risk mitigation and its monitoring.
Based on the proposed activities related to risk management, authorized users aggregate the action plan and assign persons responsible for their implementation. The system monitors the performance of activities and enables the assessment of effectiveness.
By implementing risk management in the organization in the areas of strategic, operational, security and personal data protection, we have the ability to fully integrate the process, from risk identification, assessment and analysis, to planning and implementation of the risk management plan.
Testing of business continuity plans has been prepared in such a way as to simplify the process of creating schedules, preparing scenarios, developing questionnaires for assessing test criteria, conducting tests and documenting their results.
Thanks to the module, the Organization has all the arrangements for BCM tests in one place and enables the cooperation of all people involved in the tests (including observers from outside the company’s structures).
Thanks to the BPM system, it is possible to select the business continuity procedure to be tested, to set a test completion date and all participants involved in the process. Then, the system documents detailed scenarios of events that will be subject to verification, as well as test criteria formulated in the form of questionnaires submitted to people as an observer. After the tests are completed, the material received from all participants is collected, aggregated and analyzed in the system, and the result of the work is a test report and recommendations for improvement actions.