Business Continuity Management
Automate business continuity and crisis management for seamless disaster recovery.

 

Business Continuity Management

The need for Business Continuity Planning (BCP) and Business Continuity Management (BCM) has grown rapidly, driven by compliance regulations and stakeholders' demands. The objective of business continuity plans is to minimize business disruptions, and sustain the trust and confidence built up by organizations. In today's fast-paced and volatile business climate, organizations need to ensure that their business continuity plans are continually updated, complete, and efficient.

MetricStream's BCM Software Solution

MetricStream's solution helps organizations implement and manage an effective business continuity plan to enable seamless recovery from a disaster. The solution provides an integrated and flexible framework for embedding BCP in the risk management model, streamlining the BCP lifecycle, and automating resource-intensive workflows.

Built on a flexible GRC platform, the BCM solution integrates business continuity processes with IT GRC and enterprise GRC frameworks, extending into supplier and customer ecosystems. It also aligns BCP and BCM processes with industry standards such as ISO 22301, and provides the capability to build policies, processes, controls, reporting templates, and eLearning modules that fully conform to these standards.

If a crisis arises, the solution's advanced capabilities such as social media monitoring and mobile alerts enable BCP plans to be efficiently communicated to relevant employees, thereby helping organizations recover quickly from the crisis.

Benefits of the Solution

Enables Effective Management of Business Continuity Requirements

  • Maps organizational hierarchies to BCM processes
  • Helps define processes with Mean Time to Detect (MTTD), Recovery Point Objective (RPO), and Recovery Time Objective (RTO)
  • Enables a Business Impact Analysis (BIA), and implementation of a risk register

Strengthens BCM Strategy Development

  • Helps identify preventive controls
  • Helps develop an incident response structure, a Disaster Recovery (DR) plan and a communication plan

Helps Test, Maintain, and Review Business Continuity Plans

  • Helps develops test objectives, embed insights learned within the BCM plan, and train personnel
  • Enables certification - ISO22301/BS25999, ISO 27001, DRII, FFIEC, NERC-CIP and many more.
  • Enables internal audit and governance review processes

Facilitates Effective Management of Disaster Recovery Requirements

  • Enables damage assessments
  • Helps implement a DR plan, and initiate recovery activities (e.g. alternate sites, systems)

Provides Real-time Situational Awareness

  • Connects to government sources and agencies such as FEMA to provide disaster and emergency alerts, weather feeds, power availability notifications, and data on cyber-security incidents and homeland security
  • Helps track crisis updates in real time across social media platforms such as Google Crisis Maps, Twitter, and Facebook
  • Leverages mobile application capabilities supported by MetricStream GRC Platform to communicate BCM information, plans, and alerts via SMS and other mobile channels to employees and stakeholders

Capabilities of the Solution

Business Impact Analysis (BIA)
The MetricStream solution offers comprehensive capabilities for BIA as part of the BCM process. Using the solution, the BCM program manager can trigger surveys, allowing stakeholders to choose critical processes, recovery objectives, and resources/assets involved in the continuity process. These surveys can be configured and executed based on predefined templates and schedules for designated users.

The solution also has process modeling capabilities for resources and dependencies. For example, it can generate a dependency report with RPO and RTO definition capabilities for a data center's main resources, as well as dependent resources.

The solution also improves the efficiency of BIAs by allowing a single BIA to be applied to multiple business continuity plans. Moreover, individual BIAs from business processes, IT applications, or facilities can be aggregated.

Exhaustive Coverage of BCM Frameworks and Standards
The MetricStream BCM solution reduces the effort required for mapping business continuity requirements to plans and procedures. The solution incorporates a huge variety of business continuity management frameworks and standards such as ISO 22301, Applied Prudential Standard (APS) 232 (BCM - Australia), the Australian Standard AS/NZS 4360, BSI Business Continuity Management Specification (BS 25999 Part 1), and the Federal Emergency Management Agency's (FEMA's) National Incident Management System (NIMS) Incident Command System (ICS). Users can efficiently link each product activity to a framework or a standard for more effective reporting.

What-if Modeling
The MetricStream solution enhances the efficiency of testing BCM and DR plans by separately testing the plan components, and then progressively combining the components till a complete test can be carried out on the whole plan. The solution also provides capabilities to identify and conduct scenario analyses at any level of granularity. It captures a detailed narrative of the scenario, documents all the underlying assumptions, ties/maps risks, identifies controls pertaining to the scenario, and configures the scenario parameters.

Rapid Implementation of Response Plans
If a crisis occurs, the MetricStream solution triggers response plan notifications for each specific business unit, department, or facility. The solution also provides w eb based access to BCP and DR plans for all stakeholders and employees across locations. In addition, it enables rapid contact with the appropriate response personnel, and tracks and manages requests for emergency operations assistance.

A Central Plans Repository
The MetricStream solution provides a searchable central repository with capabilities for each BCP owner to maintain, update, and view his/her plans. Integrated collaboration and workflow tools can be used to access, create, modify, review, and approve documents globally in a controlled manner. A powerful analytics and reporting capability with graphical dashboards enables each document to be tracked from origin to obsolescence, providing managers complete visibility into the system.

Risk Assessments for Availability
The MetricStream solution records and reports the business impact of a resource, process, or asset based on various BIA categories (Confidentiality, Integrity, and Availability) and factors such as operational or financial losses. The solution also offers quantitative risk management models to identify risk scores based on their impact and likelihood. The risk scores can then be linked to the BCM plan to identify its effectiveness as well as the risks associated with the business.

The solution supports multi-dimensional risk and control assessments for an organizational unit, objects such as processes or assets, and a combination of both. In addition, multiple risk scoring scenarios can be established for various groups to assess risk with their own perspectives, and then collaborate on the results.