| Favorites |
 |
|
|
|
|
Business Challenge
The need for Business Continuity Planning (BCP) and Business Continuity Management (BCM) has grown rapidly, driven by compliance regulations and stakeholders’ demands. The objective of business continuity plans is to minimize business disruptions, and sustain the trust and confidence built up by the organization. In today’s fast-paced and volatile business climate, organizations need to ensure that their business continuity plans are continually updated, complete and efficient.
MetricStream’s Solution
MetricStream's Business Continuity Planning and Disaster Recovery (DR) solution helps organizations implement and manage an effective business continuity plan to enable seamless recovery from a disaster. The solution provides an integrated and flexible framework for embedding BCP in the risk management model, and automating the BCP lifecycle, right from planning, to implementation, management and maintenance. Using the solution, you will be able to:
Manage Business Continuity Requirements
- Map organizational hierarchies
- Define processes with MTTD, RPO and RTO
- Conduct a Business Impact Analysis (BIA), and establish a risk register
Develop Strategy
- Identify preventive controls
- Develop an incident response structure, a DR plan and a communication plan
Test, Maintain and Review Plans
- Develop test objectives, embed insights learned within the BCM plan, and train personnel
- Enable certification - BS25999, ISO 27002, NIST
- Enable internal audit and governance review processes
Manage Disaster Recovery Requirements
- Conduct damage assessments
- Invoke a disaster recovery plan, and initiate recovery activities (alternate sites, systems)
Business Continuity Management Capabilities
Business Impact Analysis (BIA)
The MetricStream solution offers comprehensive capabilities to perform a BIA as part of the BCM process. Using the solution, the BCM program manager can trigger surveys allowing stakeholders to choose critical processes, recovery objectives and resources/assets involved in the continuity process. These surveys can be configured and executed based on predefined templates and schedules for designated users.
The solution also has process modeling capabilities for resources and dependencies. For example, it can generate a dependency report with RPO and RTO definition capabilities for a data center’s main resources, as well as dependent resources.
The solution also improves the efficiency of BIAs by allowing a single BIA to be applied to multiple business continuity plans. Moreover, individual BIAs from business processes, IT applications or facilities can be aggregated.
Exhaustive Coverage of BCM Frameworks and Standards
MetricStream’s BCM solution reduces the effort required for mapping business continuity requirements to plans and procedures. The solution incorporates a huge variety of BCM standards and frameworks such as the Applied Prudential Standard (APS) 232 (BCM - Australia), the Australian Standard AS/NZS 4360, BSI Business Continuity Management Specification (BS 25999 Part 1), and the Federal Emergency Management Agency’s (FEMA’s) National Incident Management System (NIMS)/ Incident Command System (ICS). Users can efficiently link each product activity to a framework or a standard for more effective reporting.
What-if Modeling
The MetricStream solution enhances the efficiency of testing BCM and DR plans by separately testing the plan components, and then progressively combining the components till a complete test can be carried out on the whole plan.
The solution also provides capabilities to identify and conduct scenario analyses at any level of granularity. It captures a detailed narrative of the scenario, documents all the underlying assumptions, ties/maps the risks, identifies controls and mitigation pertaining to the scenario, and configures the scenario parameter buckets. The solution also enables scenario analyses to be conducted using surveys. Here, the expert opinion of business line managers and risk managers is obtained to identify potential operational risk events, and assess their potential outcomes.
Rapid Implementation of Response Plans
If a crisis occurs, the MetricStream solution triggers response plan notifications for each specific business unit, department or facility. The solution also provides Web based access to BCP and DR plans for all stakeholders and employees across locations. In addition, it enables rapid contact with the appropriate response personnel, and tracks and manages requests for emergency operations assistance.
A Central Plans Repository
The MetricStream Business Continuity Management solution provides a searchable central repository with capabilities for each BCP owner to maintain, update and view his/her plans. Integrated collaboration and workflow tools can be used to access, create, modify, review and approve documents globally in a controlled manner. In addition, a powerful analytics and reporting capability with graphical dashboards enables each document to be tracked from origin to obsolescence, providing managers complete visibility into the system.
Risk Assessments for Availability
The MetricStream solution records and reports the business impact of a resource, process or asset based on various BIA categories (Confidentiality, Integrity and Availability) and factors such as operational or financial losses. The solution also offers quantitative risk management models to identify risk scores based on their impact and likelihood. The risk scores can then be linked to the BCM plan to identify its effectiveness and the risk associated with the business.
The solution supports multi-dimensional risk and control assessments for an organizational unit, an object such as a process or an asset, and a combination of both. The system also supports multiple risk scoring scenarios for multiple groups to assess risk with their own perspectives, and then collaborate on the results. |
