Business Continuity Management
Automate business continuity and crisis management for seamless disaster recovery.
The need for Business Continuity Planning (BCP) and Business Continuity Management (BCM) has grown rapidly, driven by compliance regulations and stakeholders' demands. The objective of business continuity plans is to minimize business disruptions, and sustain the trust and confidence built up by organizations. In today's fast-paced and volatile business climate, organizations need to ensure that their business continuity plans are continually updated, complete, and efficient.
MetricStream's solution helps organizations implement and manage an effective business continuity plan to enable seamless recovery from a disaster. The solution provides an integrated and flexible framework for embedding BCP in the risk management model, streamlining the BCP lifecycle, and automating resource-intensive workflows.
Built on a flexible GRC platform, the BCM solution integrates business continuity processes with IT GRC and enterprise GRC frameworks, extending into supplier and customer ecosystems. It also aligns BCP and BCM processes with industry standards such as ISO 22301, and provides the capability to build policies, processes, controls, reporting templates, and eLearning modules that fully conform to these standards.
If a crisis arises, the solution's advanced capabilities such as social media monitoring and mobile alerts enable BCP plans to be efficiently communicated to relevant employees, thereby helping organizations recover quickly from the crisis.
Benefits of the Solution
Enables Effective Management of Business Continuity Requirements
Strengthens BCM Strategy Development
Helps Test, Maintain, and Review Business Continuity Plans
Facilitates Effective Management of Disaster Recovery Requirements
Provides Real-time Situational Awareness
Capabilities of the Solution
Business Impact Analysis (BIA)
The MetricStream solution offers comprehensive capabilities for BIA as part of the BCM process. Using the solution, the BCM program manager can trigger surveys, allowing stakeholders to choose critical processes, recovery objectives, and resources/assets involved in the continuity process. These surveys can be configured and executed based on predefined templates and schedules for designated users.
The solution also has process modeling capabilities for resources and dependencies. For example, it can generate a dependency report with RPO and RTO definition capabilities for a data center's main resources, as well as dependent resources.
The solution also improves the efficiency of BIAs by allowing a single BIA to be applied to multiple business continuity plans. Moreover, individual BIAs from business processes, IT applications, or facilities can be aggregated.
Exhaustive Coverage of BCM Frameworks and Standards
The MetricStream BCM solution reduces the effort required for mapping business continuity requirements to plans and procedures. The solution incorporates a huge variety of business continuity management frameworks and standards such as ISO 22301, Applied Prudential Standard (APS) 232 (BCM - Australia), the Australian Standard AS/NZS 4360, BSI Business Continuity Management Specification (BS 25999 Part 1), and the Federal Emergency Management Agency's (FEMA's) National Incident Management System (NIMS) Incident Command System (ICS). Users can efficiently link each product activity to a framework or a standard for more effective reporting.
The MetricStream solution enhances the efficiency of testing BCM and DR plans by separately testing the plan components, and then progressively combining the components till a complete test can be carried out on the whole plan. The solution also provides capabilities to identify and conduct scenario analyses at any level of granularity. It captures a detailed narrative of the scenario, documents all the underlying assumptions, ties/maps risks, identifies controls pertaining to the scenario, and configures the scenario parameters.
Rapid Implementation of Response Plans
If a crisis occurs, the MetricStream solution triggers response plan notifications for each specific business unit, department, or facility. The solution also provides w eb based access to BCP and DR plans for all stakeholders and employees across locations. In addition, it enables rapid contact with the appropriate response personnel, and tracks and manages requests for emergency operations assistance.
A Central Plans Repository
The MetricStream solution provides a searchable central repository with capabilities for each BCP owner to maintain, update, and view his/her plans. Integrated collaboration and workflow tools can be used to access, create, modify, review, and approve documents globally in a controlled manner. A powerful analytics and reporting capability with graphical dashboards enables each document to be tracked from origin to obsolescence, providing managers complete visibility into the system.
Risk Assessments for Availability
The MetricStream solution records and reports the business impact of a resource, process, or asset based on various BIA categories (Confidentiality, Integrity, and Availability) and factors such as operational or financial losses. The solution also offers quantitative risk management models to identify risk scores based on their impact and likelihood. The risk scores can then be linked to the BCM plan to identify its effectiveness as well as the risks associated with the business.
The solution supports multi-dimensional risk and control assessments for an organizational unit, objects such as processes or assets, and a combination of both. In addition, multiple risk scoring scenarios can be established for various groups to assess risk with their own perspectives, and then collaborate on the results.
Analyst Report: MetricStream Recognized as a ‘Leader’ in Gartner's Magic Quadrant for Business Continuity Management Planning Software 2014
Solution Brief: Business Continuity Management Planning for cost-effective recovery and resiliency A proven framework to define and develop BCM
Recorded Webinar: Business Continuity as an Extension of Information Security & Risk Management Program
Expert Speaker: Harvey Betan CBCLA, CBCP, CBCV, MBCI, MBA - Associate Principal, Risk Masters Inc. & Former CIO