Organizations today need to be strategically adaptable, operationally aware, and tactically capable of responding to any business disruption. The key is to establish robust business continuity and disaster recovery capabilities that can, in the event of a crisis, help the business protect its operations, ﬁnances, reputation, and employees. Of particular value are business continuity standards and frameworks like ISO 22301, ISO 22313, NFPA 1600, FEMA’s NIMS ICS, and NRF which, when implemented eﬀectively, enable digital enterprises to strengthen organizational resilience and business performance.
While business continuity planning is practiced on some level in most organizations, a more comprehensive and integrated Business Continuity Management (BCM) program can go a long way towards accelerating and streamlining recovery from disruptions. By integrating risk management, information security, and business continuity programs with strong governance frameworks, organiza- tions will be better-prepared to respond to and recover from unplanned critical events.Download Fact Sheet
MetricStream Business Continuity Management App
The MetricStream BCM App enables a centralized approach to business continuity management processes with capabilities to streamline workﬂows, automate metric computations, and integrate BCM activities. The app provides a ﬂexible system to meet multiple BCM needs – right from business continuity planning, to crisis recovery initiation and management.
Through the app, you can deﬁne various business objects and their downstream dependencies in a centralized repository. Capabilities for Business Impact Analyses (BIAs) and continuous risk assessments help you identify business critical processes and resources, and document the associated risks.
The app also supports Business Continuity Planning (BCP) - formulating strategies and action plans to keep the business operational through a crisis. Robust crisis and incident management capabilities enable you to eﬀectively deal with crisis threats before, during, and after their occurrence. Emergency notiﬁcations facilitate timely dissemination of crisis-related information, and help restore business processes and activities quickly. The app is certiﬁed for conformance with global accessibility standards and best practices as deﬁned by WCAG 2.1 Level AA and Section 508.
Why MetricStream Business Continuity Management App
The MetricStream BCM App provides the following benefits:
Provides the Flexibility to Edit Plan Templates
Delivers pre-embedded business continuity plan templates, and helps edit them based on industry standards and frameworks (all changes or edits are reﬂected across multiple linked continuity plans)
Supports Emergency Notifications Through Multiple Contact Paths
Integrates with Everbridge, an Emergency Mass Notiﬁcation System (EMNS) for users to send notiﬁcations to individuals or groups through multiple contact paths
Calculates Recovery Objectives, and Provides Real-Time Visibility into Recovery Strategies
Provides a conﬁgurable scoring logic, metrics, and algorithms to calculate recovery objectives (Recovery Time Objective (RTO), Recovery Point Objective (RPO), and Maximum Tolerable Period of Disruption (MTPD)); helps track multiple recovery strategies through Gantt charts
Facilitates an Effective Gap Analysis for Recovery Objectives
Provides conﬁgurable reports and dashboards with information on gaps between recovery requirements; allows users to drill down to view the ﬁner levels of detail
Offers Mobile Apps to Access BCM Plans
Provides native mobile apps on Windows and iOS platforms, enabling authorized users to easily access and download BCM plans on their tablets, smart phones, or laptops
The BCM app is built on the MetricStream GRC Platform, a robust and scalable infrastructure that provides the following core services and capabilities:
Engaging and Personalized User Experience
Makes BCM management processes simple, context-sensitive, and personalized to each user; facilitates an intuitive and engaging user experience
Supports app conﬁgurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio conﬁguration framework; helps the organization adapt to change quickly
Mobility and Layering
Provides a responsive interface that allows BCM processes to be managed across devices; leverages a REST API integra- tion framework to layer BCM processes over heterogeneous IT systems and business critical infrastructure
Reporting and Analytics
Delivers powerful visualization tools and analytics to manage and monitor BCM, data relationships, and actions in real time across the extended enterprise
Lean and Robust Architecture
Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs
The MetricStream BCM App provides the following functionalities:
Process and Asset Inventory
Create a hierarchical structure of the organization and its objectives in the app’s centralized GRC library. Define the relationships between processes, sub-processes, and dependent assets. Maintain, update, and view the business assets using a searchable and central repository.
Business Impact Analysis
Trigger BIAs to identify, assess, and prioritize processes and assets that are critical to achieving the organization’s objectives. Identify the potential impact of business disruptions (resulting from uncontrolled, non-speciﬁc events) on business functions and processes. Deﬁne IT assets based on BIA categories (e.g. conﬁdentiality, integrity, availability), and record impact factors. Group assets based on functional and technical parameters. Apply a single BIA to multiple business continuity plans, if required. Alternatively, aggregate individual BIAs from business processes, IT applications, or facilities, and apply them to a speciﬁc business continuity plan. Visualize the relationships and dependencies between processes and assets using the app’s process dependency maps. Calculate RTOs, RPOs, and maximum allowable downtime, as well as the acceptable level of losses associated with business functions and processes.
Business Continuity Risk Assessment
Document all relevant data around the business continuity program, including processes, risks, events, Key Risk Indicators (KRIs), and controls. Perform risk assessments and computations based on conﬁgurable methodologies and algorithms. Gain in-depth insights into the organization’s risk proﬁle, and prioritize business continuity strategies for optimal risk-reward outcomes. Gain visibility into risk analyses, key risk metrics, and the status of compliance with business continuity policies through executive reports and dashboards.
Business Continuity and Recovery Planning
Embed business continuity plans into the risk management model. Automate BCP workﬂows across the stages of planning, implementation, management, and maintenance. Create continuity plans using inbuilt templates, and edit multiple plans in one go. Link each plan to the results of relevant BIAs. Track and escalate BCP tasks such as drills, documentation, and recovery via practice-driven workﬂows.
Determine the efficiency of BCM and disaster recovery plans by testing the plan components, and then progressively combining the components till a complete test can be carried out on the whole plan. Leverage the Gantt chart view to support and enhance plan exercises. Identify process gaps, estimate the time required for recovery plans to be operational, and examine if all dependencies are captured. Track testing gaps and remediation eﬀorts through the app’s integrated task management capabilities. Convert the plan into actions, and report on the status of each action taken. Create test activities, assign them to users, and set start/ﬁnish baseline dates. Identify and conduct scenario analyses at various levels of granularity. Capture a detailed narrative of the scenario, document the underlying assumptions, map risks, identify controls relevant to the scenario, and conﬁgure the scenario parameters.
Monitor and respond to disruptive incidents through comprehensive and interactive workﬂows. Track risk proﬁles and control ownership. Gather crisis data from disaster and emergency alerts, weather feeds, power availability notiﬁcations, and data on cybersecurity issues and homeland security. Integrate information from emergency notiﬁcation services, government sources and agencies like the Federal Emergency Management Agency (FEMA), as well as call centers and other sources. Track crisis updates in real time across social media platforms such as Google Crisis Maps, Twitter, and Facebook. Leverage the mobile application capabilities supported by the MetricStream GRC Platform to communicate BCM information, plans, and alerts via SMS and other mobile channels to employees and stakeholders.
Emergency Mass Notifications
Gather, coordinate, and disseminate crisis-related information to target audiences to keep the organization’s business operations going. Create conﬁgurable emergency notiﬁcation templates, pre-deﬁned call trees, distribution lists, voice recordings, and attachments. Specify the content of the message, select user groups or distribution lists, and set rules for these lists. Attach related documents or voice recordings to messages, mark the priority of the message in a single form, and save it as a template for later use. Send notiﬁcations through voice mails, SMS, social media, emails and multiple other contact paths via integration with Emergency Mass Notiﬁcation Systems (EMNS).
Issue and Action Management
Manage, track, and close issues and actions triggered from risk assessments, plan exercises, and crises. Set up workﬂows to address these issues and actions based on their severity and priority, respectively.
Integration with Vendor Risk Management App
Integrate with the MetricStream Vendor Risk Management App to conduct business continuity assessments, and analyze risks across vendors in the supply chain.
Gain a comprehensive view of critical business continuity information and tasks on mobile devices across iOS and Android platforms. Notify users to download the most recently published continuity and recovery plans onto their mobile devices. Report crises from hand-held devices, and push emergency notiﬁcations through them as well.