In these challenging times we see many companies struggling – both to ensure the health of their employees and customers, and to keep their core processes running.
In particular, logistics chains are challenged, threatening distribution and procurement processes. On one side companies are fighting for new orders, on the other hand, they must ensure that all relevant process steps for providing and distributing products and services are available and interact in an orderly manner. Often this goes beyond the boundaries of the company as the entire business ecosystem, including suppliers and distribution partners, is affected and must be coordinated - even if parts of it are disturbed.
This is business as unusual.
Therefore, companies must take urgent operational measures to keep their key operations and processes running to cope with these scenarios and more. Operational excellence is particularly needed when you are faced with challenges beyond the scope of day-to-day business.
The aim is to minimize damage and to take the best possible precautions in the event of serious disruptions. This is known as business continuity, and the analysis of your processes and risks plays a dominant role in it.
“Think of business continuity as your organization’s ultimate safety net. It’s good to be prepared,” said Frank Simon, senior vice president for audit, processes and quality here at Software AG.
One of the reasons Software AG can adapt directly to the new situation, besides the high commitment of our employees, is because we use ARIS ourselves – it is the basis of our business continuity management system (BCMS). It has helped us analyze any business impact, to assess and prioritize risks, put new processes in place within a day and communicate these changes directly to our whole organization.
Our business continuity management system (according to ISO 22301) is part of an enterprise management system and deeply integrated with other aspects to meet all relevant regulatory requirements:
- Quality management system (according to ISO 9001)
- Information security management system (according to ISO 27001)
- General Data Protection Regulation system (GDPR)
So, based on our experience, we have prepared some best practices to help guide you through your business continuity plans.
Here is the first step of a BCMS using ARIS (I will be posting further details for the other steps in the following articles):
Business Impact Analysis (BIA) and Risk Assessment
An initial risk and impact analysis must be been performed to evaluate the criticality of all core processes your organization - including all important aspects and assets (organization, IT systems, facilities, infrastructure, etc.). The basis for this assessment is your process landscape, which is also the foundation for the other parts of the management system.
Processes are linked via ARIS to risks and risk categories, and areas of impact, so that the risks per process can be determined by aggregating the impact values and thus a risk ranking is available for all core and support processes.
You will need to define your own most critical processes during this process.
When using ARIS at Software AG, we decided on the scope of the BCMS, and to focus on customer centricity. Global Support was initially defined as the process with the highest importance in our BCM system, as it is essential to solve our customer’s issues immediately according to the defined service level agreements.
In my next post, I will talk about next step: Defining your business continuity strategy and procedures, then exercising and testing.