Request a Demo

The Noggin Platform

The world’s leading platform for integrated safety & security management.

Learn More
Find Your Solution
  • Crisis management Crisis Management
  • Emergency Management Emergency Management

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Safety Management Safety Management
  • Employee Health & Wellbeing Employee Health & Wellbeing
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Asset Management Asset Management
  • Contractor Management Contractor Management
  • Visitor Management Visitor Management
  • Emergency Management Emergency Management

All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.

Learn More
Request a Demo

Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.

Learn More
Request a Demo

A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Physical Security Physical Security
  • Cyber Security Cyber Security
  • Visitor Management Visitor Management
  • Critical Infrastructure Protection Critical Infrastructure Protection
  • Emergency Management Emergency Management
  • Governance Risk & Compliance Governance, Risk & Compliance
  • Asset Management Asset Management
  • Contractor Management Contractor Management

Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.

Learn More
Request a Demo

Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo
  • Business Continuity Planning Business Continuity Planning
  • Crisis Management Crisis Management
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Continuity of Operations Continuity of Operations (COOP)

Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.

Learn More
Request a Demo

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.

Learn More
Request a Demo
A guide to developing your covid-19 return to work plan
Whitepaper

Developing Your COVID-19 Return to Work Plan

Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

How to Develop an Effective Business Continuity Plan

Noggin

Business Continuity Software

Published May 19, 2021

Where the business continuity plan fits within the business continuity management capability

Business continuity management (BCM) has been around for some time now, emerging into what we now recognise as a holistic management process for identifying potential threats to an organisation and the operational impacts those threats would pose. A mainstay of the effort is the business continuity plan (BCP). The business continuity plan provides a collection of resources, actions, procedures, and information, designed to prepare organisations to maintain essential functions in the event of a disaster or other major disruption.

It’s executing on the business continuity plan specifically that enables the continuous delivery of critical services and products to customers. That makes the business continuity plan qualitatively different than other forms of all-hazards planning, like post-disaster recovery planning or business resumption planning.

The business continuity plan has two important objectives:

  • Ensuring critical operations continue to be available
  • Minimising impacts to the business, irrespective of the type of incident or disruption

Does my organisation need a business continuity plan?

Staggeringly high rates of post-disaster business closure point up the necessity of having a business continuity plan.

What’s more, rates of post-crisis business closure are heavily weighted towards companies who fail to develop a business continuity plan before major incidents. As many as three in every four organisations without a business continuity plan fail within three years of a disaster.

Nor is business extinction the only risk of not having a business continuity plan. Firms sit on a lot of financial exposure.

For instance, the potential financial loss due to downtime is extraordinary: estimates from IBM show up to USD 2.8 million per hour in certain industries, totalling a single day loss of some USD 67 million. That’s extraordinary.

A business continuity plan mitigates that financial cost by helping organisations return to normal operations more quickly. Another benefit of the business continuity plan: the planning effort itself tends to lead to better, overall organisational efficiency. Business continuity planning involves examining the precise relationship of business resources and assets to prioritised services.

What’s more, the demonstrated importance of business continuity management, especially in critical infrastructure sectors, has meant that jurisdictions have moved into mandate baseline business continuity management practices, often requiring firms to maintain a business continuity plan.

The international business continuity management system standard, ISO 22301, for one, is a means of signalling to legislators and regulators that the certified organisation is indeed adhering to best practices in the field.

Of course, governmental actors aren’t the only stakeholders. Customers, be they existing or prospective, also have a vested interest in transacting business with organisations that will continue to deliver products and services at acceptable levels. That’s one reason why developing a business continuity plan can offer firms a major competitive advantage in their market. It can also protect the brand in the eyes of shareholders and customers when an emergency does strike.

Key challenges to developing a business continuity plan

Despite its clear benefits, the business continuity plan isn’t as established a norm as it should be. IBM research shows that a disappointing 17 percent of Business Continuity Management and IT security specialists say their organisations have a formal business continuity plan. What’s everyone else thinking?

Well, it’s complicated. The challenges to developing an effective business continuity plan are myriad. For one, most organisations don’t have a best-practice business continuity management programme in place in the first place.

Why’s that? Well, practitioners often decry a lack of commitment and involvement from senior management. According to the survey data, that’s the crucial gateway to getting a major, cross-functional project off the ground.

The challenges to developing a business continuity plan don’t end there. Even when C-level sponsorship is secured, it’s not a given that senior leadership is fully invested in building a business continuity plan for the right reasons. Executives might be going through the motions, trying to feign compliance to regulators and customers.

The best-intentioned organisations can also get business continuity planning wrong, too. There’re plenty of variables that go into building a business continuity plan, so it’s easy to make the following common mistakes:

  • Misjudge data recovery requirements
  • Not properly tailor the risk assessment to organisational challenges
  • Fail to question assumptions
  • Fail to consider limiting factors

Developing an effective business continuity plan

So, what does it take to develop an effective business continuity plan? There’s a lot.

For one, business continuity planning involves documenting procedures to guide how your organisation will respond to and recover from a disruption. Putting together the actual business continuity plan will typically fall to the governance committee.

Here’s where C-suite involvement is crucial. Most governing committees are headed by an executive sponsor. That sponsor is nominally responsible for initiating, approving, auditing, overseeing, and testing the business continuity plan.

However, day-to-day management falls to a business continuity coordinator. Depending on the size of the company, that coordinator might have a dedicated staff. Other in-house members of the committee typically include:

  • CIO
  • CISO or other senior security officer
  • Senior representatives from the remaining business units

Before drafting the business continuity plan, the governance committee will undertake a business impact analysis (BIA). The business impact analysis is a methodical accounting of business activities and the effect business disruptions would have on those activities. The business impact analysis is intended to help organisations isolate prioritised business activities in tandem with the processes and resources needed to support them.

That analysis is imperative. Sure, firms might have a good feel for the services and products they need to continue delivering in order to avoid severe revenue. But it’s not a given that senior managers have a deep understanding of the dependencies that underlie those services. A good business impact analysis, on the other hand, will capture all of those contingencies, then rank the order of priority of services or products for continuous delivery or rapid recovery.

Those business impact analysis findings then get fed into the business continuity plan proper. The plan will then cover the resources, services, activities, business continuity software solutions required to ensure the continuity of critical business functions.

Don’t get us wrong, the business continuity plan can take different forms. Usually, though, the following elements will be present:

  • A list of relevant company, insurance, and supplier contacts
  • References. Helpful information might include links to the appropriate state and federal regulator, e.g., Emergency Management Australia
  • Relevant standards with which the plan complies, e.g., ISO 22301
  • Organising objectives and driving principles.
    • The primary objective of your plan is to ensure maximum possible services levels are maintained. Meanwhile, assessing business risk for probability and impact might also be an important principle to document.
  • The objectives and principles sections might be part of a longer executive summary, a comprehensive overview of the plan
  • The contents of the business impact analysis, including a list of likely threats, e.g., building loss, document(s) loss, systems going offline, loss of key staff, etc.
  • Scenario planning for the risks you’ve identified
    • Once a risk is listed, the plan will outline probability and impact of occurrence, likeliest scenario(s) to unfold, business functions affected, actions to take and preventative mitigation strategies, staff responsibilities, as well as operational constraints.

Drafting the plan isn’t the end of the story. Senior management still has to approve the draft, before the process of validating (and updating) the plan can even begin.

Validating the plan means running periodic exercises and trainings to test its assumptions. Those trainings aren’t just for practitioners. They should be mandatory for all employees, and companies should strive to secure partner participation at any stage in the business continuity plan lifecycle (depicted below). 

The lifecycle of the business continuity plan

graph_6 The lifecycle of the business continuity plan

Nor should testing exercises be treated as pro forma measures, either. To be effective, the business continuity plan must remain a dynamic document. Specifically, teams need to update the plan to incorporate key lessons learned from testing and exercises.

In conclusion, rates of business continuity plan adoption are alarmingly low. Don’t get caught napping. To protect your brand and bottom line, delve into requirements for the ISO 22301 standard, and start building your best-practice business continuity plan today.

Have a plan in place already but need help making the business case for flexible business continuity software that scales with crisis? Download our guide, When Business Continuity Events Become Crises.

DOWNLOAD THE GUIDE

New call-to-action