The Noggin Platform
The world’s leading platform for integrated safety & security management.
Find Your Solution
-
Crisis Management
-
Emergency Management
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Security Threat Assessment
- Incident Management
- Planned Events
- Lone Worker Management
-
Safety Management
-
Employee Health & Wellbeing
-
Governance, Risk & Compliance (GRC)
-
Asset Management
-
Contractor Management
-
Visitor Management
-
Emergency Management
All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.
Featured Modules
- Incident Management
- Injury Management
- Online Inductions
- Reporting & Analytics
Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.
Featured Modules
- Wellbeing Reporting
- Ergonomic Assessment
- Vaccination Management
A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.
Featured Modules
- Audits
- Inspections
- Take 5
- Standards Compliance
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Entities
- Contractor Workers
- Contractor Plant
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Featured Modules:
Situational Awareness & Reporting - Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
-
Physical Security
-
Cyber Security
-
Visitor Management
-
Critical Infrastructure Protection
-
Emergency Management
-
Governance, Risk & Compliance
-
Asset Management
-
Contractor Management
Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.
Featured Modules
- Risk & Threat Assessments
- Security Inspections
- Crowded Place & Impact Assessments
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Situational Awareness & Reporting
- Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Assessments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Registration
- Permit to Work
- Work Orders
- Contractor Self-Administration
-
Business Continuity Planning
-
Crisis Management
-
Governance, Risk & Compliance (GRC)
-
Continuity of Operations (COOP)
Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.
Featured Modules
- Business Impact Assessments
- Incident & Exercise Management
- Recovery Strategy Tracking
- Continuity of Operations (COOP)
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.
Featured Modules
- Business Impact Assessments
- Threat & Hazard Identification
- Continuity of Operations Plans Management
- Testing, Training & Exercises
Guide
10 Steps to an Effective Crisis Management Plan
Article
The Stages of Crisis: Understanding the Crisis Management Lifecycle
- Work Safety Resources
- Emergency Management Resources
- Crisis Management Resources
- Business Continuity Resources
- Security Management Resources
eBook
Understanding ISO 22361 for Crisis Management
eBook
Best Practice Strategies to Maintain Resilience
NEWS
Technology expert's tips for safety management platforms
NEWS
A Comprehensive Guide to Understanding ISO45001
Who We Are
The world’s leading platform for integrated safety & security management.
- Follow us
-
-
-
.svg)
.svg)
.svg)
Where the business continuity plan fits within the business continuity management capability
Business continuity management (BCM) has been around for some time now, emerging into what we now recognise as a holistic management process for identifying potential threats to an organisation and the operational impacts those threats would pose. A mainstay of the effort is the business continuity plan (BCP). The business continuity plan provides a collection of resources, actions, procedures, and information, designed to prepare organisations to maintain essential functions in the event of a disaster or other major disruption.
It’s executing on the business continuity plan specifically that enables the continuous delivery of critical services and products to customers. That makes the business continuity plan qualitatively different than other forms of all-hazards planning, like post-disaster recovery planning or business resumption planning.
The business continuity plan has two important objectives:
- Ensuring critical operations continue to be available
- Minimising impacts to the business, irrespective of the type of incident or disruption
Does my organisation need a business continuity plan?
Staggeringly high rates of post-disaster business closure point up the necessity of having a business continuity plan.
What’s more, rates of post-crisis business closure are heavily weighted towards companies who fail to develop a business continuity plan before major incidents. As many as three in every four organisations without a business continuity plan fail within three years of a disaster.
Nor is business extinction the only risk of not having a business continuity plan. Firms sit on a lot of financial exposure.
For instance, the potential financial loss due to downtime is extraordinary: estimates from IBM show up to USD 2.8 million per hour in certain industries, totalling a single day loss of some USD 67 million. That’s extraordinary.
A business continuity plan mitigates that financial cost by helping organisations return to normal operations more quickly. Another benefit of the business continuity plan: the planning effort itself tends to lead to better, overall organisational efficiency. Business continuity planning involves examining the precise relationship of business resources and assets to prioritised services.
What’s more, the demonstrated importance of business continuity management, especially in critical infrastructure sectors, has meant that jurisdictions have moved into mandate baseline business continuity management practices, often requiring firms to maintain a business continuity plan.
The international business continuity management system standard, ISO 22301, for one, is a means of signalling to legislators and regulators that the certified organisation is indeed adhering to best practices in the field.
Of course, governmental actors aren’t the only stakeholders. Customers, be they existing or prospective, also have a vested interest in transacting business with organisations that will continue to deliver products and services at acceptable levels. That’s one reason why developing a business continuity plan can offer firms a major competitive advantage in their market. It can also protect the brand in the eyes of shareholders and customers when an emergency does strike.
Key challenges to developing a business continuity plan
Despite its clear benefits, the business continuity plan isn’t as established a norm as it should be. IBM research shows that a disappointing 17 percent of Business Continuity Management and IT security specialists say their organisations have a formal business continuity plan. What’s everyone else thinking?
Well, it’s complicated. The challenges to developing an effective business continuity plan are myriad. For one, most organisations don’t have a best-practice business continuity management programme in place in the first place.
Why’s that? Well, practitioners often decry a lack of commitment and involvement from senior management. According to the survey data, that’s the crucial gateway to getting a major, cross-functional project off the ground.
The challenges to developing a business continuity plan don’t end there. Even when C-level sponsorship is secured, it’s not a given that senior leadership is fully invested in building a business continuity plan for the right reasons. Executives might be going through the motions, trying to feign compliance to regulators and customers.
The best-intentioned organisations can also get business continuity planning wrong, too. There’re plenty of variables that go into building a business continuity plan, so it’s easy to make the following common mistakes:
- Misjudge data recovery requirements
- Not properly tailor the risk assessment to organisational challenges
- Fail to question assumptions
- Fail to consider limiting factors
Developing an effective business continuity plan
So, what does it take to develop an effective business continuity plan? There’s a lot.
For one, business continuity planning involves documenting procedures to guide how your organisation will respond to and recover from a disruption. Putting together the actual business continuity plan will typically fall to the governance committee.
Here’s where C-suite involvement is crucial. Most governing committees are headed by an executive sponsor. That sponsor is nominally responsible for initiating, approving, auditing, overseeing, and testing the business continuity plan.
However, day-to-day management falls to a business continuity coordinator. Depending on the size of the company, that coordinator might have a dedicated staff. Other in-house members of the committee typically include:
- CIO
- CISO or other senior security officer
- Senior representatives from the remaining business units
Before drafting the business continuity plan, the governance committee will undertake a business impact analysis (BIA). The business impact analysis is a methodical accounting of business activities and the effect business disruptions would have on those activities. The business impact analysis is intended to help organisations isolate prioritised business activities in tandem with the processes and resources needed to support them.
That analysis is imperative. Sure, firms might have a good feel for the services and products they need to continue delivering in order to avoid severe revenue. But it’s not a given that senior managers have a deep understanding of the dependencies that underlie those services. A good business impact analysis, on the other hand, will capture all of those contingencies, then rank the order of priority of services or products for continuous delivery or rapid recovery.
Those business impact analysis findings then get fed into the business continuity plan proper. The plan will then cover the resources, services, activities, business continuity software solutions required to ensure the continuity of critical business functions.
Don’t get us wrong, the business continuity plan can take different forms. Usually, though, the following elements will be present:
- A list of relevant company, insurance, and supplier contacts
- References. Helpful information might include links to the appropriate state and federal regulator, e.g., Emergency Management Australia
- Relevant standards with which the plan complies, e.g., ISO 22301
- Organising objectives and driving principles.
- The primary objective of your plan is to ensure maximum possible services levels are maintained. Meanwhile, assessing business risk for probability and impact might also be an important principle to document.
- The objectives and principles sections might be part of a longer executive summary, a comprehensive overview of the plan
- The contents of the business impact analysis, including a list of likely threats, e.g., building loss, document(s) loss, systems going offline, loss of key staff, etc.
- Scenario planning for the risks you’ve identified
- Once a risk is listed, the plan will outline probability and impact of occurrence, likeliest scenario(s) to unfold, business functions affected, actions to take and preventative mitigation strategies, staff responsibilities, as well as operational constraints.
Drafting the plan isn’t the end of the story. Senior management still has to approve the draft, before the process of validating (and updating) the plan can even begin.
Validating the plan means running periodic exercises and trainings to test its assumptions. Those trainings aren’t just for practitioners. They should be mandatory for all employees, and companies should strive to secure partner participation at any stage in the business continuity plan lifecycle (depicted below).
The lifecycle of the business continuity plan
Nor should testing exercises be treated as pro forma measures, either. To be effective, the business continuity plan must remain a dynamic document. Specifically, teams need to update the plan to incorporate key lessons learned from testing and exercises.
In conclusion, rates of business continuity plan adoption are alarmingly low. Don’t get caught napping. To protect your brand and bottom line, delve into requirements for the ISO 22301 standard, and start building your best-practice business continuity plan today.
Have a plan in place already but need help making the business case for flexible business continuity software that scales with crisis? Download our guide, When Business Continuity Events Become Crises.
DOWNLOAD THE GUIDE
.svg)
Download your copy
About this Article
Published May 19, 2021