Business Continuity Management (BCM) is a management process designed to enable organisations to mitigate the impacts of a business disruption without trying to second-guess what the likely cause will be. It delivers a framework for building resilience and the capability for an effective response that not only safeguards the interest of your stakeholders, but also your reputation, brand and value creating activities. It is achieved by identifying what you do, how you do it, the impact of a disruption, and how long you can cope with impact.

With this information you can make decisions on what needs to be recovered and by when in order to continue an acceptable level of service delivery. Once these decisions are made, it is possible to develop strategies, plans and procedures for continuity and recovery that will need to be tested to ensure they work and kept up to date to reflect changing processes.

BCM is also a management discipline that is complementary to Information Security and part of the wider discipline within which IT Contingency planning resides. It is a critical requirement for organisations trying to achieve ISO 27001 compliance.

Evolve delivers BCM as a service offering in its own right, but very often it is also used to add value to general business consultancy assignments. All too often organisations focus upon costly technical improvements to the management of business processes without considering how the service they provide could be delivered as a result of scenarios such as loss of staff, of denial of access to a particular site, failure of an IT system, loss of key information and data, or loss of supplies that are critical to delivering the business.

Our BCM Services

Evolve has a proven capability in delivering highly successful Business Continuity Management Systems (BCMS) for clients. Our work is always set within a best practice context so we draw upon the British Standard (BS) 25999. Our approach is to align organisations BCM to this standard that puts them in a good position for subsequent accreditation, if they should require it.

Our services to deliver the BS 25999 elements of the BCM Lifecycle include:

• Programme Management - our service delivers the programme management and governance requirements for the development, implementation and ongoing maintenance of BCM in the organisation. A programme that is supported by management and appropriately resourced, to ensure that the necessary activities are conducted to identify the impact of potential losses, and to develop and maintain appropriate strategies and plans to mitigate the impact by ensuring continuity of business and services during a disruption, supported by training, exercises, plan maintenance and reviews. One of the key deliveries for this element is the Business Continuity Management Policy which defines the scope of BCM and defines operational framework to ensure consistency of BCM across complex and often geographically dispersed organisations;
• Understanding the Organisation - for this element our services include:
  • Conducting a Business Impact Analysis (BIA) to determine and document the impact of a disruption to the activities that deliver the products and services of the organisation. In order to achieve this we have developed a process, supported by a template, which enables the organisation to document what they do (products and services) and how they do it (activities), identify the resources required for the activities, identify both internal and external dependencies for the activities, analyse the impact to the business if there was a disruption to the activities, measure the impact over time, analyse and document the time when disruption of the activity will result in delivery becoming untenable, and ascertaining the recovery time objective and resources required to continue to deliver an acceptable level of service delivery during a disruption.
  • Conducting, or reviewing, a Risk Assessment to determine and measure risks to activities identified in the BIA, in order to consider whether current risk treatment measures are adequate or other measures to prevent or mitigate the risk need to be actioned.

• Determine BCM Strategy - Having identified the critical activities and their recovery time objectives we will assist the organisation in considering the business continuity strategic options available to the organisation to enable continuity as a result of the following impacts:
• Loss of staff;
• Denial of access to premises and office accommodation;
• Loss of technology, both IT and supporting services;
• Loss of information, both paper and electronic (linked to ISO 27001);
• Loss of Supplies, and;
• Stakeholder management during the period of disruption.
• Develop and Implement a BCM Response - this element consists of developing plans and procedures to action the BCM Strategies. We will assist in the developing:
• An Incident Management Plan (IMP) and procedures, which details the organisation's incident response structure, their roles and responsibilities and activities to enable effective decision making, as well as procedures for co-ordinating continuity and recovery activities, and delivering consistent communications throughout the lifecycle of an incident;
• Business Continuity Plans (BCPs) that documents the resources and actions required for the continuity and recovery of the critical activities for each business area.
• Exercising, Maintaining and Reviewing BCM Arrangements - this element is designed to ensure that plans work through plan testing, and putting in place a regime for reviewing and updating plans on a regular basis in order to confirm that plans are up to date and that there is a capable response mechanism in place. Our services include:
• The design, development and delivery of exercises ranging from simple plan walkthroughs to full simulation exercises;
• Setting up a process for documenting lessons learnt and subsequent action plans to remedy the lessons identified;
• Documenting a management review process.
• Embedding BCM in the Organisation's Culture - we can offer a range services for this element. Examples include:
• Designing and delivering BCM training and awareness events;
• One on one training, or response team training;
• Designing an internal BCM information communications strategy (elearning, newsletters, intranet articles and notices, team meeting agendas etc);
• Skills transfer by involving staff in all elements of the lifecycle.

Our experience is that we need to be flexible in what services we offer dependent on the culture and specified requirements of the organisation.

Our services can range from end to end BCM development and implementation, to specific tasks such as reviewing and auditing BCM, developing and delivering a range of BC exercises, BCM training and awareness, incident management training as examples.

Our Personnel

The quality of our consultancy base in this field, as with Information Security, is our greatest asset. Our consultants are all educated to degree level and above with professional qualifications in their preferred disciplines. Their backgrounds are varied, ranging from the armed forces to blue chip multi-national companies, but they all have one thing in common and that is the fact that they are widely recognised as being at the top of their profession. But perhaps more importantly, each one has an extensive track record of implementing BCM solutions across both the public and private sector.

All of our business continuity consultants are either members or fellows of the Business Continuity Institute (BCI). In addition to specialist affiliations we also encourage our consultants to become PRINCE2 accredited practitioners.

If you would like to know anymore then please contact our BCM Lead Consultant on 01252 781000 or email us This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .