BCM Metrics, Best Practices, and Standards

There is no shortage of industry best practices and standards to benchmark Business Continuity Management programs.  These standards include Internal Standard Organization 22301 (ISO 22301), National Fire Protection Act 1600 (NFPA 1600), Disaster Recovery Institute International Professional Practices (DRII PP) and Business Continuity Institute Good Practices (BCI GP) just to name a few.  But, what we have found is very few, if any; of todays companies know which standard to use and/or are using one of the standards to benchmark their program against.

Additionally, many of our clients are frequently dealing with customer audits that reference these standards in their questionnaires.  So, why aren’t planners benchmarking their programs using one of today’s accepted industry standards?  There are a number of reasons that include, but are not limited to:

  • Not knowing which standard to use
  • Too many questions
  • Lack of management reporting
  • Questions often difficult to understand
  • No automated way to perform these assessments
  • Interpreting the results

Additionally, many BCM planners are concerned that this due diligence will expose the gaps and exposures in their program in a negative light versus as a positive form of benchmarking to guide future improvement.

So, what has MHA done?  As a BCM consultancy, we developed a Current State Assessment (CSA) tool to quickly and easily benchmark where a program and its key dimensions (e.g., Program Administration, Crisis Management, Business Recovery, etc.) comply with industry best practices and standards.    This tool is evolving to be a cloud based, secure self-assessment tool called BCMMETRICS.  The tool references today’s relevant industry standards and best practices to measure the compliance of a BCM program across four (4) key dimensions:

  • Program Administration
  • Crisis Management
  • Business Recovery
  • Disaster Recovery

The question sets used by the tool represent the relevant industry standards and best practices, providing the BCM Planner with a comprehensive assessment of the program and its 4 dimensions.  We take a set of the most relevant questions from the myriad of standards to assess the BCM program.  Each of the questions is appropriately weighted based on their importance to the success of the program highlighting what are the most critical aspects to compliance and the ability for your program to successfully recover.

A sample management report from BCMMETRICS for Program Administration is as follows:

These management level reports permit planners and others to easily and quickly identify areas of success and areas for improvement based on the results.  A detailed report of each dimension listing the results of the individual questioning is also available.

The tool will permit enterprise-level assessments for multiple programs whether domestic or across the globe as well permit “read only” access to auditors.

We will be piloting the tool to a small set of MHA customers in early June and hope to have the tool for public consumption by early fourth quarter of this year.  Initial reviews of the tool have been very favorable from MHA customers and others.

If you would like more information on BCMMETRICS and how it can be used for your organization, contact Brandon Magestro, MHA Director if Operations,  at magestro@mha-it.com.

About
Michael Herrera
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.