BCM and Incident Management are also required for small and medium-sized enterprises (SMEs)

How to make your organization a safer place without a lot of effort.

Summary

Business Continuity management (BCM) and Incident management enjoy more and more attention in small to medium size (SME’s) companies. More than 50% of all SME’s that experience a serious incident, and were not prepared, go out of business within 1 year after the incident. Not having BCM or incident management is no longer acceptable. The amount of time and effort one can spend is limited so a more practical and realistic approach is required.

This article provides a rapid approach to incident management to make it applicable for SME’s allowing them to really benefit and improve the workplace safety and business continuity without the huge expense nor continuous effort usually linked to it.

Introduction

When looking at incident management and BCM the most used methods start with a Business Impact Analysis (BIA) trying to cover the most important risk areas and then set up a response infrastructure and document incident plans etcetera. The downside is that this can turn into a rather academic exercise. Everybody will tell you told avoid that trap and keep it practical but why is it then that so many organizations not yet have any meaningful BCM or Incident management implemented? The thing is that it is too hard to see how you really benefit in a practical situation. We are not saying that the more extensive approach is not suitable or meaningful, it is, but what we indicate here is that for SME’s that don’t have time or resources to spend there is a practical approach that will really support your organization. It is feasible and will save you huge amounts of money. It is something that you really cannot afford not to do.

Practical BCM

In this approach you start with your organization and people in mind and focus on implementing something that works when you need it. What do you need to make your organization a more safe environment and take appropriate action when it matters?

  1. A way for your employees to issue an alert when there seems to be an incident e.g.
    • Someone unauthorized on your premises
    • Power down
    • IT system failure or machine failure
    • . . .
  2. Alert information that is automatically passed on to the right people with instructions how to act in this situation.
    • Instructions on how to handle effectively (plan)
    • SLA or other relevant information at hand
    • Who else to alert
  3. Monitor issued alerts audit trail to improve your organization
  4. A recovery plan to kick off after the incident has been responded to.

Now, this approach requires some form of automation to allow your employees to issue alerts using their mobile phone which they carry with them most of the time anyways and to receive alert information to take appropriate action. Furthermore you need a central place to describe your key action plans and information needed to actually take the right action when it really matters. The bottleneck of this approach used to be the software investment and maintenance. This bottleneck has been lifted completely however thanks to the latest innovations. The mobile apps required are available for free and the linked web app comes fully hosted, maintenance free with a starting price of €39,99 / month.

No consulting services needed

With this approach you can do the work yourself and you can do it quickly. You document your key plans like a first aid plan, an evacuation plan or an action plan how to deal with a power down situation. Only practical plans for things that are reasonably likely to happen.

You will even find free downloads that you can use like first aid instructions, templates etcetera to get you going quickly.

Once a year you evaluate the reported incidents (all available in the system) and see which incidents were reported that did not have a good plan linked. If these incidents are likely to occur again you can see what you can do to avoid them (preventive) or decide to document an effective action plan to take the right action when the incident occurs again.

Conclusion

Not having a BCM or incident management solution implemented for your organization no longer is excusable. The options are there, the software is available, the approach is clear and it is easy to implement and maintain. Your external auditor will also appreciate it as well as your insurance broker.

One day you know that it was the right decision, make sure you are ready when that day comes.