As an assessor of ISO 22301:2012, one of the most essential aspects of the assessment process is to understand the drivers for any company wanting to establish a certified BCMS. This may seem obvious; surely it is to improve a company’s resilience and reduce their risk?
It is of course, although in order to effectively assess the system it is important for an assessor to understand the company and its stakeholder’s expectations and requirements, as well as the management’s plans and strategy for the business. That is why the clause relating to understanding the context of the BCMS within the organisation is such an important one.
It provides a basis from which the BCMS objectives are defined and measured, and from which the system can be assessed.
As with any of the business systems that LRQA assesses, our aim is to not only evaluate a company’s system for compliance to the standard requirements but also for effectiveness in meeting stakeholder requirements. By doing so, the assessment process should also add value for the organisation. To this end it is important for us to establish that all of the appropriate risks have been considered and effectively treated where appropriate in the context of the organisations’ priorities.
Every organisation must evaluate its own risks in the context of their risk appetite and then establish the related treatments accordingly. What one organisation may accept or control, another must treat.
For Water Direct, as a company which supports its customers through emergency situations it is imperative for them that their systems are accessible at all times. Their risk appetite for failure in this respect is very low.
It is true to say, as Keith mentions that following the initial assessment there were some fundamental weaknesses identified within the Water Direct system, which I felt needed to be addressed in order to ensure the BCMS would be as robust as possible.
Keith and the team at Water Direct took the feedback as a positive contribution to improve their system. As an assessor this was a good indication of the commitment of the Water Direct management team in ensuring that the BCMS in place is not only compliant with standard requirements but effective in meeting the needs of all stakeholders, and consistent with the BCMS objectives initially identified.
On 5-6 November, Rob Acker, ICT Technical Manager will discuss Water Direct's case study in more detail at the BCM World Conference.
You can read the full case study here.