Business Continuity Management
Blog_Jan_Ban.jpg

Planning Steps for Implementing BCM for Security Company

This is the second instalment of the series "Implementing BCM for Security Company."  It provides an overview of the phases to be undertaken to implement business continuity management for Security Companies (or Agencies) operating within Singapore. 

This methodology is aligned and based on the latest ISO 22301 BCMS Standard and can be applied to comply with "C5: Business Continuity Plan" as required by the Security Agencies Competencies Assessment (SACE) issued by Singapore Police Force.

Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

Security Banner_Facebook

New call-to-actionWhat are the Key Steps Undertaken to Implement BCM for a Security Company?

 

New call-to-actionBefore starting your Business Continuity Management (BCM) project, one of the initial vital steps is to have a good "Understanding of Your Organization: Security Company" in the context of business continuity management.  Click the icon on the right to view the blog.

What is Business Continuity Management?

According to the ISO 22301 BCMS Standard, Business Continuity Management (Goh, 2015), or BCM, is a “Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities."

Source: ISO 22301:2019 – Societal Security – Business Continuity Management Systems - Requirements - clause 3.4

This definition can be simplified as an organization-wide discipline and a complete set of processes identifying potential impacts that threaten an organization. It provides a capability for an effective response that safeguards the interests of its major stakeholders and reputation.

What is BCM for Security Companies?

Security Company Event ManagementIn the context of Security Companies, business continuity management is a complete set of processes that identifies potential impacts that threaten their ability to continue their critical business function and responsibilities.

It allows a security company, as an organisation, to be equipped to protect its reputation and deal with any incoming threats that may hinder its ability to perform its various daily security services such as guarding; monitoring; security for commercial and industrial; and event security.

BCM Planning Methodology

BCM Planning MethodologySecurity Companies are vulnerable to disruptions and threats. Any incident, if not appropriately managed, can escalate to become a disaster or crisis or even cause significant injuries to employees or even death.

Therefore, a Security Company should be prepared for an incident before it occurs to minimize its impact should it happen. One such way to prepare is to adopt a BCM Planning Methodology. Click the BCM Planning methodology icon to find out more.

The BCM planning methodology, like any other planning process, provides a framework for requirements, effort, and deliverables, each phase leading into the next in an endlessly repeating cycle.  The roles and responsibilities are spelt out in the BCM framework.

The BCM Planning Methodology (Goh, 2015) is divided into various steps. The key is to divide the entire process so that it is manageable.  

Risk Analysis and Review [RAR]

New call-to-actionWithin the context of a Security Company, a wide array of risks can be identified. One possible risk scenario is losing an office building or IT systems. The risk rating is determined based on multiplying the risk likelihood and impact. In addition to these factors, controls are often present to reduce risks.  Click the RAR icon for further explanation.

Because the facilities managed by the Security Company managing customers are geographically dispersed over a large area, the threats should be reviewed and analysed based on location.

The types of threats or "contingencies" as highlighted as part of the Security Agencies Competencies Assessment (SACE) are as follows:

  • Major disaster
  • IT-related incidents
  • Terror related incidents
  • Disease outbreak
Business Impact Analysis [BIA]

New call-to-actionBusiness functions, such as security services such as guarding; monitoring; security for commercial and industrial; and event security, are analysed to determine whether they are critical or non-critical to the town council.

A set of criteria is developed to guide this analysis. Business function criticality will determine the priority and urgency with which the disruption is dealt with.

As mentioned in the earlier blog, examples of such business function should include Administration, Human Resources and Finance, which is not external facing.  These functions are often centralized or even outsourced; their identification and prioritization should be considered part of the BCM scope.

Business Continuity Strategy [BCS]

New call-to-actionOnce critical business functions are identified, it is time to develop interim recovery guidelines and procedures to allow Security Companies to operate between the “time of disaster” and “ready for routine business.” 

There is a need to develop strategies to provide alternate facilities and service providers and store backups of vital equipment and records in a safe place.

Plan Development [PD]

New call-to-actionThe BC plan and its associated procedures for recovering the Security Company after a crisis or disaster are documented in the development phase. This plan is based on all the essential details from the earlier business impact analysis and business continuity strategy phases.

Testing and Exercising [TE]

New call-to-actionOnce the BC plan is documented, tests and exercises are carried out to ensure the BC plan works and its validity is proven. The plan from the plan development phase is run through simulations, where it is ultimately graded based on criteria. If a test or exercise's results are deemed unsatisfactory, any error or omission it might have will need to be corrected.

Program Management

BCM Planning Methodology [7] [PgM} Program Management PhaseFinally, once the management team of the Security Company has approved the BC plan and the rest of the documentation, the assigned team will need to update and maintain the plan periodically to reflect organisational changes in the Security Company and prevailing threats in the environment.

 
 
 
Do you want to implement your BCM program via our government-funded training-led implementation?

Click the "Overview of Training-led BCM Implementation" for the detailed briefing.  Note that this course has value-added services to meet the minimum BCM requirement.

After the reading, you may want to know about the funding details from SkillsFuture Singapore (SSG).

 [ITL] [1-6] Training-led BCM Implementation: Overview

 

singapore_flag

Do You Want to be BCM Competent, and Where Do I Start?

If you are a Singapore-based company or Singaporean and Permanent Resident, you can opt to receive BCM training via:

New call-to-action New call-to-action
WSQ BCM Course Funding: Course Code: BCM-310; BCM-320; BCM-330 Non-WSQ BCM Course: BCM-5000 for assigned Project Manager

Email to Sales Team [BCM Institute]If you are interested in setting up your BCM program via training-led implementation, please get in touch with us.

 

References

Singapore Attorney-General's Chambers (2019) Singapore Statutes Online: Private Security Industry Act https://sso.agc.gov.sg/Act/PSIA2007

Goh, M. H. (2015). Business Continuity Management Planning Methodology. International Journal of Disaster Recovery and Business Continuity, 6, 9–16. Retrieved from http://dx.doi.org/10.14257/ijdrbc.2015.6.02

 

Your Comments Here:

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024