According to the ISO 22301 BCMS Standard, Business Continuity Management (Goh, 2015), or BCM, is a “Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities."
Source: ISO 22301:2019 – Societal Security – Business Continuity Management Systems - Requirements - clause 3.4
This definition can be simplified as an organization-wide discipline and a complete set of processes identifying potential impacts that threaten an organization. It provides a capability for an effective response that safeguards the interests of its major stakeholders and reputation.
It allows a security company, as an organisation, to be equipped to protect its reputation and deal with any incoming threats that may hinder its ability to perform its various daily security services such as guarding; monitoring; security for commercial and industrial; and event security.
Therefore, a Security Company should be prepared for an incident before it occurs to minimize its impact should it happen. One such way to prepare is to adopt a BCM Planning Methodology. Click the BCM Planning methodology icon to find out more.
The BCM planning methodology, like any other planning process, provides a framework for requirements, effort, and deliverables, each phase leading into the next in an endlessly repeating cycle. The roles and responsibilities are spelt out in the BCM framework.
The BCM Planning Methodology (Goh, 2015) is divided into various steps. The key is to divide the entire process so that it is manageable.
Because the facilities managed by the Security Company managing customers are geographically dispersed over a large area, the threats should be reviewed and analysed based on location.
The types of threats or "contingencies" as highlighted as part of the Security Agencies Competencies Assessment (SACE) are as follows:
A set of criteria is developed to guide this analysis. Business function criticality will determine the priority and urgency with which the disruption is dealt with.
As mentioned in the earlier blog, examples of such business function should include Administration, Human Resources and Finance, which is not external facing. These functions are often centralized or even outsourced; their identification and prioritization should be considered part of the BCM scope.
There is a need to develop strategies to provide alternate facilities and service providers and store backups of vital equipment and records in a safe place.
Click the "Overview of Training-led BCM Implementation" for the detailed briefing. Note that this course has value-added services to meet the minimum BCM requirement. After the reading, you may want to know about the funding details from SkillsFuture Singapore (SSG). |
If you are a Singapore-based company or Singaporean and Permanent Resident, you can opt to receive BCM training via:
WSQ BCM Course Funding: Course Code: BCM-310; BCM-320; BCM-330 | Non-WSQ BCM Course: BCM-5000 for assigned Project Manager |
Singapore Attorney-General's Chambers (2019) Singapore Statutes Online: Private Security Industry Act https://sso.agc.gov.sg/Act/PSIA2007
Goh, M. H. (2015). Business Continuity Management Planning Methodology. International Journal of Disaster Recovery and Business Continuity, 6, 9–16. Retrieved from http://dx.doi.org/10.14257/ijdrbc.2015.6.02