Theron Long is BCMMETRICSTM operations leader. He supports our clients’ use of BCMMETRICSTM and innovates to continuously enhance the platform’s capabilities and improve the customer experience.
Coming into compliance with business continuity regulations and standards—whether motivated by a desire to avoid penalties or a wish to boost resilience—is a massive challenge. In this week’s post, we lay out how BCMMETRICSTM Compliance Confidence tool can make it easier for organizations to align with the rules and standards they must meet to successfully carry out their missions.
Related on MHA Consulting: Standard Time: The Best Time to Choose a Business Continuity Standard Is Right Now
Owing to the critical role they play in society and the economy, organizations in the healthcare, finance, and utility sectors are required by law to meet stringent business continuity (BC) standards. Their compliance is regularly checked by audit, and failure to meet the required standards can result in fines and other penalties. They are also subject to penalties if they are impacted by an event and are subsequently found to have left themselves vulnerable through noncompliance.
Organizations in less heavily regulated industries often take on the challenge of meeting BC standards on a voluntary basis. Their reasons for doing so can range from an enlightened commitment to being highly resilient to satisfying customer requirements. With these companies, the risk of fines is not a factor but the cost of noncompliance can still be high, potentially including operational impacts, loss of business, and reputational damage.
Regardless of whether they are in a heavily or lightly regulated industry, organizations that wish to align with any of the leading BC standards face a daunting challenge. Coming into compliance with any of the top BC standards—whether it’s ISO22301, FFIEC, FINRA, NFPA 1600, or something else—is an arduous undertaking.
The difficulties of achieving compliance include knowing what the standard requires (some are hundreds of pages in length), knowing where your organization stands in each area, managing the effort to track and close gaps, identifying the best way to invest program resources, ensuring that required maintenance is performed, and producing reports.
It’s common for organizations to use general tools such as Word and Excel to help them
manage their compliance effort, but such applications are of limited use in this task. They have no visibility into the standards, are incapable of aggregating data, and cannot forecast the impact of proposed investments. They also lack the ability to send reminders or produce reports and leave the door wide open to unrealistic, rose-colored assessments.
Complying with BC standards and regulations is important, difficult, and impossible to do efficiently with general-purpose software tools. One specialist tool that makes it substantially easier to ensure compliance is BCMMETRICSTM Compliance Confidence (C2), part of the BCMMETRICSTM business continuity software platform.
Created by MHA Consulting CEO Michael Herrera and used by MHA consultants every day in their client engagements, BCMMETRICSTM is available on a bundled or modular basis to organizations who wish to use it on their own. Like all of the tools in the BCMMETRICS suite, Compliance Confidence delivers professional-grade functionality in a no-frills, easy-to-use, cost-effective package.
C2 leaves out the distracting bells and whistles found in many comparable BC software products, but it has all the features you need to assess your initial compliance and guide your improvement efforts.
The first thing C2 does is help you arrive at an initial, baseline assessment of your BC program’s alignment with any of the leading business continuity standards (FFIEC, ISO 22301, NFPA 1600, etc.). Naturally, the raw data about the program must come from you, but Compliance Confidence guides you through the process, relieving you of the need to page through the standard and note your findings on a blank page.
Once complete, the assessment results are displayed in an easy-to-read format that includes a FICO-like score, a color-coded needle gauge, and a classification of your program as “Reactive,” “Organized,” “Responsive,” or “Resilient,” with descriptions of what each classification means and its recovery capabilities.
Compliance Confidence also lets you access your past assessments, copy and update previous assessments, and see how a contemplated program change would impact your readiness score. Other features of C2 include the ability to assign actions to specific people, notify people of their action items, and generate reports for sharing with management and auditors.
What do these features add up to for a company that uses C2? Significant time savings, objective insight into the status of their BC program, and visibility into their gaps, empowering them to create and complete action items to fill them. Ultimately, these gains translate to improved resilience, a reduction in the impacts caused by events, and—for companies in highly regulated industries—reduced exposure to penalties.
As with all of the tools in the BCMMETRICSTM platform, Compliance Confidence delivers professional-grade capability in a clean, functional, easy-to-use interface. Let’s take a look at some of the main screens a user encounters in using C2. (The following screenshots provide a quick overview of Compliance Confidence. Detailed instructions on using it can be found in the BCMMETRICS User Guide, available within the platform.)
After going to the BCMMETRICSTM login portal, entering their username and password, and choosing Compliance Confidence, users will see the Administration tab as shown below:
Note that the tab is divided into three sections: Dimension, Standards, and User Access. The first two allow the user to configure the assessment they want to perform, including what BC standards they want to measure their program against.
After making and saving their selections, the user selects their program and assessment date. The Standards window appears as shown below:
The Standards window allows the user to work through the different program areas (shown on the left) and displays the Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for each area for the chosen standard(s). It also indicates the importance of each CSF (Critical, Moderate, or Low) with a thermometer graphic and contains a dropdown where the user grades their program for that area (No Compliance, Minimal Compliance, Moderate Compliance, Full Compliance). The right-hand columns allow the user to add comments or create and email action items.
The user completes the assessment and is presented with the Reports window:
The Reports window displays the results of the assessment in a variety of ways. It displays the results by program dimension (Administration, Crisis Management, and so on), with the needle gauge showing the overall result for the selected dimension. The bar graphs give a detailed breakdown of the components that make up that dimension. The results can be to exported to Word or Excel, converted into a PDF, printed, or downloaded (using the buttons on the upper right).
Finally, we have the Predict tab:
The Predict window allows the user to adjust the weighting of the different program dimensions to reflect their organization’s unique circumstances. It also allows the user to see how the organization’s scores would change if the action items created earlier in the assessment were implemented.
Achieving compliance with business continuity standards and regulations is a critical yet challenging task for organizations across various industries. The BCMMETRICSTM Compliance Confidence tool stands out as a comprehensive solution designed to simplify this complex process. By offering professional-grade functionality in an intuitive and user-friendly interface, Compliance Confidence helps organizations accurately assess their current compliance status, manage improvement efforts, and maintain ongoing adherence to key standards.
MHA Consulting experts use Compliance Confidence every day in working with their clients to assess their BC programs, guide improvements, and strengthen compliance. By subscribing to the BCMMETRICSTM SaaS solution, companies that are not MHA Consulting clients can also use C2, while enjoying the support of BCMMETRICSTM responsive customer service program.
Compliance Confidence can help organizations reduce the risk of penalties for noncompliance, lessen the impact of disruptions, and enhance overall resilience. For any organization looking to avoid penalties and strengthen their business continuity program, BCMMETRICSTM Compliance Confidence provides a robust, efficient, and effective way to navigate the demanding landscape of BC standards and regulations.