Security Exchange News

Covid-19 – Business Continuity - A Continual Process for Business Survival

25 September 2020

Business owners across the globe are reeling from the devastating effects of Covid-19. Those with business continuity management systems (BCMS) that they have been able to implement will have been better prepared to address the challenges presented by the initial effects of the pandemic, however that is not to say that such businesses are now able to relax. It is predicted that Covid-19 will linger until such times as an effective vaccine is discovered. In some cases, operating restrictions may be implemented locally or nationally depending on rates of infections and hence, all businesses need to be able to react accordingly.

To enable businesses to effectively deal with the disruption caused to their operations, senior management must understand several key issues.  These are outlined in the latest version of the ISO 22301:2019 (en) Security and resilience — Business continuity management systems (BCMS). 

  • Understanding the organization’s needs and the necessity for establishing business continuity policies and objectives;
  • Operating and maintaining processes, capabilities and response structures for ensuring the organization will survive disruptions;
  • Monitoring and reviewing the performance and effectiveness of the BCMS;
  • Continual improvement based on qualitative and quantitative measures.

For those businesses which have fully grasped the importance of business continuity preparedness and have applied the above principles throughout Covid-19, the ongoing challenge will be to review performance in light of the BCMS measures adopted during the pandemic crisis.  This will allow for the refinement of BCMS and address future improvements which may be identified through this process.  A blind spot may exist where businesses feel that they have carried out suitable and sufficient planning and execution of BCMS but then fail to monitor and reflect on the effectiveness of the BCMS measures which they have put in place.

Typically, the evaluation of BCMS will involve business leaders:

  • Evaluating the suitability, adequacy and effectiveness of its business impact analysis, risk assessment, strategies, solutions, plans and procedures;
  • Undertaking evaluations through reviews, analysis, exercises, tests, post-incident reports and performance evaluations;
  • Conducting evaluations of the business continuity capabilities of relevant partners and suppliers;
  • Evaluating compliance with applicable legal and regulatory requirements, industry best practices and conformity with its own business continuity policy and objectives;
  • Updating documentation and procedures in a timely manner.

Evaluation of BCMS should be carried out in an organised way, during a crisis event such as Covid-19 and following a significant phase of an event, such as the point we are now at with the relaxation of Covid-19 related restrictions on businesses and the economy as a whole.

Reviewing data relating to the implementation of BCMS in the UK, it’s interesting to discover that small businesses are the sector which may be most at risk.  One report – the Databarracks’ fifth annual Data Health Check report with over 400 respondents, provided an insight into the varying attitudes of decision-makers within various sized organisations.  Key findings indicated that while most medium and large organizations are confidently implementing business continuity plans, many small organizations are putting themselves at risk by failing to follow suit.  The main point of concern was that only 30 percent of small organizations had a business continuity plan in place, compared with 54 percent of medium and 73 percent of large businesses.  With Covid-19 challenging the resilience of every business, it would be interesting to discover how many of those businesses which had not implemented BCMS survived the initial effects of the pandemic crisis.

Security Exchange specialists work closely with clients to ensure that business continuity and organisational resilience strategies are applied in a way that best fits the business profile of the client. Benchmarking against established industry standards allows action plans to be drawn up with realistic milestone reporting.  Moreover, at the heart of client engagement is alignment to Deming’s philosophy of continual improvement (Plan, Do, Check, Act).

To access our other advisories on Covid-19, including the Crisis Management Briefings, please visit us here.

For urgent advice and assistance in connection with the Covid-19 outbreak, please call the nearest regional Security Exchange Response Centre:

Europe, Middle East & Africa: +44 20 3284 8844

Asia-Pacific: +61 2807 30186

The Americas+1 305384 4825

Or email us at

Security Exchange is a specialist security management company dedicated to helping our clients prevent, manage and recover from critical security incidents worldwide.

Disclaimer: The opinions expressed in this publication are those of the authors. All content provided on this website is for informational purposes only. The owner of this site makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site.