PLANNING
SUPPORT
SUPPORT
SUPPORT
SUPPORT
SUPPORT
SUPPORT
ISO 9001 QUALITY MANAGEMENT SYSTEMS
ORGANISATIONAL CONTEXT
In order to achieve the intended outcomes of our business continuity management system (BCMS) and meet our BCMS objectives, it is important that we understand our organisational context and our risk appetite. We have identified the internal and external issues that may impact the business, below. Our approach is to be reactive, but aware, changing our approach to the BCMS when a particular issue changes or a new issue appears. We have highlighted a list of what we believe currently affect us achieving our strategic aims and objectives with regard to meeting requirements around business continuity management.
Internal Issues
values – the values of K7 are ingrained in our staff and ensure we promote the impact of business continuity on our business and surrounding community. Not doing so could result in repetitional loss.
culture - creating a culture all staff are aware of the value of sound business continuity principles and that the whole business is accountable for ensuring that it can effectively manage disruption. Without a responsible approach tobusiness continuity, culture risk becomes unmanageable.
risk - understanding risk and what is acceptable for the effective management of our BCMS ensuring a measured approach to business continuity. Certain risks cannot be accepted, so business impact assessments need to be conducted and documented to support decisions made around risk.
knowledge – having knowledge of the local and global risks and the impacts of disruption. Understanding how our operations, processes and systems work enable us to plan and test our reactions to an unplanned disruption to business. Other knowledge gained through network meetings and training courses are essential. Additional and specific knowledge around business continuity is available to the business as an external resource. Ensuring we have in place succession plans for the business - what happens if?
responsibility and accountability - taking responsibility for business continuity by understanding our dependencies internally and through our supply chain. Ensuring business continuity roles are prescribed and understood.
buildings and infrastructure - we have alternative arrangements for any long term disruption. We constantly monitor our dependence on our software systems and in particular the continuity and quality of service.
information and data assets - we understand the value of information we hold. our data assets are protected through firewalls and hard processes.
internal processes and procedures - having effective strategies, processes and procedures for conducting risk assessments, business impact assessments, disaster recovery, home working, succession planning, supply chain continuity and carrying out audits and reviews.
performance – our performance is monitored. Results are important in determining whether we are meeting our business continuity objectives. Business continuity testing, real disruptions are analysed in terms of our BCMS performance. A strategic scorecard ensures we monitor this performance on a regular basis.
External Issues
legal – changes in data protection legislation likely to have an impact on the way we manage data and the support required to effectively, meeting legal requirements and avoiding fines and repetitional loss
business environment – very competitive market and opportunity to differentiate ourselves from the competition through a responsible approach to disaster recovery and business continuity.
social and economic – social and economic climate sees a change in way people think and attitudes towards business continuity. The reputational, regulatory and financial damage from an unplanned incident or disaster can cause irreversible damage to the business, if it is not prepared for business continuity.
competition – very competitive market place, vying for the same contracts mean that every little edge can count. Certification around business continuity improves our chances against some of our competitors. ISO 22301 can give us that competitive edge. Coronavirus has highlighted the need for business continuity and its importance to the customer when selecting its supplier.
technology – the introduction of new technologies brings opportunities but also brings with it risks. Impact assessments and risk assessments can be used to identify these risks and mitigate them.
political - staying ahead of the game and understanding the political landscape is important. Decisions brought about from the pandemic will influence the way in which we do business in the future. Understanding the new norm is important in setting our business continuity objectives.
Scope of our Business Continuity Management System
Static Security Guarding, Mobile Services, CCTV, Fire & Security Installation & Maintenance
"The protection of all information, data assets and key company operations in order to ensure the continuation of Company functions, services and activities - excluding client sites. Areas covered include physical location (HQ), hardcopy data, electronic data, employee & client records, policies and procedures, software and licences and physical IT hardware, hosted platforms, manned guarding subcontractors, customers and key personnel.
Within Scope
Excluding client sites, BCM System applies to all functions, services, activities and data information assets of Guarding UK and trading divisions (GUK Aviation, RUK, Technical Services) operating from HQ Enfield.
Out of Scope
Client maintained premises and resources managed autonomously. Client sites are beyond the scope of the Company’s BCMS.
Compliance with Regulatory Requirements
K7 Compliance understand its legal obligations and has a broad level of knowledge and information within the business to ensure that we operate within the confines of any regulatory requirement or any needs of interested parties.
We have established a process for reviewing our legal obligations, namely Leadership and Regulatory Review Process. To enable us to continue to meet legislative and interested party need, we have developed a legal register that undergoes regular review. We also utilise the services of our Compliance Partner.
Back to ISO 22301
Leadership
