All organisations must deal with change in the environments in which they operate. These changes can include changing stakeholder expectations, new strategies by competitors, emerging technologies, changes in staff, availability of finance, and the requirements of new legislation. To maintain business continuity – which is a core obligation of good governance – organisations need to anticipate and adapt to such changes so as to avoid either abrupt or progressive failure.
Change is therefore best dealt with proactively rather than reactively.
Change can also occur – sometimes suddenly – as a result of disruptive events. This possibility should be dealt with proactively as part of an organisation's overall system for risk management.
Managing the risks to business continuity that arise from the possibility of disruptive events is the focus of a new Standard, AS/NZS 5050:2010 Business continuity – Managing disruption-related risk, just published by Standards New Zealand and Standards Australia.
AS/NZS 5050 is believed to be a world first as it applies the new international Standard for risk management (AS/NZS ISO 31000:2009) to disruption-related risk. Building on earlier concepts (often called 'business continuity management'), this new Standard ensures that all aspects of the risk are considered – from the factors which can lead to a disruptive event and influence the size of the event, to the factors that influence the nature and scale of the effects.
'AS/NZS 5050 is not just concerned with planning for disruption' says Roger Estall, one of the New Zealand representatives on the joint Australia/New Zealand committee that developed the Standard.
'By adopting an approach that is consistent with AS/NZS ISO 31000, the new Standard will help organisations progressively integrate all forms of risk management activity, also assisting with the replacement of risk-specific silos that have been a feature of the past. AS/NZS 5050 also ensures a more efficient approach to the treatment of this risk and helps make organisations even more resilient.'
The development of AS/NZS 5050 had significant input and assistance from New Zealand organisations during the public comment phase which took place late last year. The public comment phase ensured that the committee received the views of those who 'own' disruption-related risk and practitioners who offer specialist services in this field.
AS/NZS 5050 explains how to apply AS/NZS ISO 31000 to disruption-related risks and includes detailed guidance particular to the features of these risks and to the risk management framework through which they are managed.
A methodology for determining how disruption can affect the continuity of the organisation's business and the likelihood of those effects being experienced is included. Particular attention is given to those activities, resources, processes, and dependencies that are most critical.
Section 5 of AS/NZS 5050 includes a schedule of requirements for organisations seeking or required to demonstrate that their framework and processes for managing disruption-related risk are able to meet the characteristics of management systems as described in ISO Guide 72 Guidelines for the justification and development of management system standards.
AS/NZS 5050 is applicable to all forms and sizes of organisation.
→ Buy this Standard