HIRC_Logo-mark---blue Diagonal background separation icon-grid list-ul-regular Engaged Badge icon-plus-blue icon-plus-minus circle-question-regular

BCM Risk Assessment

The Business Continuity Maturity (BCM) is a simple and standard approach to evaluate preparedness.  The BCM informs whether a supplier has policies and programs in place to help prepare, prevent, and recover from supply disruptions.  The self-assessment is derived from ISO 22301; takes roughly 1 hour to complete; and is open book.

Completion is simple and at no cost.  For convenience, suppliers may use the HIRC Vault or SRS.

Goals

  • Increase risk awareness and mature mitigation
  • Plot strengths and growth opportunities
  • Strengthen partnership and resiliency

Benefits

  • Simplify BCM sharing via a standard model
  • Demonstrate your investment in preparedness
  • Can be completed in about an hour

Four Simple Steps

1. Review

Review the questions and scoring rubric contained with the standard.

2. Complete

Options

3. Collaborate

Review the assessment output.  Identify strengths and opportunities.  Collaborate with your trading partner on resiliency strategies.

4. Enhance

Continuously improve your BCM program and repeat the assessment to increase your score.

Problem

Existing standards for BCM assessment (e.g. ISO 22301) are labor intensive and costly. Few healthcare suppliers currently possess this level of industry certification. Providers lack a practical toolset by which to validate whether a trading partner has appropriate BCM fundamentals in place. Suppliers lack a common framework by which to communicate and provide evidence to their resiliency preparations.

Background

Business Continuity Management Implementing and maintaining a business continuity management (BCM) program is essential to the development of business continuity plans to ensure continuous delivery of products and services to customers.

Purpose

A BCM program is intended to prepare for, provide and maintain controls and capabilities for managing an organization’s overall ability to continue to operate during disruptions within acceptable time frames at predefined capacity.

Business Continuity Plan

Documented information that guides an organization to respond to a disruption and resume, recover and restore the delivery of products and services consistent with its business continuity objectives.

Assessment

An effective business continuity plan will:

  • Safeguard personnel, contractors, vendors, and other constituents
  • Meet the requirements to continue and recover critical organization functions
  • Protect the organization’s critical functions and assets
  • Reduce the likelihood of disruption
  • Shorten the period of disruption

Recommendation

Deploy this framework for all essential supply chain relationships. Future iterations may be augmented by evidenced based reviews to further validate BCM practices. Such reviews could conceptually be self-serve and validated by the organization’s internal audit.

Why should I complete the BCM?

Increase risk awareness and mature mitigation.

In addition, their are several great reasons to complete the BCM:

  • Delight your customer
  • No cost
  • Secure platform
  • Confidential results (unless you choose to share)
  • Standardized
  • Simplify how you demonstrate your commitment to resiliency with customers
How do I complete the BCM?
What if I don't like my score?

By default, no one can see your results except for you.  Upon completion of the self-assessment, you can choose whether or not to share with customers.

What is considered a normal score?

In 2020, a leading healthcare provider surveyed 65 of its top suppliers.

  • 1 in 3 had a favorable score
  • 1 in 3 had a mid-range score
  • 1 in 3 had a poor score

In other words, the industry bell curve is still maturing.  Regardless of your score, the emphasis is on growth, not perfection.

Why should I use HIRC Vault?

HIRC Vault is the industry standard for sharing FLAT FILES of resiliency information with provider customers.  It is required to qualify for the HIRC Transparency badge.  Suppliers my click one button to share with customer or other authorized third-parties.

See HIRC Vault

Why should I use SRS?

Supply Risk Solutions (SRS) is a valued partner of HIRC offering complementary services to healthcare providers and suppliers.  Premium solutions available.  Services include:

  • Mapping and monitoring
  • Risk assessment and prevention

See SRS homepage