HIRC_Logo-mark---blue Diagonal background separation icon-grid list-ul-regular Engaged Badge icon-plus-blue icon-plus-minus circle-question-regular

BCM Risk Assessment

The Business Continuity Maturity (BCM) is a simple and standard approach to evaluate preparedness.  The BCM informs whether a supplier has policies and programs in place to help prepare, prevent, and recover from supply disruptions.  The self-assessment is derived from ISO 22301; takes roughly 1 hour to complete; and is open book.

Completion is simple and at no cost.  For convenience, suppliers may complete via our partner technology, Supply Risk Solutions (SRS), for secure storage and sharing.


  • Increase risk awareness and mature mitigation
  • Plot strengths and growth opportunities
  • Strengthen partnership and resiliency


  • Simplify BCM sharing via a standard model
  • Demonstrate your investment in preparedness
  • Can be completed in about an hour

Four Simple Steps

1. Review

Review the questions and scoring rubric contained with the standard.

2. Complete

3. Collaborate

Review the assessment output. Identify strengths and opportunities. Collaborate with your trading partner on resiliency strategies.

4. Enhance

Continuously improve your BCM program. Consider ISO 23001 as a reference.


Existing standards for BCM assessment (e.g. ISO 22301) are labor intensive and costly. Few healthcare suppliers currently possess this level of industry certification. Providers lack a practical toolset by which to validate whether a trading partner has appropriate BCM fundamentals in place. Suppliers lack a common framework by which to communicate and provide evidence to their resiliency preparations.


Business Continuity Management Implementing and maintaining a business continuity management (BCM) program is essential to the development of business continuity plans to ensure continuous delivery of products and services to customers.


A BCM program is intended to prepare for, provide and maintain controls and capabilities for managing an organization’s overall ability to continue to operate during disruptions within acceptable time frames at predefined capacity.

Business Continuity Plan

Documented information that guides an organization to respond to a disruption and resume, recover and restore the delivery of products and services consistent with its business continuity objectives.


An effective business continuity plan will:

  • Safeguard personnel, contractors, vendors, and other constituents
  • Meet the requirements to continue and recover critical organization functions
  • Protect the organization’s critical functions and assets
  • Reduce the likelihood of disruption
  • Shorten the period of disruption


Deploy this framework for all essential supply chain relationships. Future iterations may be augmented by evidenced based reviews to further validate BCM practices. Such reviews could conceptually be self-serve and validated by the organization’s internal audit.

Why should I complete the BCM?

Increase risk awareness and mature mitigation.

In addition, their are several great reasons to complete the BCM:

  • Delight your customer
  • No cost
  • Secure platform
  • Confidential results (unless you choose to share)
  • Standardized
  • Simplify how you demonstrate your commitment to resiliency with customers
How do I complete the BCM?

We recommend the online option made available at no cost through Supply Risk Solutions (SRS).  If you choose the SRS option, you’ll be able to store your response securely, control which customers can view, and receive annual reminders to update your submission as needed to ensure accuracy (summary).

  1. Contact SRS to obtain login
  2. Go to SRS supplier portal
  3. Complete the self-assessment
What if I don't like my score?

By default, no one can see your results except for you.  Upon completion of the self-assessment, you can choose any of the following options:

  • Share with all customers
  • Share with select customers
  • Keep for internal purposes only
  • Receiving complementary training
  • Repeat the exercise to improve your score
  • Delete the assessment

In other words, you are in control.

What is considered a normal score?

In 2020, a leading healthcare provider surveyed 65 of its top suppliers.

  • 1 in 3 had a favorable score
  • 1 in 3 had a mid-range score
  • 1 in 3 had a poor score

In other words, the industry bell curve is still maturing.  Regardless of your score, the emphasis is on growth, not perfection.