The Swedish economy is accelerated from Small and Medium Enterprises (SME’s), overpassing the establishment of large organizations substantially. According to statistics, 1.082.100 out of 1.088.310 companies are small. In other words, 99,43% of enterprises in Sweden are SMEs. Typically, small companies have 1-49 employees, whereby most of them are sole proprietors and self-employed.
Therefore, Business Continuity Planning has not been a priority for these SMEs. There have not been many catastrophes of great magnitude in Sweden so far, hence the enterprises have not been aware of what it means to prepare their business for the worst. In fact, not many of those companies have thought about business continuity at all. However, this phenomenon is slowly growing as a natural part of the management concern for their businesses.
According to statistics, from 2015, only 5 companies of the total amount have implemented ISO 22301. Some reports say that Sweden is among top ten countries with the lowest risk.
When discussing with the management about business continuity they very often say that:
The drawback with this kind of thinking is that they are not prepared at all and they have not thought about the risks in their business.
For at least one employee in Sweden, rules on crisis management are published by the Work Environment Authority. According to the regulation, there must be predetermined routines for the roles employees must undertake in a time of crisis. Though, these procedures should be written down and attached to a crisis management policy. Certainly, anyone who has responsibility for certain actions in a crisis situation should have the resources and training to cope with the task. Moreover, it is the responsibility of the management to implement support measures for traumatic events.
Further, the development of BCMS is driven mostly by the threats and risks faced by companies, both internally and externally. Besides, finding simple, cost effective and personal protective strategies becomes mandatory to ward off the consequences of the threats and risks. Genuinely, the need is to be able to continue its activities to some degree or full recovery despite a crisis occurred; otherwise, customers turn to competitors and win-backs of customers become rather costly. On the contrary, opportunities open up to expand the activities of the company, if fared better than its competitors.
If a company is not prepared for incidents and crises it can’t be sure that they would cope with an ad hoc situation and take all the right decisions under intense pressure. Nevertheless, if a company has planned for the worst then it can handle most of the incidents with the ‘possibility of happenings’ scenarios.
The fact is that if enterprises do not have any plans in place they could lose their business completely and it will take a very long time to come back to ‘business as usual’. Almost all enterprises regardless of their size use laptops, computers, servers, the internet, and a bunch of different software applications and hardware. They use computer ware in their daily work such as in payments, bookkeeping, orders, writing etc. In this context enterprises have SLA, using Cloud or at least they take backup occasionally.
The biggest challenge for SMEs is to raise money and resources to put a continuity plan in place. Many SMEs may not even be aware of what a continuity plan could do for them. This means, there is an education challenge for BCMS consultants, institutions, and others to let the enterprises know that the purpose of continuity planning is to support the business and its needs so that the business can continue – without disruption. Furthermore, the threats are many and varied, but what they have in common is that, if they occur, the organization can risk large financial losses.
Enterprises experience success and failures along the way and many of these will be of their own making. So, when they are hit with a crisis that is completely out of their control such as a fire at the premises, theft or burglary – what can they do to maintain their cash flow and protect their reputation?
ISO 22301 BCMS is designed to help organizations manage the risks that threaten the business and ensure its survival in the event of a disruption.
SMEs that implement ISO 22301 can improve their resilience in the same way as larger organizations. SMEs may have tighter budgets and less time and resources to put the necessary business continuity management processes in place. However, to meet that challenge there should be an alternative approach to implement ISO 22301, make it more compact including only the parts of ISO 22301 that most SMEs need, allowing them to choose the steps they urgently need and take one step at a time to reach their target – implement ISO 22301 BCMS. This could downsize the cost and the complexity of implementing ISO 22301.
If implementing ISO 22301 looks like climbing Mount Everest, SMEs should at least do four things to improve the resilience and chances to survive crises:
PECB
Understanding threats to your business is not only becoming a requirement but is also lining up among the social responsibility framework. With a large impact on the economy, the business world is highly affected by business entities; regardless of where they are situated. According to PECB, having business continuity plans in place will not only ensure fast recovery from unexpected events, but will also protect further development at the state level. As such, PECB will make sure you get high-quality training and a globally recognized certification of ISO 22301; differently referred to as Business Continuity Management Systems.