Build a robust and resilient organization with BCMS (ISO 22301)

It’s never been more important to protect your business from the unexpected. Whether this is from power cuts, IT system or equipment failure, industrial action, or natural disaster, you need to make sure your business is not vulnerable to disruption and you can recover as quickly as possible.

Statistics indicate that 80% of organisations that are faced with a significant business discontinuity, and do not have in place adequate and appropriate plans to ensure business continuity, do not survive the event. Don’t let this happen to you.

We provide complete consultancy and competency building services for BCM implementation in line with ISO 22301, NCEMA 7000 and other established frameworks.

At Northstar we have the experience to help make sure you get the most from ISO 22301. In fact, it was our experts who helped shape its precursor, in the first place

What is Business Continuity Management?
Business Continuity Management is defined as a:

Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

Business Continuity Management (BCM) integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity) and Business Continuity (organizational/operational relocation).

Implementation of BCM involves: 
  • Identification of potential risks that may cause disruptions
  • Identification of financial and non-financial impact of potential disruptions
  • Identification of key products and services, and critical business functions
  • Formulation and implementation of viable recovery strategies and plans
  • Formulation and implementation of viable recovery strategies and plans
  • Awareness, Training, Exercising and testing of these plans
  • Regular maintenance, review and updation of the analysis, strategies and plans, to have the assurance and peace of mind that the plans continue at all points in time to support the changing needs of the organization

We have to date participated in over 40 ISO 22301, NCEMA 7000, BS 25999 engagements, either as the Consultants, Assessors, Technical Experts or Trainers, and have an excellent track record of high quality delivery of BCM engagements within time and cost budget.

BCM Framework or Elements of BC Programme

ISO 22301 adopts a 6-element BCM approach to represents the continuous operations of the BC programme within the organization. These six elements of the BC Programme are:

  • Understand the Organization
  • Selecting Business Continuity Options
  • Developing and Implementing a Business Continuity Response
  • Exercising and Testing
  • Business Continuity Programme Management
  • Embedding Competence and Awareness

Why Business Continuity Management

The reasons to have a robust Business Continuity Management program are many and the scope of such a program is enterprise-wide. Here is a list of some of the top reasons that make Business Continuity Management a priority:

Legal and Regulatory Compliance

Regulation: There are over 120 regulations that mandate Business Continuity Management across a variety of industries,

Negligence:  Court decisions, the basis for common law, have ruled that "failure to prepare" as well as "failure to plan" are grounds for negligence. Negligence is defined as a part of tort or personal injury as "a failure to use that degree of care that any prudent person would use under the same or similar circumstances."

Demands by Organizations for their Vendors

Customer demand: Requests for Proposal (RFPs) now require potential vendors to demonstrate that they have Business Continuity Management programs in place. Regulation: There are regulatory requirements that govern preparedness in the supply chain.

Smart business:  : It is a competitive advantage for companies to have a resilient supply chain that will make them better able to respond to a disruption than their competition. This ability will make the prepared company a more attractive supplier to larger organizations that will benefit from the increased reliability of the smaller business.

To Maximize Insurance Coverage

Business Continuity Management increases an organization's ability to provide risk transfer information, including in the:

  • Analysis Phase of Business Continuity Management: Organizations conducting a Business Impact Analysis (BIA) will be able to ascertain the profit losses as well as the amount of fixed costs that must be paid in the event of an incident that triggers an insured peril. This calculation will help quantify the proper amount of Business Interruption Insurance (BI). The BIA similarly helps to calculate Contingent Business Interruption Insurance (CBI) and Supply Chain Insurance reimburses lost profits resulting from an interruption of business at the premises of a customer or supplier
  • Strategy Phase of Business Continuity Management: Extra Expense Insurance provides for maintaining the operations of an insured item after an accident until normal operations can be restored.

Reputation and Resilience Management

Business Continuity Management can help organizations protect their reputation and increase their resilience in the face of adverse circumstances, whether internal or external. Business Continuity Management can help to protect the brand from a variety of risks, including cyber risks, deliver to customers as promised, and reduce downtime and the cost of recovery in the event of an incident. 

“Contact our team today to receive a free no-obligation competitive quotation from our dedicated business development team. We will devise a comprehensive quote which will be agreed in line with your requirements.”

Crisis Management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event.

A Crisis is defined as a significant threat to business operations that can have severe negative consequences if not handled properly – in terms of reputation/brand/revenue loss. Crisis Management relates to management of the incident in an effective manner. While a Crisis does not make the system or facility inoperable, inappropriate Management of the Crisis could lead to inability to deliver the key products and services – i.e. a Business Continuity issue.

Why Crisis Management:

It is said that it takes years and years of nurturing to build a reputation, but only moments to tarnish it. Crisis Management and Crisis Communications often comprise the initial response from any organization. Only after effective response does effective recovery and restoration commence.

Effective Crisis Management is critical for an organization to protect the reputation and image of the company – while ineffective or inappropriate crisis management could effectively destroy the future of the company. Conversely, Effective Crisis Management in the face of a disaster situation could even help enhance the image of the company, and in the long run contribute in a major way to the growth and proliferation of the company. Proactive and effective Crisis Management could prevent an incident from escalating, and save valuable assets such as human life, physical assets, reputation and financials – and thus perhaps even change the course of history.

Other crisis management best practices include: 
  • Planning in detail for responses to as many potential crises as possible.
  • Establishing monitoring systems and practices to detect early warning signals of any foreseeable crisis. 
  • Establishing and training a crisis management team or selecting an external crisis management firm with a proven track record in your business area
  • Involving as many stakeholders as possible in all planning and action stages


Through our expertise in Crisis Management and Communications, we can help you with:

  • Conducting a GAP Assessment for your Crisis Management Plans/preparedness
  • Implementation of Crisis Management in line with BS25999 Best Practices
  • Tracking and monitoring of Crisis Management Gap closure
  • Strategic Risk Assessment with Company Senior Management
  • Developing and signoff of the Incident Management Structure/Incident Management Plans
  • Conducting Crisis Management Tests and Exercises, including preparation of Exercise report
  • Internal Audit of Crisis Management vs. Global Best Practices
  • Third party Audits of the Crisis Management readiness processes on behalf of Principals/Customers
  • Specialized Crisis Management manpower outsourcing
  • Annual/Periodic Maintenance and Assurance Audits of your Crisis Management preparedness
  • Conducting an MR for your Crisis Management readiness

Please write to us for further information on our offerings in Crisis Management Training and Consulting

“Contact our team today to receive a free no-obligation competitive quotation from our dedicated business development team. We will devise a comprehensive quote which will be agreed in line with your requirements.”

Green IT & Energy Management

Green IT, or green computing, is manufacturing, using and disposing of PCs, servers, peripherals and other hardware in environmentally friendly ways. Green IT practices revolve around reducing energy consumption and disposing of equipment responsibly.

Best benchmarked industry practices and greener IT solutions reduce energy and water consumption, besides waste generation. The goal is to have a high level of ICT reliability, availability, and customer satisfaction by alignment with overall organisational sustainability efforts. Energy-efficient, industry processes and manufacturing technologies can be adopted. Proper planning, effective implementation, and continuous review will help in establishing greener, cost-effective ICT solutions.

It’s a no-brainer to ask your users to turn off their devices when they aren’t using them, but there’s a lot more you can do to save energy:
  • Buy energy efficient products. Look for Energy Star and EPEAT ratings.
  • Encourage your employees to change their work habits by using telecommuting, teleconferencing and video conferencing technology.
  • Use power management software to manage devices across your network
  • Change printer configurations to use less paper and ink
  • Implement server and storage virtualization and use cloud computing services
  • Make sure server rooms and data centres are energy efficient, that cooling systems are running at maximum efficiency and leaks are plugged.

The business value of green IT

Cost savings are a major reason why green IT has momentum. Reduced spending on equipment and energy, paper and ink, tax breaks and other financial incentives make green IT a practical way for companies to save money.

Environmental regulations created to address climate change force businesses to be environmentally friendly. Consequently, new economic opportunities exist. Supplying and servicing energy efficient equipment and developing green technology are just some of the ways in which companies can grow revenue and fuel job growth in a low-carbon economy.

Investing in green IT, and telling people about it, is good PR. Polls indicate people believe global warming is a real threat and that more needs to be done to combat climate change. Companies demonstrating initiative in this area show they are responsive to investors, customers, and consumers alike.

Specific benefits of implementing Green IT are:

An Eco infrastructure tour

If you imagine your IT infrastructure as everything that connects to your network, you have something that looks like an upside-down tree.

  • Developing your Green IT Policy, Strategy and Action Plan
  • Helping you in developing your IT roadmap through Green IT Maturity Assessment Study  
  • Helping you with your CDP (Carbon Disclosure Project) Application writing
  • Helping you with your GRI (Global Reporting Initiative) Report development (triple bottom-line reporting)
  • Helping you in establishing your Carbon Footprint and managing it through Carbon Offsetting
  • Conducting your datacentre Energy Audits
  • Designing your datacentre for Energy Efficiencies
  • Developing your Environmental Sustainability Program
  • Helping you with CDM (Clean Development Mechanism) projects
  • Helping you in your e-waste management program
  • Green IT solutions (document management, work flow automation)
  • ISO 14001 Implementation

Enterprise Risk Management

Enterprise risk management (ERM) is a structured, consistent, and continuous risk management process applied across an entire organization that allows companies to better understand and address material risks. Corporate boards, ratings agencies, and regulatory bodies are among the key drivers for advancing ERM.

The implementation of ERM can facilitate better capital resource allocation decisions, increase operational efficiency, and enhance a company’s risk control efforts to support critical strategic, compliance, and governance initiatives. Northstar Safety Systemz can help your organization apply an integrated approach to identifying and assessing business-critical risks, evaluating existing risk management infrastructure elements, and constructing continuous, in-depth ERM processes.

ISO 31000:2009 is an international guideline standard for Risk Management, which defines risk “as the overall process of risk identification, risk analysis, risk evaluation, and risk response”.

What You Get
  • A proven process to help you identify and assess material risks, develop specific mitigation strategies, and assess enterprise-wide technology platforms for ongoing monitoring and reporting.
  • The ability to create a holistic, enterprise-wide risk aware culture, drawing upon Northstar’s expertise in industry issues, risk analysis, analytics, organizational change, and risk technology.

Identification, Assessment, Analysis, and Prioritization

Current State/Gap Analysis

When considering the steps necessary to implement an ERM framework, it is useful to first identify and compare your organization’s existing capabilities relative to what capabilities management would like to have in place. MRC provides a current state assessment, as well as a gap analysis against best practice and a benchmarking report.

Risk Identification and Assessment

Risk identification and assessment is a critical framework component. We take a structured approach to assess risks specific to your organization. This includes the collection, identification, categorization, prioritization, and mapping of risks to align with your organization’s business objectives and strategy. The result is a strategic organizational risk map.

Risk Analysis

Risk analysis enables you to better understand the impact risk has on your organization and your business objectives. Northstar takes a disciplined approach to understanding your risk appetite and developing tolerance thresholds; modelling risks and their variance; providing an analysis of the projected impact of mitigation strategies; assisting you in determining optimal capital allocation; and considering the upside of risk to your business.

Risk Evaluation

A systematic ERM approach calls for the analysis of possible actions taken with respect to each risk—accepting it, managing it, or exploiting it. Moreover, these options typically necessitate an implementation plan. Northstar offers an evaluation of risk treatment options including the projected costs and benefits; identification of risk ownership; the recommendation of tailored solutions appropriate to your business and objectives; and the implementation of risk mitigation strategies.

Risk Reporting

Managing risk across the enterprise requires coordination. The information produced by the various businesses and risk management functions in the risk assessment and analysis phases must be disseminated so that the right people are given the right information at the right time to make informed business decisions. Northstar can help you determine the appropriate needs of your business, its management, and key constituents, and assists in the design of meaningful communication processes and materials.
Our comprehensive approach addresses the needs of board members, senior managers, risk managers, and other internal and external stakeholders.

Technology Strategies

In an effort to sustain risk monitoring and to make risk reporting more efficient, many organizations are turning to technology to support their ERM framework. Northstar works with you to establish principal business requirements; recommends technology solutions; assists you in the development and implementation of a technology infrastructure; and evaluates various software applications.

+91: 8146811171