Continuous Improvement, What next?

This week’s top tip focuses on where to seek information and highlights a recently released report which contains useful and valuable information.

A fundamental expectation of all ‘best practice’ ISO management systems is the requirement for a programme of continuous improvement.  There is often a danger within all organisations that

programmes can be too inward-looking, insular if you like, with ongoing risk mitigation being operationally rather than strategically focused.

You need to identify reliable sources of external information that provide valuable threat/risk information and a guide as to where your continual improvement efforts should be focused.

A good example of information available to support this review is the BCI’s Horizon Scan Report:

This report is published on an annual basis and provides a plethora of statistics on business threats secured by the BCI and BSI by engaging with over 500 risk practitioners operating within a broad range of private and public sector organisations. 

Having been published on an annual basis for the last eight years, the report takes a consistent approach to its assessment of business resilience risk, allowing the identification of emerging threats to organisations of all size and in different geographical areas.  Statistics are provided on both previous, current and predicted threat levels.  Equally the report looks to quantify the potential impact of threats.

This type of information is invaluable as an external view of business analysis threats and can also allow you to benchmark your own risk view against that of organisations of a similar size, operating in similar markets.

Key points to look at include:

  • P6Top ten disruptions in the last 12 months – this is based on real information, not gut feel or supposition but actually what is happening.  In addition to providing information for you to consider in your planning process, this is a great source of scenario ideas for exercises!
  • P7 – Top ten threats – (and p10 – 17 for further information) are you considering these within your risk assessment process?

Identifying and utilising reliable sources of external information to inform and challenge your thinking can provide real benefit.   Such sources can also provide increased organisational ‘buy-in’ into risk treatment identified through internal risk assessment. 


LEarn more about Information Security ISO 27001, Business Continuity ISO 22301, Risk management and how to reach compliance.