Hello, this is Hinata Tanaka from Sunny Risk Management. I established "Sunny Risk Management" as the brand of risk consulting in Japan and here is a website in English! I created a Japanese one earlier, and I noticed many people are interested in my site from all abroad so I launched this version to provide more information about me and this brand. I'll use this blog for explaining my business, risk management in Japan, and more! So, as the first article, I'd like to tell you the situation about BCP and BCM in Japan because this is the most important thing for my business and I think those will be a good thing for the future of the country.
Risk management is sometimes considered a necessary element of modern corporate activities. Many companies have been promoting the use of BCP: Business Continuity Plan as a method of achieving highly effective crisis management and there's a time shift from BCP to the promotion of BCM: Business Continuity Management.
The Great East Japan Earthquake of 2011 is one of the reasons why the need for BCM in corporate activities has been recognized among major companies in Japan. This disaster caused widespread damage in Tohoku and Kanto regions mainly, for example, the Pacific coast of Tohoku was hit by a tremor of magnitude 7 on the Japanese seismic scale, and a massive tsunami of more than 10 meters high was also triggered. At that time, some companies that were beginning to formulate BCP had already developed earthquake countermeasures to some extent, but they hadn't anticipated the tsunami or the nuclear power plant accident. In other words, responding to unexpected situations simply by formulating BCP once is difficult. By examining more risks through the BCM process, unexpected situations can be reduced and the ability to respond to them can be improved. After the disaster in 2011, many companies that had previously formulated BCP shifted from BCP to BCM and showed their commitment to being more prepared for possible future disasters.
Here's the other reason why BCM is necessary for corporate activities. Risk, the subject of risk management, is like living organisms that change over time. One example would be ransomware, a well-known cyber-attack. Ransomware is a malicious program that infiltrates a computer, deletes or steals information stored in the computer, and then demands a ransom. To prevent damage from ransomware, security is often enhanced through installing security software on computers, but this has created a game of two sides: enhanced computer security and increasingly sophisticated criminal tactics using ransomware. This is a game of tug-of-war between strengthening computer security and increasing the sophistication of ransomware-based crimes. In other words, as security software becomes more robust, new ransomware is developed to penetrate that security and to prevent ransomware attacks, the security software is strengthened and the ransomware is strengthened again. In this case, companies need to formulate BCP. Can companies say that merely having a BCP in place is sufficient for risk management? Just as ransomware is a risk that is being developed and enhanced daily, BCP needs to be updated to recognize more risks and to be able to respond to them.
Operating BCM means minimizing unexpected events in the BCP and improving the quality of the BCP leading to the establishment of a highly reliable foundation for risk management. In addition, company-wide awareness of risk management can be fostered by conducting drills and other activities. In the future, BCM ey to corporate risk management, including not only the formulation of a BCP its operation, verification, and revision.
Comments