Business Continuity Management Systems Clarified with UAE’s Newest NCEMA 7000 Standard
The United Arab Emirates (UAE) recently published an update to its National Standard for Business Continuity Management System (Specifications), also known as AE/SCNS/NCEMA 7000, and I played a role in shaping this standard.
The goal of this standard is to strengthen business continuity in the UAE and help organizations prepare to handle crises and disruptions.
While the UAE has made this standard mandatory for all government and private sector entities in the UAE, we anticipate much of the Gulf Cooperation Council (GCC) counties will likely join in as well.
What is NCEMA 7000:2020?
The UAE created the National Emergency Crisis and Disaster Management Authority (NCEMA) back in 2007 with a goal of improving the UAE’s abilities to respond to emergencies and crises for public and private organizations.
NCEMA released the first standard, AE/HSC 7000:2012, in 2012, and then updated it in 2015, with the third and most current update following in 2020.
Similar to what we’re seeing elsewhere around the globe, this standard emphasizes operational resilience, not just plan-building and process documentation. The standard relies on business continuity management systems (BCMS) concepts and processes to enhance business continuity performance relevant to each organization’s unique environment and other factors.
NCEMA 7000:2020 alignment with ISO 22301, but adds additional guidance, with content adjustments, to help improve usability.
What’s Different From Previous Versions?
The core adjustments from the 2015 version to the 2020 version include:
Language, structure, and content simplification to make it easier to understand, with the goal to increase adoption
Takes into consideration local requirements based on feedback from government agencies and other organizations that have already implemented previous versions of the standard
Aligns with ISO 22301:2019 and draws on ISO 31000: 2018(E) for risk management-related leading practice
Gives guidance about each clause’s purpose and desired outcomes, with cross-references embedded throughout for clarification
Why is NCEMA 7000:2020 Important?
NCEMA sponsored the development of this business continuity standard to help government agencies and their public partners:
Protect against and reduce disruption frequency
Prepare for, respond to, and recover from disruptions
Facilitate effective implementation based on organizational priorities
Enhance operational resilience and national stability
The goal is to ensure organizations have capabilities to continue essential operations when facing disruption, secure supply chains for essential operations, and develop effective continuity plans that help them resume operations and return to business as normal as quickly as possible.
A Look at the Framework
NCEMA 7000:2020 provides a business continuity framework for all organizations, regardless of size or complexity. It outlines core areas to help organizations develop a business continuity program, while aligning it with international standards, organizational culture, and embedding it into day-to-day functions.
The framework outlines:
Top management roles and responsibilities
Management system roles and responsibilities
Management system planning
Approvals and documentation
The standard provides guidance for organizations as they look to develop or mature their business continuity management system (BCMS) as well as determine priorities, scope, and objectives. It provides further guidance on how to build organization-wide support for a BCMS, including ensuring the right people are involved, they perform roles and responsibilities with competence, and are aware of the importance of business continuity for operational resilience.
Other areas of focus include:
Considerations for including external partners in BCMS development
Communications about BCMS to internal and external parties, including guidance about communication methods, timing, and responsibilities
Change management processes
Effective documentation creation
NCEMA 7000:2020 BCMS Operations
The standard guides organizations to:
Understand impacts resulting from a variety of sources of disruption
Identify activities and resources where disruption could increase impact
Prioritize activities based on stakeholder impact and establish relationships among products/services, activities and resources
Evaluate the risk of disrupting high-priority activities and resources
Plan when—and how—to resume high-priority activities and recover affected resources
It goes on to emphasize the importance and roles of plans and controls, business impact analysis (BIA), risk assessments, strategies, and resources, including people facilities, budgets, supplies, providers, and infrastructure needs.
Finally, the standard helps organizations plan disruption response, with guidelines covering a gamut of resilience strategies including:
Response design and content
Response requirements, including management and control
How to identify an incident and respond
Overview of recovery activities for technology systems
How to resume prioritized activities
How to return to business as normal
How to design and conduct exercises and tests
How to manage, monitor, and measure program effectiveness, including preparing for audits and ensuring program compliance
Business Continuity Strategy for Resilience
As a business continuity professional, you likely understand that true operational resilience hinges on adopting business continuity as a strategy that aligns and is integrated with your organization’s goals and objectives so continuity becomes an integral part of the way you do business.
NCEMA 7000:2020 helps build program resilience by providing standards to help your organization focus on continuous improvement and how to close program gaps.
Kristin Agnelli brings 15 years of marketing experience to the Castellan team. As Vice President of Global Marketing, Kristin is responsible for the strategic direction and operational execution of all global marketing team functions including brand, demand generation, digital marketing, communications, and business development. Her mission is to accelerate company growth by raising brand awareness and preference within the business continuity community. When she’s not at work, she enjoys spending time with her husband and two boys traveling, attending Broadway musicals, and escaping to the beach whenever possible.
Get resilience insights delivered to your inbox.
Ready for some hands-on help? Let’s discuss how to best achieve your resilience goals.