Business Continuity Management Systems Clarified with UAE’s Newest NCEMA 7000 Standard

The United Arab Emirates (UAE) recently published an update to its National Standard for Business Continuity Management System (Specifications), also known as AE/SCNS/NCEMA 7000, and I played a role in shaping this standard.

The goal of this standard is to strengthen business continuity in the UAE and help organizations prepare to handle crises and disruptions.

While the UAE has made this standard mandatory for all government and private sector entities in the UAE, we anticipate much of the Gulf Cooperation Council (GCC) counties will likely join in as well.

What is NCEMA 7000:2020?

The UAE created the National Emergency Crisis and Disaster Management Authority (NCEMA) back in 2007 with a goal of improving the UAE’s abilities to respond to emergencies and crises for public and private organizations.

NCEMA released the first standard, AE/HSC 7000:2012, in 2012, and then updated it in 2015, with the third and most current update following in 2020.

Similar to what we’re seeing elsewhere around the globe, this standard emphasizes operational resilience, not just plan-building and process documentation. The standard relies on business continuity management systems (BCMS) concepts and processes to enhance business continuity performance relevant to each organization’s unique environment and other factors.

NCEMA 7000:2020 alignment with ISO 22301, but adds additional guidance, with content adjustments, to help improve usability.

What’s Different From Previous Versions?

The core adjustments from the 2015 version to the 2020 version include:

• Language, structure, and content simplification to make it easier to understand, with the goal to increase adoption
• Takes into consideration local requirements based on feedback from government agencies and other organizations that have already implemented previous versions of the standard
• Aligns with ISO 22301:2019 and draws on ISO 31000: 2018(E) for risk management-related leading practice
• Gives guidance about each clause’s purpose and desired outcomes, with cross-references embedded throughout for clarification

Why is NCEMA 7000:2020 Important?

NCEMA sponsored the development of this business continuity standard to help government agencies and their public partners:

• Protect against and reduce disruption frequency
• Prepare for, respond to, and recover from disruptions
• Facilitate effective implementation based on organizational priorities
• Enhance operational resilience and national stability

The goal is to ensure organizations have capabilities to continue essential operations when facing disruption, secure supply chains for essential operations, and develop effective continuity plans that help them resume operations and return to business as normal as quickly as possible.

A Look at the Framework

NCEMA 7000:2020 provides a business continuity framework for all organizations, regardless of size or complexity. It outlines core areas to help organizations develop a business continuity program, while aligning it with international standards, organizational culture, and embedding it into day-to-day functions.

The framework outlines:

• Top management roles and responsibilities
• Management system roles and responsibilities
• Management system planning
• Approvals and documentation

The standard provides guidance for organizations as they look to develop or mature their business continuity management system (BCMS) as well as determine priorities, scope, and objectives. It provides further guidance on how to build organization-wide support for a BCMS, including ensuring the right people are involved, they perform roles and responsibilities with competence, and are aware of the importance of business continuity for operational resilience.

Other areas of focus include:

• Considerations for including external partners in BCMS development
• Communications about BCMS to internal and external parties, including guidance about communication methods, timing, and responsibilities
• Change management processes
• Effective documentation creation
• Documentation controls

NCEMA 7000:2020 BCMS Operations

The standard guides organizations to:

• Understand impacts resulting from a variety of sources of disruption
• Identify activities and resources where disruption could increase impact
• Prioritize activities based on stakeholder impact and establish relationships among products/services, activities and resources
• Evaluate the risk of disrupting high-priority activities and resources
• Plan when—and how—to resume high-priority activities and recover affected resources

It goes on to emphasize the importance and roles of plans and controls, business impact analysis (BIA), risk assessments, strategies, and resources, including people facilities, budgets, supplies, providers, and infrastructure needs.

Finally, the standard helps organizations plan disruption response, with guidelines covering a gamut of resilience strategies including:

• Response design and content
• Response requirements, including management and control
• How to identify an incident and respond
• Effective communication
• Overview of recovery activities for technology systems
• How to resume prioritized activities
• How to return to business as normal
• How to design and conduct exercises and tests
• How to manage, monitor, and measure program effectiveness, including preparing for audits and ensuring program compliance

Business Continuity Strategy for Resilience

As a business continuity professional, you likely understand that true operational resilience hinges on adopting business continuity as a strategy that’s aligns and integrated with your organization’s goals and objectives so continuity becomes an integral part of the way you do business.

NCEMA 7000:2020 helps build program resilience by providing standards to help your organization focus on continuous improvement and how to close program gaps.

See the full standard here: https://www.ncema.gov.ae/vassets/6d82b712/AE_SCNS_NCEMA_7000_2015_ENGLISH.pdf.aspx

Need help adjusting your program to align to NCEMA 7000 or other business continuity standards? We can help! Let’s chat about how Castellan can help.