Business Continuity Management (BCM) integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity), and Business Continuity (organizational/operational relocation). It’s important to designate who will manage business continuity. It could be one person if it’s a small business, or it could be a whole team for a larger organization. Business continuity management software is also an option.
Business continuity is an evolving process. As such, an organization’s business continuity plan shouldn’t just sit on a shelf. The organization should communicate its contents to as many people as possible. Implementation of business continuity isn’t just for times of crisis; the organization should have training exercises, so employees know what they’ll be doing in the event of an actual disruption.
Business continuity testing is critical to its success. It’s difficult to know if a plan is going to work if it hasn’t been tested. A business continuity test can be as simple as a tabletop exercise, where staff discusses what will happen in an emergency. More rigorous testing includes a full emergency simulation. An organization can plan the test in advance or perform it without notice to better mimic a crisis.
Once the organization completes a test, it should review how it went and update the plan accordingly. It’s likely that some parts of the plan will go well but other actions might need adjusting. A regular schedule for testing is helpful, especially if the business changes its operations and staff frequently. Comprehensive business continuity undergoes continual testing, review, and updating.
Establishing and maintaining business continuity management processes begins with three steps:
- Defining business continuity management
- Identifying and defining the key components of a viable BCM framework
- Placing BCM in the context of organizational risk management
However, research conducted by the DRI International Glossary Committee identifies the most accurate description of Business Continuity Management as the definition from the ISO 22301 standard cited above. As part of an ongoing process to create and maintain an international glossary, the committee determined the best-in-class definitions for commonly used BCP/DR terms. The creation of the glossary document involved an independent body of highly respected volunteers examining existing recognized definitions and reaching a consensus on which source(s) reflected the most accurate meaning.
Business continuity management is a subset of companywide or enterprise risk management. BCM’s rising importance and IT-based history have caused internal debates about who owns the BCM function and how BCM relates to a company’s existing risk management efforts.
Again, business continuity management is a subset of a larger risk management strategy. The most significant difference between risk management and business continuity management relates to the output of each process. Risk management strategies (risk avoidance, risk acceptance, or risk mitigation through risk reduction, risk-sharing or transfer of the risk) are “pre-event” responses to perceived risks.
Most BCM strategies and tactics focus on the processes that need to take place after an event or disaster occurs; the objectives of those processes are to restore the business to normal operations as efficiently and effectively as possible.
The need for business continuity management capabilities continues to increase due to the following drivers:
- A rise in the number of natural and man-made business interruptions
- The growing impact of business interruptions on organizations due to rising business interconnectivity
- The essential obligation to protect, preserve and build value
- New regulations and guidelines pertaining to BCM
- The business benefits of effective business continuity management
- The generally insufficient quality of existing corporate BCM capabilities.
Business Continuity Management can help organizations protect their reputation and increase their resilience in the face of adverse circumstances, whether internal or external. Business Continuity Management can help to protect the brand from a variety of risks, including cyber risks, deliver to customers as promised, and reduce downtime and the cost of recovery in the event of an incident.