Business Continuity Management is
"a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response which safeguards the interests of its key stakeholders, reputation, brand and value creating activities" (source - Business Continuity Institute)
In addition to the definition we set out below informative & independent comments from a recent survey of Business Continuity (BC):
- BC has moved from being an IT function to a function on its own where IT is just a part of the whole.
- BC and IT security have been more closely aligned, with staff taking on responsibilities in both areas.
- Risk analysis introduced as opposed to just a BC Plan
- Primarily focused upon "facilitation" previously and embedding the culture and ownership of BCM within business areas. To ensure momentum and the subject does not disappear into the "strategic void" this is demanding that we continually drive the business along the BCM path.
- Added crisis management arrangements and information security.
- More integration with disaster recovery and crisis management.
- More security activities, more problem management participation, less technical knowledge required, more audit knowledge required.
- More crisis management issues expected to be managed - not just BC Plans.
- The range of credible hazards has increased dramatically without organizations comprehending the consequences upon operations and the organization.
- There is a lot of misunderstanding about business continuity, and senior managers have a tendency to panic, jump on the buzz-words and not really know what they are asking for. This has been fuelled by Sept 11 and Bali and so we are spending a lot more time educating and fire fighting and trying to get people to understand that BC is an ongoing program not just a 3 month project.
- Merging the IT BC plan with the other BC plan as well as collaborate with security, facilities management and insurance
- More regulatory compliance focus.
- Business continuity and risk management added to emergency management.
- The title health & safety manager is fast becoming old hat. Far more outside influences on the business require a different approach to managing safety or risks, In my organization BC has grown from managing safety to recognising the hazards, identifying the risks and recommending/driving through solutions. This has incorporated disaster, emergency and business continuity.
- Previously my role included some project management work, but now I am responsible just for business continuity for all of our customer contact centres. There is a lot more focus on it now.
- Physical security plus information security.
- OH & S and business continuity are one.
- BCM now includes information security
- Business continuity combines with disaster recovery emphasises business assumptions and Recovery Time Objectives/Recovery Point Objectives.
- More involvement in risk assessments, more recovery tests at DR site, more testing of employees on their knowledge of company's BC Plan so they know what to do in the event of a problem.
- The initial work was around getting BC plans and structures to support them in place. The emphasis now is more on resilience and management of critical incidents - whilst maintaining and developing plans too.