What is Business Continuity Management?
Business Continuity Management is defined as a:
Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (International Glossary for Resiliency)
Business Continuity Management (BCM) integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity) and Business Continuity (organizational/operational relocation).
Throughout the profession, definitions of Business Continuity Management abound. However, research conducted by the DRI International Glossary Committee identifies the most accurate description of Business Continuity Management as the definition from the ISO 22301 standard cited above. As part of an ongoing process to create and maintain an international glossary, the committee determined the best-in-class definitions for commonly used BCP/DR terms. Creation of the glossary document involved an independent body of highly respected volunteers examining existing recognized definitions and reaching a consensus on which source(s) reflected the most accurate meaning.
The Value of Business Continuity Management
The reasons to have a robust Business Continuity Management program are many and the scope of such a program is enterprise-wide. Here is a list of some of the top reasons that make Business Continuity Management a priority:
Legal and Regulatory Compliance
Regulation: There are over 120 regulations that mandate Business Continuity Management across a variety of industries, including but not limited to:
- Financial Services - Federal Financial Institution's Examination Council (FFIEC), Financial Industry Regulatory Authority (FINRA), Financial Services Authority (FSA), among others
- Energy - North American Electric Reliability Corporation (NERC) and Federal Energy Regulatory Commission (FERC)
- Healthcare - Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Joint Commission on Accreditation of Healthcare Organizations (JCAHO)
- International - The International Regulatory Framework for Banks (BASEL III) and all Central Banks have Business Continuity Management requirements
Negligence: Court decisions, the basis for common law, have ruled that "failure to prepare" as well as "failure to plan" are grounds for negligence. Negligence is defined as a part of tort or personal injury as "a failure to use that degree of care that any prudent person would use under the same or similar circumstances."
Demands by Organizations for their Vendors
Customer demand: Requests for Proposal (RFPs) now require potential vendors to demonstrate that they have Business Continuity Management programs in place.
Regulation: There are regulatory requirements that govern preparedness in the supply chain. Specifically, federally chartered banks are governed by the FFIEC and the OCC (Office of the Controller of the Currency), which charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks. For healthcare organizations, the primary regulatory consideration in the supply chain is covered under HIPAA. All of these regulations call for ongoing monitoring of the third party's activities and performance.
Smart business: It is a competitive advantage for companies to have a resilient supply chain that will make them better able to respond to a disruption than their competition. This ability will make the prepared company a more attractive supplier to larger organizations that will benefit from the increased reliability of the smaller business.
To Maximize Insurance Coverage
Business Continuity Management increases an organization's ability to provide risk transfer information, including in the:
- Analysis Phase of Business Continuity Management: Organizations conducting a Business Impact Analysis (BIA) will be able to ascertain the profit losses as well as the amount of fixed costs that must be paid in the event of an incident that triggers an insured peril. This calculation will help quantify the proper amount of Business Interruption Insurance (BI). The BIA similarly helps to calculate Contingent Business Interruption Insurance (CBI) and Supply Chain Insurance reimburses lost profits resulting from an interruption of business at the premises of a customer or supplier.
- Strategy Phase of Business Continuity Management: Extra Expense Insurance provides for maintaining the operations of an insured item after an accident until normal operations can be restored.
Reputation and Resilience Management
Business Continuity Management can help organizations protect their reputation and increase their resilience in the face of adverse circumstances, whether internal or external. Business Continuity Management can help to protect the brand from a variety of risks, including cyber risks, deliver to customers as promised, and reduce downtime and the cost of recovery in the event of an incident.