How do you know the Quality of your Business Continuity Programme?

Corporation of London Web Site, May 2003

  

I have been actively involved with Business Continuity for 17 years. During that time, I have seen more and more organisations try to develop plans to protect themselves from the consequences of unexpected events. At different times, in different countries and in different industries the name for that type of plan varies widely. When I started, people talked about Disaster Planning that then lead to Crisis Management, Disaster Recovery, Emergency Preparedness, Contingency and finally Business Continuity.

Regardless of what they are called, many organisations are now asking if these plans are really effective. Senior management want to know:

-Will they work in a real disaster?

-Do they properly reflect business priorities?

-Are they cost effective?

-Do they represent industry Good Practice?

-How can we compare ourselves against similar sized businesses?

In order to address these questions, many organisations are turning to a tried and tested formula - that of audit.

However, an audit without a formal standard of measurement is pointless. That standard can be set internally (corporate directives) or externally (regulatory directives). Alternatively they can be developed from good practices guidelines such as those emanating from the BCI, FSA and the BSI.

The recent publication of the British Standards Institute Publicly Available Specification (PAS56) for BCM should help in providing an independent basis for both auditing BCM processes and ultimately create a benchmark that any organisation can use as a measure.

The next question that will emerge is who is qualified to be a BCM Auditor and in this context the growth of the true BCM professional is key. Industry bodies in the UK and the US are in complete agreement about the need for all BCM practitioners to become certified professionals. Professional certification provides the credentials to help BCM specialists achieve their career goals. Certifying organisations evaluate candidates and ensure they can demonstrate knowledge of the subject matter, often through written or oral examinations, completion of case studies, or completion of a directed research thesis that provides a significant contribution to the profession.

Whether the organisation is hiring a professional to establish a business continuity management program, or appointing an auditor to review and evaluate their existing programmes, they must have confidence that the person is competent. Certification through an established organisation like the BCI provides that confidence.

There is, however, a downside to this position. Most BCM industry insiders are concerned that Business Continuity does not go down the "tick-box" mentality route. It is often claimed that over prescribed approaches like ISO 9000 Quality Standard do more harm than good in promoting the subject they claim to support. The BSI PAS56 has been put together by experienced practical professionals rather than academics, so I am optimistic we can increase our professional standards without losing the ingenuity and imagination that makes BCM so interesting to be involved with. Return to Menu...


Lyndon Bird FBCI

  
   
   
 
Link to Us!