July 2020
Business Continuity Management Value
In this week’s blog, I am reflecting on the top three reasons for a business continuity program. Our recent experience with COVID-19 has demonstrated an established Business Continuity Management Program’s value. Throughout the pandemic, the benefits of having a business continuity program are clear versus companies without a real-time management system. Regardless of the state of readiness your company had for the pandemic, having a continuity program in place gave it a strong foundation. From this framework, companies pivoted their strategies and adjusted to the worldwide threat. Even if your company is locally or regionally based, it likely has global interconnectedness with customers and suppliers.
Few businesses prepared for the level of risk or the duration of the impact of this event. According to the World Health Organization, a pandemic is the worldwide spread of a new disease. The term indicates an extensive range, our most recent experience with an epidemic before SARS-CoV-2 was H1N1. Although virulent, our ability to manage this event may have given us a false sense of security. Many companies still have not adequately invested in a management program for business continuity. I wrote about Why Businesses Fail At Disaster Planning last year if you want to explore this topic further.
What is Business Continuity Management?
Business Continuity Management (BCM) is a risk mitigation, control, and administration system a company puts into place to address crisis events. Not only should it address technological interruptions but also operational disruption. At its most cohesive, it aligns crisis response, business recovery, planning, risk identification, controls, and encourages mitigation. The International Organization for Standardization established ISO22301 in May 2012 to guide best standards for program governance, structure, plans, execution, and maintenance. According to DRI International, across industries, there are over 120 regulations that require Business Continuity Management.
#1- Established structure and organization
Not having a continuity structure in place puts your company at a severe disadvantage. In today’s marketplace, it leaves your business exposed to a continuum of threats. Adverse events are not avoidable, but their impact gets lessened by establishing a durable foundation. Depending on the scale of your company, the program does not need to be complicated. However, business continuity is an ongoing process of review and renewal.
By implementing a management system for business continuity, you bring together the varied disciplines of planning, crisis, emergency response, technology recovery, and third party risk. All of these components work together to understand what hazards your organization is most susceptible to if they occur. After completing a risk assessment, a BCM program helps you to build strategies around how to address them. Companies who invest in an ongoing program framework find themselves able to handle emergency events capably no matter the circumstances. It also includes a process to improve response post-event. Having a structure in place makes it easier to get buy-in from management and individual contributors as they already have an understanding of its function.
#2 - Identifies risk and controls
At its base, the program helps identify what the most significant threats are to the enterprise. When implemented, it puts a cyclical process in place to understand, and best respond to them to limit the operational damage. The core approach to do this is to conduct risk and business impact assessments. Completing the two endeavors well positions your company for the final step, which is to put controls into place to alleviate the impacts for business outages.
These controls come in the form of developing business continuity plans that include mitigation tools like emergency and recovery teams. The teams respond in times of crisis and are pre-trained to handle emergencies. It also includes response mechanisms and recovery strategies. A continuity plan also contains protocols and procedures for recovery. Last, a BCM program embeds compliance requirements to test and keep the data up-to-date.
#3 - Develops resilience
The long-term value of BCM is that it assists your business in building resilience to crisis events. Creating plans is one step, but keeping your employees invested is golden. Having them review the processes and exercise new incidents pays dividends in the long run. The program helps people grasp the basic concepts of how to deal with crises successfully. Continued underwriting of BCM builds muscle memory in the organization so that people are familiar with what to do. Additionally, it provides transparency about the responsibilities of each business process.
I see a vast difference in the effectiveness of companies who had the foresight to support a continuity structure. Although most countries have regulations in place for BCM, companies who embrace the challenge are benefiting today. Leadership who did not are recognizing the need to improve or put something into place. You only need to see the flood of business continuity jobs coming on-line to see how some businesses were caught flat-footed. Regardless, I hope that companies will take the opportunity to learn from COVID-19 and develop more robust programs. For many, the success of their companies is on the line. Across the board, the well-being of employees is at stake.
Resilience in this area is essential for several reasons. A continuity program helps the organization instill mechanisms to deal with adverse events. BCM also protects the org and employees from situations that could otherwise be overwhelming. Last, it inoculates the enterprise, making it stronger overall and better able to bounce back from events like COVID-19.