6 Things You Need to Know About Business Continuity

By Mike Minzes

The Business Continuity Industry has a problem.

A continuity problem.

It can’t agree on what Business Continuity is and how to go about implementing and managing it. 

It’s all over the place. 

Some see it as Disaster Prevention and Management.  Others see it as Safety and Security. Still others see it as a risk management discipline. Some even say it's Emergency Management.

To add to the confusion, there are several, continuity firms, industry trade organizations and agencies that say different things about what Business Continuity is and what it should do for an organization.

There are those who see it as a complex set of requirements and others who see it as a discipline that can't be done by any organization on their own.

There are even software companies that package complex document management systems into software packages and call it Business Continuity Planning (as long as you pay the huge purchase price and recurring fees).

With all this “lack of continuity” in the industry is it any wonder why more businesses and organizations don’t adopt it?

So, let’s take a step back and look at Business Continuity from a "Continuity" stand point.

Business Continuity is not hard to figure out, nor is it complex or confusing. It’s simply a change in thinking and understanding of what Business Continuity really is and how a business or organization goes about implementing it. More importantly, it’s knowing what Business Continuity means.

There are a thousand definitions of what Business Continuity is but there is only one that matters to an organization.

There are 6 things you need to know about Business Continuity before you implement it in your organization, agency or business and be successful at it.

1) Business Continuity is what it is

Business Continuity simply put, is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions.   Nothing more, nothing less.  It’s defining what is critical to the organization and developing strategies to recovery or sustain these services in the event of a crisis or disaster.  Practitioners who don’t understand this, don’t understand what Business Continuity is and can’t develop it in a way that meets the Continuity needs of the organization.

2) Business Continuity is made up of only 4 elements

Critical Services – Services that if lost would have an adverse impact on the organization ability to operate.

Essential Functions that support Critical Services – Functions that support one or more Critical Services

Critical Staff that support Essential Functions – Staff members that support one or more Essential Functions

Operational requirements that support Critical Staff – Necessities that will support Critical Staff during a crisis or disaster (IT Services, Vital Records, Facilities, Orders of Succession, Transportation, Safety and Security, etc.).

If you have this information about your organization, 90% of the Continuity work is done.

3) There are only 3 steps in the management of Continuity

Step 1: Development and Implementation
Initial development of the program and implementation across the organization.

Step 2: Test and Exercise
Testing, exercising and drilling of the plans and strategies.

Step 3: Update and Refine
Updating and refining based on exercise results.

Steps 2 and 3 are repeated every quarter or when something changes in the organization (leadership roles change, new employee that supports an essential function(s) is hired, essential employee(s) leave the organization, new critical services added, etc.).

4) Business Continuity is not a full time job

Business Continuity is an extension of Operations and therefor it is everybody’s job, not just for one or two people and certainly not for a consulting firm. After development and implementation (12 to 18 months) the management of the Business Continuity life cycle needs to be handed over to the organization, not remain with outside resources like continuity firms or contractors. In order for the program to be actionable, the organization needs to take the lead in managing, testing, exercising and updating the plans associated with the program.

Many firms that offer Business Continuity services spend most of their time convincing their customers that they need their firms continued help and support. 

This simply isn't true.

Many of these firms are not offering anything new.  The just take something that has been around for 20 years and repackage it under the title "Too Hard For Your Business To Do"

There are free training and development resources available to use by anyone wanting to maintain and/or improve Continuity in their organization. The organization is more than capable of managing the program because they are already supporting the organization under normal conditions. Nobody knows an organization better than the people employed by it.

Once the program is active, contract support should end.

5) Practitioners need to stand by their work

If a Business Continuity Professional is not willing to submit the entire program to a certification and accreditation agency like FEMA or ISO, then the program has little or no value to the organization. Certification and Accreditation (C and;A) validates that the program is actionable by an outside non-profit organization who specializes in the practice. If a practitioner is confident that the program is actionable, they will be more than happy to have to reviewed and validated by a C and;A organization.

Certification and accreditation should be the primary goal of any Business Continuity Program.

6) There is no software package or consulting firm on the planet that can do Business Continuity better than the organization itself

Period.

Critical Staff are already supporting critical services under normal operations. Why would it be any different under any other condition?

Business Continuity Professionals need to teach the organization how to maintain and execute the program so the organization will know how to survive a crisis or disaster. That is the role of a Business Continuity Professional.

These are the 6 keys to understanding Business Continuity.  Understanding  the true nature of what Business Continuity means and what it is supposed to do makes the program actionable and more likely to succeed in the event of a crisis or disaster.

Once you understand what Business Continuity really is and what it needs to provide to an organization, you can developed a program that serves the interests of the organization. 

And that’s where the true value of any Continuity program lives. In service to the Organization.

Mike Minzes is the Founder and CEO of INEVOLVE SB, a Business Continuity and Disaster Recovery Planning and Implementation company located in Kennesaw, Georgia. Mike has over 20 year of experience on the Business Continuity and Disaster Recovery Industry. For more information on INEVOLVE SB, please visit them at GOBCP.NET
 ______________________________________________________

Posted in: Continuity Basics