Business Continuity Management is defined as a:
Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (International Glossary for Resiliency)
BCM integrates 4 disciplines:
Business Continuity Management (BCM) integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity) and Business Continuity (organizational/operational relocation).
International Glossary
Throughout the profession, definitions of Business Continuity Management abound. However, research conducted by the DRI International Glossary Committee identifies the most accurate description of Business Continuity Management as the definition from the ISO 22301 standard cited left. As part of an ongoing process to create and maintain an international glossary, the committee determined the best-in-class definitions for commonly used BCP/DR terms. Creation of the glossary document involved an independent body of highly respected volunteers examining existing recognized definitions and reaching a consensus on which source(s) reflected the most accurate meaning.
You can download the PDF file of the glossary by logging into your DRI account or creating one here.
The reasons to have a robust Business Continuity Management program are many and the scope of such a program is enterprise-wide. Here is a list of some of the top reasons that make Business Continuity Management a priority:
Regulation: There are over 120 regulations that mandate Business Continuity Management across a variety of industries, including but not limited to:
Negligence: Court decisions, the basis for common law, have ruled that “failure to prepare” as well as “failure to plan” are grounds for negligence. Negligence is defined as a part of tort or personal injury as “a failure to use that degree of care that any prudent person would use under the same or similar circumstances.”
Customer demand: Requests for Proposal (RFPs) now require potential vendors to demonstrate that they have Business Continuity Management programs in place.
Regulation: There are regulatory requirements that govern preparedness in the supply chain. Specifically, federally chartered banks are governed by the FFIEC and the OCC (Office of the Controller of the Currency), which charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks. For healthcare organizations, the primary regulatory consideration in the supply chain is covered under HIPAA. All of these regulations call for ongoing monitoring of the third party’s activities and performance.
Smart business: It is a competitive advantage for companies to have a resilient supply chain that will make them better able to respond to a disruption than their competition. This ability will make the prepared company a more attractive supplier to larger organizations that will benefit from the increased reliability of the smaller business.
Business Continuity Management increases an organization’s ability to provide risk transfer information, including in the:
Business Continuity Management can help organizations protect their reputation and increase their resilience in the face of adverse circumstances, whether internal or external. Business Continuity Management can help to protect the brand from a variety of risks, including cyber risks, deliver to customers as promised, and reduce downtime and the cost of recovery in the event of an incident.