Implementing ISO 22301: The Business Continuity Management System Standard
Business Continuity Management (BCM) Defined
In today’s business environment, the fundamental ideas behind business continuity management are widely understood. Organizations understand that there are risks and threats from which they need to protect their employees, office space, customers, data and inventory.
Yet often times, the idea of “business continuity management” blended or confused with terms such as “emergency preparedness,” “disaster recovery” and “risk management.” It is critical to accurately define and position these within your organization to ensure expectations, roles and responsibilities are set. So, what’s the difference? We looked to the Business Continuity Institute (BCI) and Disaster Recovery Institute (DRI) for some help:
BCI: The strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.
DRI: An ongoing process to ensure that the necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services.
- Strategic and tactical
- Identifies impact and potential business disruptions
- Plan that includes necessary steps for action
- An ongoing process
Disaster Recovery (DR)
BCI: The strategies and plans for recovering and restoring the organizations technological infra-structure and capabilities after a serious interruption.
DRI:The technical aspect of business continuity. The collection of resources and activities to re-establish information technology services (including components such as infrastructure, telecommunications, systems, applications and data) at an alternate site following a disruption of IT services. Disaster recovery includes subsequent resumption and restoration of those operations at a more permanent site.
- Follows a disruption
- Recovering and restoring the organization
- Re-establishes technological infra-structure and capabilities
BCI & DRI: The capability that enables an organization or community to respond to an emergency in a coordinated, timely, and effective manner to prevent the loss of life and minimize injury and property damage.
- Enables response
- Timeline and Effective
- Prevents further damage
BCI: The culture, process and structure that are put in place to effectively manage potential negative events. As it is not possible or desirable to eliminate all risk, the objective is to reduce risks to an acceptable level.
DRI: Structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analyzing, evaluating, controlling and responding to risk.
- Structured policies, processes and procedures
- Manage potentially negative events
- Identifies, assesses risk
The Critical Difference
In looking at these definitions there is some clear overlap between each, especially in regards to business continuity management as a whole. Business continuity management incorporates many of these functions through a comprehensive approach. By following a comprehensive approach, you can ensure you have a plan and are ready to act if you need to protect your organization.
Get resilience insights delivered to your inbox.