Implementing ISO 22301: The Business Continuity Management System Standard
Making the Case for Business Continuity Management
It’s not always easy to get the buy-in needed for business continuity management (BCM). Too often, walls exist between IT, HR and operations departments.
Sometimes there isn’t a clear distinction between disaster recovery planning, crisis management, and incident response, creating barriers to the success of a business continuity plan. While other times, there is limited budget dollars or personnel.
Have you heard these common objections:
- “We’re not at risk of XYZ threat”
- “We don’t have enough budget or resources”
- “Our current plan is fine”
If you’re in the business continuity management field, you know it is not a matter of “if” but “when,” and being caught unprepared is not worth the upfront financial and time savings.
Here are some ideas to help you get started with making the case for business continuity management:
1. State the Facts
Showing research from your organization or respected authors can help quantify the need for business continuity planning. Here are proof points as to why organizations need a business continuity plan:
- Cyber attacks are ranked as the number one threat organizations are facing1
- 82% of emergency communications are triggered by unplanned power, IT and telecommunication outages2
- Active shooters or terrorism is businesses’ 4th biggest cause for concern—up from 10thjust a year ago1
Plan and Protect
- 56% of organizations report having to activate their business continuity plans within the past six months to a year3
- Organizations have activated their EME communication plans up to five times in the past year2
- RTO’s extending beyond an 8-to-24-hour timeframe after the start of an incident risk losing customer loyalty4
- Revisions to BCM strategies and implementation of continuity software are top enhancements that organizations plan to make,5 with 24% planning to increase their BC spending in the next year1.
2. Explain the “Why”
Sometimes breaking down business continuity management into its simplest definition and explaining the fundamental “why” behind its value can encourage full organizational buy-in. Consider addressing the peace of mind it will bring when your organization can rest assured knowing that you’re prepared to minimize brand damage and critical business interruptions.
3. Connect It Back to ROI
One of the best ways to gain internal approvals is by showing how your effort ties back to a return-on-investment (ROI). This process will be different for each organization, here are some money saving elements to BCM you can tie your calculations back to:
- Reduces Likelihood of Losses
By identifying ways to prevent or mitigate threats, you are reducing the financial impacts resulting in threats such as data breaches or outages and downtimes.
- Minimizes Potential Compliance Fines
With both general and industry-specific regulations regarding business continuity, you’ll want to dedicate resources to minimize the likelihood of critical compliance violations.
- Helps You Attract Future Business
Having a robust business continuity program can help retain current customers and secure business from new prospects by showcasing that you are going above and beyond to ensure their assets are also protected.
Get resilience insights delivered to your inbox.