Many business continuity professionals that we work with are unsure how to demonstrate their knowledge and experience within the industry. They understand that there are certifications to apply for, but they don’t know where to start, what skills are most important to demonstrate for each, and the cost of obtaining and maintaining each certification.
Holding a certification is a way to demonstrate to those in your organization, and others in the industry, that you are equipped with the most up-to-date business continuity knowledge and have a strong understanding of what makes a business continuity program successful. Additionally, some certifications provide you membership to the certifying body’s organization, which allows you access to a wealth of tools and resources – including networking opportunities – that can be leveraged to further develop your skillset and program.
This webpage discusses how to determine what certification is most appropriate for you, together with estimated costs and the requirements for each.
Certifications: Determining the Correct Focus Area
Professionals can look to improve their knowledge and credentials related to several areas associated with business continuity and IT disaster recovery. Some of the most common areas include:
- Business Continuity: a discipline focused on ensuring that a business has identified its core functions and dependencies in order to adapt strategies and plans that allow it to maintain necessary service levels following a disruptive event.
- Cyber Resilience: this discipline focuses on maintaining cyber resilience when faced with technology-related threats and disruptive events. This subject area may be evolving the most quickly.
- Crisis Management: this area focuses on how leadership organizes and facilitates the response to a wide array of incidents by providing strategic oversight and direction.
- Emergency Management: this focus concentrates on the immediate response and procedures following a disruption that has the possibility to cause harm to an organization’s people or facilities.
- Risk Management: a process for determining and mitigating threats that could cause an impact to the organization’s revenue and bottom line. These threats can be associated with anything from market instability to workplace accidents and legal backlash to natural disasters.
In the business continuity industry, there are two main certification bodies: the Disaster Recovery Institute International (DRII) and the Business Continuity Institute (BCI). Additionally, the International Consortium for Organizational Resilience (ICOR), the British Standards Institution (BSI), and the Professional Evaluation and Certification Board (PECB) provide certifications related to auditing and implementing ISO 22301.
Castellan is often asked by clients and other professionals to provide recommendations on what certifications individuals should pursue. In general, we believe that the opportunities offered by all of the previously mentioned groups provide value. That said, we typically recommend the Business Continuity Institute and the British Standards Institute. BCI, in our view, better aligns to ISO 22301. They also publish and update the Good Practice Guidelines, which is an excellent resource for practitioners. For implementation and auditing certifications, BSI is a premier provider in the industry. We find the content that they develop useful and easy to use. BSI also completes Castellan’s annual business continuity audit.
Check out the Castellan demo.
Top Business Continuity and Disaster Recovery Certifications
While many certifications are beneficial to assisting you in developing a further understanding of business continuity, disaster recovery, crisis management, and other related disciplines, Castellan believes the below certifications are the most useful for developing business continuity and IT disaster recovery skills.
Of note, for entry-level certifications, a test is required. For “intermediate” and “advanced” level certifications, some form of an exam, along with proof of experience in the industry is, typically, needed.
|Business Continuity Insights||Disaster Recovery Institute International|
Beginner business continuity certifications –BCI’s Certificate of the Business Continuity Institute (CBCI) and DRI’s Associate Business Continuity Professional (ABCP) – focus on providing new, business continuity professionals the tools and knowledge needed to progress his or her career. These certifications validate that the recipient has a proficient knowledge of the “methods, techniques, and approaches used by business continuity professionals worldwide” (BCI).
Here is a look at the differences between the CBCI and ABCP certifications:
|Certification Body||The Business Continuity Institute||Disaster Recovery Institute International|
|Related Standards||ISO 22301||ISO 22301|
|Exam Type||Online or In-person||Online or In-person|
|Cost for Certification||$400 USD (exam and certification review)||$750 USD (exam) & $200 USD (certification review)|
CBCI Certification Course: BCI CBCI Certification Course
The BCI CBCI Certification Course can be taken either online or in a classroom. The course is offered at several times and locations throughout the year by the Business Continuity Institute. Online courses take eight weeks to complete (2 hours a day, twice a week) and in-person courses take three days. The cost of the online program is £1,970 ($3,100), whereas the in-person course is £1850 ($2,400).
ABCP Certification Course: DRI Business Continuity
About DRI Business Continuity: This course provides participants all the materials and skills needed to pass the ABCP exam. The course is in-person and conducted multiple times a year over a 4.5-day period. The course costs $2,750 and includes the cost of the examination. Additionally, the cost of the Qualifying Examination is included within the course fee.
Intermediate and Advanced Certifications
Examiners will use the new FFIEC Business Continuity booklet effective immediately. Companies should expect to respond to these criteria during their next audit.
In addition to the beginner-level certifications, BCI offers additional intermediate and advanced certifications including the Master of Business Continuity Institute certificate and Full Business Continuity Institute certificate. Similarly, DRII offers a Certified Business Continuity Professional certification and a Master Business Continuity Professional certification.
To upgrade from a CBCI or ABCP, respectively, individuals need to meet the following requirements:
|Business Continuity Institute||Disaster Recovery Institute International|
|Exam Type||None||None||None||Masters Case Study Examination|
|Cost for Certification||$72||$72||$400||$500|
ISO 22301 Lead Auditor and Lead Implementor Certifications
In addition to the certifications that are offered by the Business Continuity Institute and Disaster Recovery Institute International, several governing bodies – The Professional Evaluation and Certification Board (PECB), The International Consortium for Organization Resilience (ICOR), and The British Standards Institute (BSI) – offer certifications for individuals to become ISO 22301 Lead Auditors and Lead Implementors.
ISO 22301 Lead Auditor: There are varying levels of ISO 22301 Certified Auditors. That said, the ISO 22301 Lead Auditor status is a distinguished certification demonstrating advanced knowledge of business continuity and experience within the industry. This certification allows the recipient to audit individual organizations’ business continuity programs.
- Develop a further understanding of the business continuity management system
- Ability to audit business continuity programs
- Aligned to ISO 22301 Standards
As mentioned, PECB, ICO, and BSI all offer certification programs to become a Lead Auditor. Details on each certification include:
|Cost||$100||$495 (includes eLearning course)||Request a Quote via BSI website|
|Associated Training Course||PECB ISO 22301 Lead Auditor Training||BCM 5000: ISO22301 Lead Auditor||ISO 22301:2019 Lead Auditor (TPECS)|
ISO 22301 Lead Implementer
ISO 22301 Lead Implementer is their second highest certification (behind their ISO 22301 Senior Lead Implementer certification). This certification demonstrates an expert-level of knowledge related to understanding and implementing business continuity management systems.
- Develop an understanding of the interrelationships between ISO 22301 and other standards
- Master concepts related to business continuity management systems
- Develop an in-depth understanding of the theory and guidelines used within the industry
- Aligned to ISO 22301 Standards
As mentioned, PECB, ICO, and BSI all offer certification programs to become a Lead Implementer. Details on each certification include:
|Cost||$500||$495 (includes eLearning course)||Request a Quote via BSI website|
|Associated Training Course||ISO 22301 Lead Implementer||BCM 3000: Implementing ISO 22301||ISO 22301 BCMS|