Risk e-Views Vol 30 May 2013 – Risk Leadership: My Must Dos for Business Continuity Management

Thanks to Rita for getting me moving on a Business Continuity article.  A topic I have neglected in this newsletter for quite some time. Perhaps it is because I feel Business Continuity Management (BCM) as a discipline has developed nicely over the past couple of decades and most practitioners don’t need too many tips in this area.


Once I got thinking about it and had a chat to another of my readers (thanks Greg) it made me realise that I often see good practice omitted from BCM programs. So here is my list of must dos for BCM!


Communication – You must treat your communication plan seriously. When the big one happens, forget landlines, forget talking on a mobile phone – how are you going to communicate? Remember, the earlier you communicate the sooner people can be properly informed and can start to calm down. Social media provides great opportunity here and you need to be monitoring it anyway after a major event to manage your reputation.


Command and Control – You must get your senior management to attend test exercises. Otherwise they will be unclear about what is planned if an event happens, or worse still, they may be ill-informed and may take control and throw a good plan out the window.


Change with the Business – So often I see a BCM strategy implemented, not embedded and consequently forgotten.  The business changes, the operation changes and the recovery priorities change and all of a sudden the BCP and, in particular the IT Disaster Recovery Plan (DRP), are out of sync with business operations.


Test Your IT DRP – It is one thing for the IT department to say they have a robust DRP, however, if it has never been tested there is more than a remote chance it will not deliver anywhere near expectations.