BCM Standards: Lifeboat or the Titanic?

Passengers on the Titanic didn’t think it could sink.  When it did, there wasn’t room for everyone in the lifeboats.  By slavishly tying your BCM program to industry ‘standards’, you may find yourself adrift during a business disruption.  Standards are only guidelines.  They’re no substitute for the knowledge necessary when disruptions occur.

BCM industry standards (DRII and BCI) exist to fill two needs:

  • To provide “professional practices” to which ‘certification’ can be linked
  • To create a baseline against which auditors can intelligently review BCM plans and programs

Those are the valid reasons for the existence of standards, but neither promise that adherence will result in preparedness.

Many industries impose additional standards with which BCM programs must comply.  Lay those over the BCM industry standards and many practitioners spend most of their resources constructing compliant – not incident-ready – programs.

  • Barely completing this year’s BIA survey before embarking on the next.
  • Performing risk assessments that divert resources from more valuable efforts.
  • Wasting valuable time tracking, measuring and reporting on compliance.

Neither of our generally-accepted BCM industry standards touts their standard as the path to incident readiness.  They simply provide checkpoints on the road to uniformity.

Industry standards can’t make your organization more prepared – because those standards don’t consider context.  The standard knows nothing about your organization.  It knows nothing about the availability of information within your organization (risks, criticalities or priorities).  It urges that you conduct risk assessments –though your organization may have a Risk Management Department of its own.  It advocates periodic BIA’s – even though your C-Suite already knows your organization’s critical products, services and supporting processes.

You should spend more time improving your organization’s preparedness, and less time checking off compliance boxes.  Standards have a role; especially in organizations embarking on their maiden BCM voyage.  But standards are meant as a one-size-fits-all.  They’re not tailor made for your organization.  Use them for guidance, but don’t follow them slavishly.  They can only assure compliance, not preparedness.

Preparedness requires you row that lifeboat yourself – not sit on a deck chair while “standards” steer your ship through icy waters.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…