To meet today’s needs, always-on enterprises need to mitigate risks, be prepared to respond and recover quickly to meet internal, customer and regulatory objectives. Two principles are empirical: no amount of mitigation reduces potential risks to zero; and mitigation costs money.
When funding for geo-diverse split processing, outsourcing, adopting cloud technologies and other mitigation efforts reaches its budgetary limit, the residual risks must be accepted. Business Continuity Management (BCM) can be leveraged to plan strategic responses should those risks cause disruptions.
Some see BCM as merely a component of Enterprise Risk Management (ERM). Others believe ERM and BCM relationship is like oil and water. None of that matters. BCM’s role is to take those residual risks and make certain the organization is prepared to respond effectively, should they ever occur. From an organizational resiliency perspective, BCM is clearly ERM’s partner.