Resilient Business, Business Continuity, Risk Management – all are big buzzwords reverberating around cyberspace with renewed vigour these last weeks. Interestingly, the more I read the more I realize just how fragmented the discussions are and how these terms seem to mean very different things to different people. No wonder it is all quite confusing.
Risk Management versus Business Continuity Management, what’s the difference?
Business Continuity Management or BCM is often treated as a subset of risk management. Up to a point this holds, for in Risk Management (ISO 31000) risk identification is the first key step in risk assessment that leads to the selection of appropriate risk treatments based on the best available information. Problems arise here, however, when ‘best available information’ is not good enough or absent. This is often the case in today’s world of complex and often hidden or fast developing threats both man-made and natural disasters.
Being able to select risk treatments for unpredictable incidents and disasters is the great strength of Business Continuity Management.
Simply identifying risks and producing a plan – Risk Management – is not enough – not for Resilient Business
The original definition of Business Continuity Management recognizes that BCM is more than just writing a Business Continuity Plan:
A ‘holistic’ management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause and which provides a framework for building organization resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.’
I concur with Andrew Hiles (The definitive Handbook of Business Continuity, 2010) in that this 53 word definition, while appearing comprehensive is rather long and difficult to understand, lacking clarity in what exactly is meant by ‘holistic’ and ‘organization resilience’.
However, Hiles’ own attempt at a more user-friendly reductionist definition of BCM as ‘Preparing an organization to deal with incidents that might otherwise prevent it from achieving its operational objectives’ has in my view been stripped entirely of meaning which is perhaps why he finds it necessary to add two explanatory notes neither of which seems to add more practical insight. He qualifies first, that it is a management process that identifies the potential impacts of disruptions and provides the means for coping with their consequences and second, that preparing includes taking measures to reduce the likelihood and impact of incidents.
Business Continuity Definitions, while important, are limiting by their very nature
Rather than getting embroiled in minutiae or distracted by exactly where Business Continuity Management belongs – some recent authors seem to think BCM only encompasses aspects of IT issues such as cyber threats, I take the practical connectionist stance that Business and therefore Business Continuity cannot be seen in isolation. This brings my viewpoint back to interpreting the ‘holistic’ and ‘resilience’ aspect of the original definition. However, rather than going off on some metaphysical discourse as you might expect at this point let me emphatically state that in its essence ‘holistic’ ought to be intensely simple and practical. In Business, as elsewhere, ‘resilience’ is not a lofty metaphysical concept but is firmly grounded in daily life, in the skills, resources and connections of people. Resilient people bounce forward.
Today I came across an article on ‘Employer’s Focus on employees’ mental wellbeing‘.
Jennifer Paterson mentions diverse organizations such as Anglian Water, law firm Browne Jacobson , Microsoft and Marks and Spencer implementing staff well-being initiatives which made me smile and think ‘this is a huge step in the right direction’.
People are physical, mental and emotional beings, all aspects that holistically integrate into making personal resilience.
Resilient People = Resilient Business.
They are inseparable.
Perhaps there is hope that
- ‘A holistic management process that identifies potential threats to an organization’ will gradually come to mean ‘a mindful management that recognizes and furthers the individual resources of its people’
- ‘Effective responses that safeguard the interests of key stakeholders, reputation, brand and value-creating activities’ can only be delivered by (obviously well spoken – tongue in cheek) people that are resilient which is a complex mix of many factors as I have explored (and will continue to explore) in this blog.
… but back to Business Continuity Management…
Of course there needs to be management, Business Continuity is too vital an element of resilience at all levels (local to international) to simply be left to chance. While BS ISO 22301 Business Continuity Management System certainly is a valuable framework, it is also perhaps overly complex and bogged down with jargon thus putting it out of reach for many otherwise astute Businesses. On the other side of the spectrum is the well-meaning but rather unfortunately titled book by the Cabinet Office ‘Business Continuity for Dummies’ (2012) with its overly ‘soft’ approach. There’s also a short video:
However, Business people by their very nature are anything but dummies. Is there nothing else, no nuanced approach?
Active Programmes are better than Passive Guidelines
Rather than more books and guidelines, perhaps a more practical approach can be taken in line with another recent innovation that made me smile today (Staffordshire Fire and Rescue Service): the Prince’s Trust ‘Get Started Programme’ aimed at helping young people experience and practice Emergency Preparedness.
Now just imagine that but as an active BCM training programme for small and medium size Business that includes simplified and flexible planning and – of course – Business Continuity Kits. Apologies for the shameless plug but there is real and practical resilience in what we do so do have a look around while you’re here. You will find a large range of real value-for-money ready-made Emergency, Disaster and Business Continuity Kits or – if you’re a fan of the Goldilocks Principle ‘just right’ like us – see our Custom-Made section for tailor made practical Business Continuity Solutions.
Wishing you a resilience-building week and thank you for stopping by and don’t miss our resources on Business Preparedness.
For more EVAQ8 blog simply use the right hand navigation. For emergency kits and practical resources use the top navigation. For FREE business resources head over to our Business Preparedness page. If you like this post, please share it to help raise awareness for Emergency and Disaster Preparedness. Thank you!