Every risk manager is aware that not every threat or risk can be completely avoided and businesses must plan what they will do if such risk events occurs. The aim of business continuity (BC) is for the business to recognise and respond to a disruptive incident, enable the crucial elements of the business to remain operational, restore the business to its original state and to potentially enable it to adapt to a new state. In the words of Deborah Higgins of the Business Continuity Institute (BCI), 'it's not only about keeping calm and carrying on, but adapting to change to build resilience!'
Business Continuity Management could not be more relevant to organisations at this time. Airmic members report that the risks faced by their businesses are changing at unprecedented pace. The Wannacry cyber-attack in May 2017 showed the real impact of emerging risks such as cyber and the changing face of terrorism risk can be seen in the multiple attacks across the UK and Europe over the last few years. Meanwhile, events such as Hurricane Harvey demonstrate the significant impact of seemingly 'traditional' risks. All of these incidents, whether impacting systems, people or facilities share one thing in common, the disruption of business processes and activities. Businesses must be able to respond to such disruption, and adapt to all changes in their internal and external operating environment.
True business continuity isn't always about responding to low frequency - high severity incidents. By understanding the more routine and non-physical threats to the business and ensuring that 'business as usual' can be maintained, business resilience is enhanced.
'The capability of the organisation to continue the delivery of products or services at acceptable predefined levels following a disruptive incident.'
Source: ISO 22301: 2012 The International standard for Business continuity management (BCM)
This explained guide is designed to:
- Demonstrate the importance of business continuity to the broader risk management function
- Present the business continuity institute's business continuity management life cycle, which can be used as a framework for an organisation to build resilience into their organisation
- Provide risk managers with the appropriate language and key questions to ask when developing a more effective working relationship with their business continuity manager, if this is held in a separate function