“Stronger management commitment needed to ensure resilient organisations” asserts BCI

Infographic highlighting the main points outlined in the BCI's report

Infographic highlighting the main points outlined in the BCI’s report

A new report published by the Business Continuity Institute (BCI) and supported by certification body NQA has shown that six out of every ten organisations surveyed adopt ISO 22301, the international standard for business continuity management. According to the report’s findings, those organisations with strong top management commitment to standardising business continuity practice are four times more likely to adopt ISO 22301 than those who do not.

There are many reasons why an organisation would want to embrace ISO 22301, most notably the fact that it provides assurance of continued service. Indeed, 61% of respondents identified this as a significant reason.

By certifying to ISO 22301, organisations can provide reassurances to their stakeholders that, in the event of a crisis scenario, they will still be able to function as normal.

Other reasons noted include the following:

*Reputation and brand management (48%)

*Reduced risk of business interruption (48%)

*Greater resilience against disruption (45%)

*Quicker recovery from interruption (44%)

However, there are barriers that can prevent such commitment. Those identified in the report are resource constraints (25%), complexity of implementation (19%) and top management buy-in (18%).

Encouragingly, these barriers each exhibit relatively low percentages among respondents suggesting that they’re not so widespread.

The BCI comments: “If reassurance is one of the primary reasons to commit to ISO 22301 then one can only wonder why many organisations don’t expect the same of their suppliers as supply chains can only be as strong as their weakest link.”

Some industry commentators might consider it alarming that 82% of respondents to the survey stated their organisations don’t seek certification to ISO 22301 from their suppliers.

Value of investing in effective business continuity

Reviewing the survey results, Deborah Higgins MBCI (head of learning and development at the BCI) commented: “It’s encouraging that the uptake of ISO 22301 is beginning to increase as organisations recognise the value of investing in an effective business continuity programme. However, there’s still much work to be done, most notably when it comes to persuading other organisations whom they work with across the supply chain to adopt ISO 22301.”

Kevan Parker, head of the NQA, added: “ISO 22301 provides an excellent framework for building organisational resilience. The benefits of its adoption are becoming increasingly recognised. This is very positive but, as highlighted, a supply chain is only as strong as the weakest link within it. It’s a responsibility of those with ISO 22301 certification to lead their peers towards adoption and elevate organisational resilience to a state of total supply chain resilience.”

*Download your copy of the full Business Continuity Institute report here

Exercising business continuity plans

Businesses are aware that they need to exercise their business continuity plans. It’s the only way to find out whether they will work. Of course that’s with the exception of a live incident, but in the midst of a disaster scenario is never the best time to find out that your plan doesn’t work.

What type of exercises should you run? How often should you run them? How should you plan them and how do you assess them?

These are all important questions and are all vital to ensuring that you have an effective business continuity programme in place. One that will provide reassurances for top management that, in the event of a crisis, the organisation will be able to deal with it.

With this in mind, the BCI has published a new guide that will assist those who have responsibility for business continuity to manage their exercise programme.

The BCI’s Guide to Exercising Your Business Continuity Plan explains what the main types of exercises are and in what situation it would be appropriate to use them. The document also outlines how to plan an exercise and what needs to be considered when doing so, from the setting of objectives through to conducting a debrief and establishing whether or not those objectives have been met.

A recent study showed that nearly half of respondents to a survey had not tested their plans over the previous year while half of those had no plans to do so over the next twelve months.

This BCI document is intended to make it easier for people to develop an exercise programme and demonstrate that it doesn’t have to be an onerous task to do so.

*Download your free copy of the document here

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts