Hope for the best. Plan for the worst. For a business to continue operating, that is providing its goods or services to its customers, it needs to have performed some contingency planning against disruptive events. In other words, hope for the best - but plan for the worst. So, folks like me ask:
GUEST COMMENTARY By Brad Henske Executive Summary: Business Continuity is one of the simplest concepts that most people have never heard of. When they hear the term, they overcomplicate it in their minds.
• • •
What can happen? What can we do to mitigate the impacts to our company if a disruption occurs? How do we plan in advance to deal with such an event, to lessen the impact when it does happen?
Trust me, something always happens. In the business continuity industry, we focus less on the specific threats, such as natural disasters (hurricanes, tornados, earthquakes), industrial accidents (fires, explosions, chemical spills), and acts of violence or terrorism. Instead, we want to know what risks these hazards pose to our business operations, if we experience any of them. We employ a defined process called Business Continuity Planning: • • • • • • •
Identify threats and evaluate risks Conduct a Business Impact Analysis (BIA) Consider ways to mitigate risks and reduce impacts Develop continuity plans comprised of recovery strategies Exercise the plans (either tabletop or live) Train staff on awareness and how to maintain their plans Continually revise and improve plans
Several organizations exist which offer training and certification to business continuity professionals. International standards are published which provide guidance to businesses and governmental agencies in developing a Business Continuity Program. The primary example is ISO 22301 which is used to audit BC programs and ensure they are using recognized processes. For financial organizations such as banks or any fiduciary, the FFIEC publishes a Business Continuity Management handbook that governs the process. For Information Security Management (think technology and cybersecurity threats), businesses can rely on ISO 27001 to set the standard. Don’t let the term “business continuity” scare you. The process does not have to be complicated. It will work for a company of any size and can be scaled to fit anyone.
42
t JUNE 2022 / vbFRONT.com
