Lack of business continuity management is a risky business

Accidents happen and there’s little you can do to stop them. However there are precautions you can take which can limit the damage those accidents cause.  The most common method is having a business continuity plan in place, so that when a disaster strikes, you are prepared to handle it. Statistics show that 80% of organisations that are faced with a significant business discontinuity, and do not have in place adequate and appropriate plans to ensure business continuity, do not survive the event.

By looking at those statistics, it’s clear that having a business continuity plan is valuable to any organisation, but is it enough? Most organisations can write a BCP themselves but that doesn’t necessarily mean that it’s going to work as well as one may have hoped. A BCP needs to be continuously tested, kept up-to-date and integrated with your corporate management systems. If it doesn’t fulfil these requirements, then you might find that when a disaster strikes, your plan is nothing but useless.

This is why a business continuity management system (BCMS) is more effective than just a standalone BCP.  It allows an organisation to update and manage much more effective plans whilst taking into account any specific business needs.  There are many more benefits to a BCMS than those, especially if it’s compliant with the internationally recognised business continuity standard, ISO 22301.

ISO 22301 was launched in May 2012, replacing the British Standard BS25999. By adhering to this standard, you are demonstrating that you follow best practice and have a consistent approach to business continuity.  The long list of benefits this certification provides includes:

  • Demonstrates to key stakeholders (customers, suppliers and partners) that your organisation is resilient
  • Increases your competitive advantage and enhances your reputation
  • Can be aligned and integrated with ISO9001, ISO27001, ISO14001, ISO20000 and ISO28000 management standards to deliver significant benefits

Tony Drewitt, ISO22301 business continuity expert, wrote ‘ISO 22301 A Pocket Guide’ to help organisations gain a better understanding of the business continuity international best practice, including guidance on the best way to implement an ISO 22301 certifiable BCMS.

If you care about survival and reducing risks, read this pocket guide >>>> ISO 22301 A Pocket Guide


  1. Derek Mason says

    I tend to agree with Colin although with SMEs there is a need to appreciate how much time they can devote to a full Business Continuity Management System and, of course, how much BCM experience they require internally to do this without ongoing consultancy support. I have found that even a simple approach can cover off most of the BCMS requirements (for SMEs) by incorporating key BCMS aspects into one simple ‘BCP’ document, including Crisis Management actions and a Business Impact Analysis to ensure a BIA is always completed (and to avoid duplication with BCP content). I also include a future action list which includes BCMS reminders for the likes of updating contacts information, walkthroughs and testing. This asks for diarised dates to ensure entries have been put into diaries. All this has to be signed off by the most senior SME representative they can get their hands on! Also included are simple disaster scenarios and crib sheets for the Chair of walkthrough exercises to ensure maximum benefit is obtained without an indepth level of BCM experience and, of course, ease of chairing the meeting.

  2. Colin says

    Hi Lewis, Not sure of the figures but my experience is that most corporates and large companies especially those that have multiple sites and a larger number of employees need and have a full BCMS. SMEs on the whole tend to stick with BCPs. Whilst any plan is better than nothing the danger of a BCP on it’s own may miss vital Incident and Crisis management, Human Welfare etc. and may concentrate predominantly on IT.

Share your thoughts