A Brief History and Definition

Introduction
 Business Continuity Management is a relatively new
profession
 Growth due to increasing dependency on
technological systems
 Profession today is a product of divergent outlooks
 Definition of BCM is also a product of history
 Standards, professional organizations define it
differently
History
 Emergency Management
 Heavy influence on Business Continuity Planning
methodologies
 EM is Framework to reduce vulnerability in
community
 Can also apply to business
 Stafford Act
 Civil Defense Act
History
 National Governor’s Mitigation
Association study
 Comprehensive Emergency
Recovery
Management Preparedness

 Mitigation, Preparedness,
Response, Recovery
Response
 Influx of personnel from
FEMA
 Fire Service
 Multi-Hazard Functional
Planning
History
 American Red Cross
 Social Science
 Research
 Built Environment
 Value to Business Continuity Management
 Human Behavior
 Centralization vs. Decentralization
 BC Managers must understand Social Science
Research
History
 Data Center
 Business Continuity grew out of data center
 Centralized processing
 Project orientation
 Growth of services in 1970s
 Recovery to minimum levels
 Scenario Planning
History
 Regulations
 Focus on business records
 Banking and Finance
 Foreign Corrupt Practices Act
 Sarbanes-Oxley Act
 HIPPA
 OSHA
History
 Insurance and Risk Management
 Risk identification and mitigation
 Specific Disasters
 Direct and indirect consequences
 Changes to Building Codes
 Specific disasters demonstrated value of BCM
 Thanksgiving Day Fire
 First Interstate Fire
 Hinsdale Phone Switch
 Twin Towers bombing
History
 Millennium Bug
 Professional Organizations and Certification
 DRI International
 Business Continuity Institute
 Association of Contingency Planners
 Business Recovery Managers Association
 Professional Practices
 Recognition of competence
 CBCP/MBCP
 FBCI
 CEM
 CBCA
History
 September 11, 2001
 Homeland Security Act of 2002
 FEMA’s change of focus
 National Response Framework
 National Disaster Recovery Framework
 Increased attention to Human Resources
History
Standards
A standard is a formal set of rules or specifications that
establishes a norm that can be used as a basis for
comparison such as an audit by internal or external
organizations. They attempt to codify existing and
minimal practices, if not best practices, and attempt to
ensure the viability, quality, and reliability of
programs. They force commonality and consistency
and help ensure programs are in place.
History
 Advantages, disadvantages
 NFPA 1600
 BS 25999
 ASIS SPC.1-2009
 ISO 22301
 Other Standards
 AS/NZS 5050:2010
 Singapore Standard
History
 Process Management
Framework (quality control)
 Dr. J. Edwards Deming
 Shewhart Cycle
 Plan, Do, Check (Study), Act
 ISO/ASIS translate:
 Plan = Establish
 Do = Implement / Operate
 Check = Measure / Monitor
 Act = Maintain / Improve
History
 Accreditation
 PS-Prep
 EMAP
 Future of BCM
 Management focus
 Social Media
 Public-Private Partnerships
Defined
 Historical perspective
 Creation of plan vs. management process
 Project vs. managed program
 Minimum level of operation vs. continuity
 Today speak of Organizational Resilience:
Systematic and coordinated activities and practices
through which an organization manages its
operational risks, and the associated potential threats
and impacts therein (ASIS).
Defined
 Disaster Recovery vs. Business Continuity
 Standards use different definitions
 Business Continuity is:
The management of a sustainable process that identifies
the critical functions of an organization and that
develops strategies to continue these functions without
interruption or to minimize the effects of an outage or
loss of service provided by these functions. It develops
the capability and the plans to implement the strategies
and lists the resources necessary to support these
operations. It is part of the emergency and risk
management process of prevention, mitigation,
preparation, response, and recovery.
Defined
 Continuity of Operations Planning (COOP):
The capability to continue essential program
functions and to preserve essential facilities,
equipment, and records across a broad range of
potential emergencies
 Government focus
 Similar to business planning
 Essential Functions identified
 Orders of Succession
 Delegation of Authority
Defined
 Continuity of Communications
 Vital Records
 Human Capital
 Testing, training, and exercise
 Devolution
 Reconstitution of Operations
Review
 History brings many perspectives
 Evolved from simple plan development focus to
strategic and operational management program
 Professional Practices and standards
 Plan, Do, Check, Act framework
 Many definitions
 BCM Defined
 Process dependent on Comprehensive Emergency
Management