While most of us have likely heard about Business Continuity Plans (BCP), the term "Business Continuity Management" (BCM) has been gaining popularity as of late. The International Glossary for Business Resiliency defines Business Continuity Management as:
"Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities"
Business Continuity Management is the ongoing, cyclical process of identifying an organization's risk of exposure to internal and external threats. The goal of BCM is to provide the organization with the ability to effectively respond to threats such as natural disasters or data breaches if and when they might occur, and protect the business interests of the organization. BCM includes training and awareness, exercises and tests, maintenance and improvement, and reporting for all levels of management, including the board of directors. Business Continuity Plans are documents that consist of the critical information an organization needs to continue operating during an unplanned event, and are only part of a Business Continuity Management program.
Many regulating bodies are changing verbiage from BCP to the more enterprise-wide, continuous approach of BCM. We've written a blog post discussing the Federal Financial Institutions Examination Council's (FFIEC) changes in replacing their Business Continuity Planning booklet that was issued in February 2015, with the Business Continuity Management booklet. Compass IT Compliance is well-versed in both BCM and BCP, spending the past decade crafting and perfecting a suite of solutions to assist organizations in these areas. Contact us today to learn more and discuss your unique situation!