Business Continuity Strategy Design: An Overview of BCI Professional Practice 4

BCI_GPGs_SeriesThis article provides an overview of Professional Practice 4 (PP4) – Design, which is the professional practice that “identifies and selects appropriate strategies and tactics to determine how continuity and recovery from disruption will be achieved”. Strategy design activities are essential to translate outputs gathered during the analysis phase into actionable strategies that the organization can implement and refine over time to improve the ability to respond and recover from a disruption. Continue reading

Standard Operating Procedures: Program Documentation That Helps Drive Repeatable Results

SOPDesigning a governance structure and describing its intended performance in the form of program documentation is the first step to ensure your business continuity program produces repeatable results that align to stakeholder expectations.

According to the Business Continuity Institute’s Good Practice Guidelines’ first professional practice, governance provides the foundation for a repeatable and scalable business continuity program.

But what exactly is “governance”? Governance is typically the combination of documented policies and procedures, supported by senior/executive-level management, that define the scope, objectives, approaches, and outcomes associated with a business continuity program. Continue reading

The Critical Role Analysis Plays in Your Business Continuity Program: An Overview of BCI Professional Practice 3

BCI_GPGs_SeriesThis article provides an overview of GPG Professional Practice 3 (PP3) – Analysis, which is the professional practice that “reviews and assesses an organization in terms of what its objectives are, how it functions, and the constraints of the environment in which it operates”.


PP3 introduces and addresses the business impact analysis (BIA) as a primary means of analysis, leading to appropriate business continuity requirements.  PP3 identifies the following beneficial outcomes from the BIA: Continue reading

National Preparedness Month 2015

NPM15_logo_v5FinalSeptember marks the beginning of National Preparedness Month (NPM) sponsored by FEMA’s Ready Campaign.

The 2015 theme is: “Don’t Wait. Communicate. Make Your Emergency Plan Today.”

The goal of National Preparedness Month is to encourage individuals, businesses, and communities to plan and prepare in advance so they can safely respond and communicate in the event of a disaster. Continue reading

Introducing ISO 22317 – The Business Impact Analysis Standard

ISO 22317WHAT IS ISO 22317?

The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, has released its latest document: ISO 22317 – Societal Security – Business Continuity Management Systems – Business Impact Analysis, the first and only international standard solely addressing the business impact analysis (BIA).

ISO 22317 was officially published on September 17, 2015.

There are a few important points to understand before reading ISO 22317: Continue reading

The Importance of Embedding Business Continuity: An Overview of BCI Professional Practice 2

BCI_GPGs_SeriesThis article reviews GPG Professional Practice 2 (PP2): Embedding Business Continuity and explains why embedding business continuity into your organization is important for driving success, describes best practices for embedding business continuity into day-to-day activities, and provides a brief case study highlighting the benefits of this practice.


PP2 outlines a number of techniques on how to embed business continuity into the organization. Specifically, the BCI separates PP2 into the following topics: Continue reading

Leading Response and Recovery Teams (Part 2)

LeadershipTeam leaders play a critical role in improving business continuity for their organizations but seldom receive the appropriate training to help them understand the differences between day-to-day leadership and crisis leadership following the onset of a disruptive incident.

This perspective is the second in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruption.  These two foundational team leader behaviors will help elicit the best possible performance of the team (as well as themselves). Continue reading

Chaos in Cleveland?


This morning was a non-eventful morning.  I was sitting in my office, sipping on my coffee, and working on my monthly reports. Then, the manager of our office building entered our lobby.

The Michael Brelo case is nearing an end. Closing arguments have been heard and a verdict is expected shortly. The question is, when?

Our building manager was concerned, and rightfully so.

Our office is located directly across the street from the justice center where the case is taking place. Just a couple weeks ago, we sat witness to the riots and devastation in Baltimore, and, from our ongoing monitoring of the situation and media this week, our team is aware that the City of Cleveland is actively bracing for the possible impact and chaos that could result when the verdict is announced. Continue reading

The Need to Establish Business Continuity Governance: An Overview of BCI Professional Practice 1

BCI_GPGs_SeriesThis article provides an overview of GPG Professional Practice 1 (PP1) – Policy and Program Management, the first of the six professional practices, and discusses the importance and recommendations in establishing the foundation for a repeatable and scalable business continuity program.


PP1 outlines a number of activities that organizations should consider completing before performing business continuity planning activities (business impact analysis through exercising): Continue reading

Introduction: BCI Good Practice Guidelines Series


The Business Continuity Institute (BCI) publishes the Good Practice Guidelines (GPGs), which is a compilation of six professional practices that provide guidance to business continuity practitioners on implementing and maintaining a business continuity program. While the BCI GPGs generally align with ISO 22301, which provides high-level guidance on establishing a business continuity management system, the Practices actually enhance ISO 22301 by answering the “why” and “how” of establishing a program. Continue reading