Bulletin / Is the business...

Is the business continuity profession in decline?

Author: Charlie Maclean Bristol, Training Director, FBCI, FEPS

This week Charlie looks at why he believes the business continuity profession is in decline.

In my opinion, business continuity has lost its mojo over the last couple of years, and many in the profession are stumbling about trying to find a purpose for the field and their job role. In the next three bulletins, I will share my thoughts on why I believe there is a decline in the profession and why resilience isn’t the answer, along with some suggested solutions.

To me, there seems to be a number of factors which have converged to suggest that the business continuity profession is in decline. These factors are as follows: 

1. The risks which business continuity is designed to deal with have slipped down the threat agenda. According to the BCI's Good Practice Guidelines, we BC professionals look principally at PPRS (People, Premises, Resources, and Suppliers). With more organisations able to work from anywhere, the need for premises and planning for loss of premises has reduced. Cloud computing and virtualisation means that disaster recovery, RTOs and RPOs have become less important. When these systems go down, as the Amazon data centre went down in the last couple of weeks, we all wait around until they fix the problem. Although there is still a need for business continuity, and at BC Training we have had a busy start to the year, for many organisations loss of PPRS is not their top threat.

2. Cyber is considered to be the biggest threat to most organisations, but if we look at the BC literature and guides, we have nothing to say about it. Managing cyber risks and the technical elements of information security require technical skills, which most business continuity people don’t have. So, currently, we are adding no value to managing this key risk.

3. As business continuity matures in organisations, there is less of a need for multiple business continuity staff. BC software can take a lot of the admin tasks out of managing BC, so administrators are not required. Business Continuity Coordinators from within the organisation can often annually update their BIA, plans and run their own desktop exercises. True embedding of BC has taken place, so they have the skills to do it themselves. There is now physically less work for the BC manager to do, hence why many organisations have been downsizing their teams.

4. Those trying to stamp their name and their thoughts on the profession (the Ian Charters of this world), have been involved in writing the ISO business continuity guidance and the BCI “How to” guides, but this work is coming to an end. Most of the guidance is now in place, and these individuals are documenting the profession as is and echoing best practice, rather than reporting anything new. There are also those like David Lindstedt and Mark Armour, with their Continuity 2.0 manifesto, trying to take BC to a different place. Having read their manifesto, I am not personally convinced that what they are saying is anything novel. Some of the ideas are radical, such as getting rid of the BIA. However, a regulator or auditor will want to see your BIA, so I don't think there is really an opportunity to change the life cycle framework at the moment.

5. For me, BC is not really all that difficult conceptually. As long as you have a robust, tried and tested methodology, it doesn’t take very long to learn to implement a BCMS successfully. At PlanB we internally train all our own consultants. Gordon Brown, who has been with us for a year and a half, implemented ISO22301 in a fulfilment company in six months, with only one minor non-conformity and minimum support from PlanB directors. For those in second careers, BC suits us, as we are not going to have a third career. But for those starting in the profession, are they really going to be conducting BIAs for 40 years? For me, many of those who have been in BC for a while have become bored and are looking for new challenges outside, but within the profession. I think even the BCI has become bored with business continuity, as it sees the market for BC ‘stuff’ and new recruits as limited.

Along comes Resilience, which will be the saviour for all of us BC people, as it offers us the ability to use our existing skills and take on a whole load of new roles. Our career issues will be sorted and there is a new path to professionally take. I don’t believe for our profession resilience is the answer, but I will explain this further in next week’s bulletin!

You might be interested in the following stories

Cyber Security – is Business Continuity missing a trick?

How 2017 will be an amazing year for Business Resilience

Why All Companies Need A Business Continuity Manager

You may be interested in the following course

CBCI Certification Course (GPG) course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
What lessons can we learn from Marriott’s response to their Cyber Breach?

This week Charlie discusses the Marriott hotel hack and how you can prepare your organisation for a potential data breach.

7 December 2018

“The course went really well. It was very well presented by James McAlister with lots of interesting stories to support the learning which means I have come away feeling like I learnt a lot in a week. ”

Jamie Stevens
Horizon Nuclear Power
View further testimonials