Should organizations be allowed to scope their BCM effort?

5 04 2011

Currently organization can get their business continuity program certified against BS25999. Thus allowing them to advertise that they have got a wholesome program in place to combat any unforeseen eventualities.

Being certified is good because it provides some assurance to clients, business partners, regulators and others on the organization’s ability to provide its products and services no matter what events befalls it.

However, the requirements for certification allows the organization to decide on which areas of its business it would like to get certified in. This is similar to ISO9000, ISO27001 and other similar quality management standards.

While is may be applicable and practical in these other areas but in business continuity management, for an organization to be prepared for the unthinkable, all areas need to be studied and only after that can a decision be made on which business / service areas are critical or key in a disaster.

If organization’s are allowed to scope down based on departments or products, then it is likely that organization will not be fully prepared for all eventuality. Their BCM certification may be misleading to their clients, business partners, regulators and industry at large, as it implies that the organization has business resilience.

The above is my humble opinion on this matter. I would love to hear other opinions.

Author: Prabha Ramanathan

Getting Certified in BCM

1 02 2011

Today I had a discussion with an organization that has been given a directive to look at implementing business continuity management group wide. The training manager has taken up the challenge by organizing some entry level awareness training for the staff. While we were discussion the organization’s requirement, the issue of certification cropped up.

The standard question asked is which are the organization that offer certification for individuals. As we all know there are several in the market that do so. But what caught my fancy is that the training manager’s interest in getting their people certified when we are still taking about entry level training. I.e. their people are still new to BCM. The manager explained that the organization likes their people certified and their people also like to get certified.

This situation is not unique to this organization. I believe many organizations out there have the similar situation. Getting their people certified seems to be a trend.

On one hand this is very good. The more people certified in BCM the more recognized the field and higher standard of practice throughout the industry. Maybe someday the certified pool could attain the status to the likes of ACCA.

On the other hand, it could be disastrous to the profession. Let me explain.

A certified person should be someone with a good grasp of the subject matter, who is up to date with the latest trends, principals and practices, someone who has hands on experience in the various processes of BCM and someone who practices it on a regular basis. Someone who is routinely accessed to be competent to advice or carry out work relating to BCM.

In short certification can only be awarded to people who have had adequate exposure in BCM and will continue to improve and enhance his/her skills , knowledge and experience in this field.

How many people in a financial institution or a manufacturing plant or a government agency could possible get the right exposure to become a competent person. Even if that person was involved in the development and maintenance of the organization BCM, it would not have been in totality, except for the champion, so how can this person continue to qualify as a certified person.

Assuming that the bodies that provide these certification do not adopt a high standard of assessment and allow “non – qualified” people to be certified and this leads to an abundance of certified BCM professionals in the market, then several things could happen.

  1. The value / prestige of being certified would drop. It would no longer be hunted by people.
  2. The standard of practice drops and eventually market does not see the value of its implementation
  3. The concepts and principles of BCM is absorbed into another more popular management discipline i.e. Sustainability, Organizational Resilience, etc

I strongly believe that we cannot be specialist, experts, competent person in every field. It is possible to have a string of certificate if that is your field of expertise. For example a Information Security guy may have CISA, CISSP, etc to his name what is the possibility for a Physical Security Manager maintaining a CISSP to his name. We must respect knowledge and experience.

By making certification easily attainable or to popularize it will only eventually defeat the purpose for certification.

It is important to have professional certifications but it is equally important for these certification to be offered to competent people only.


Author : Prabha Ramanathan