Should organizations be allowed to scope their BCM effort?

5 04 2011

Currently organization can get their business continuity program certified against BS25999. Thus allowing them to advertise that they have got a wholesome program in place to combat any unforeseen eventualities.

Being certified is good because it provides some assurance to clients, business partners, regulators and others on the organization’s ability to provide its products and services no matter what events befalls it.

However, the requirements for certification allows the organization to decide on which areas of its business it would like to get certified in. This is similar to ISO9000, ISO27001 and other similar quality management standards.

While is may be applicable and practical in these other areas but in business continuity management, for an organization to be prepared for the unthinkable, all areas need to be studied and only after that can a decision be made on which business / service areas are critical or key in a disaster.

If organization’s are allowed to scope down based on departments or products, then it is likely that organization will not be fully prepared for all eventuality. Their BCM certification may be misleading to their clients, business partners, regulators and industry at large, as it implies that the organization has business resilience.

The above is my humble opinion on this matter. I would love to hear other opinions.

Author: Prabha Ramanathan

Advertisements