The Business of IT Blog

The Basics of Business Continuity Management (BCM)

5 minute read
Stephen Watts

In the wake of the recent unforeseen global pandemic, many organizations are thinking about what they have done, what they should have done, and what they need to do in the future in order to maintain normal business operations during times of disaster. A critical process called Business Continuity Management (BCM), not many organizations sadly have these programs in place. However, due to current needs, many CEO’s and management teams are wishing they did and are now seeing the importance of implementing such systems.

Essentially, “the principle that good response systems mitigate damage from theoretical events”, within Business Continuity Management, organizations can defend themselves against, manage during, and resume quickly after a cyberattack, data breach, unplanned IT outage, interruption of utility supply, adverse weather, global economy shut down, among others.

To help your organization better understand how BCM works and ways to implement such systems, in the following article, we will discuss what it is, why to use it, and best practice strategies.

An Overview of BCM

Described in Wikipedia, “Business Continuity is the intended outcome of proper execution of Business continuity planning and Disaster recovery. It is the payoff for cost-effective buying of spare machines and servers, performing backups and bringing them off-site, assigning responsibility, performing drills, educating employees, and being vigilant.” Fundamentally, the fortification and resilience of an organization against failure, adding the word “management” to “business continuity” means a business’s ability to plan and carry out changes in operational environments through the use of frameworks for pre-identified risks.

Creating well-structured tools and documentation for operations following a number of uncontrollable events as well as continually updating such plans can greatly save the future of your organization in the case something does occur. A recent example of such management would be the education of employees in remote systems and the ability for employees to fluidly move from working in an office environment to working from home. Providing the technology and services needed to continue operations from a remote position gives many businesses during the recent 2019-2020 pandemic the upper hand in survival.

Why Use BCM

Often coming after IT security, quality management, and environmental management, the Disaster Recovery Preparedness Council recently announced that continuity and recovery are seen by more than ¾ of organizations worldwide as a second thought. A detrimental move, according to many experts and studies, following a disaster, 75% of organizations without a BCM system in place fail in 3 years. Yes, that is right. The likelihood of a business surviving hard times and bouncing back without a system in place is very low. So, why do most not have continuity or resilience on their radar?

Truth be told, when times are at a high, it is typical for businesses to not think about or underplay the importance of such measures because it is seen as an investment in something that can not be seen or most likely will not happen. However, considering the number of potential threats out there, having BCM in place could help your organization recover from things like:

  1. Business failure that does not allow for recovery
  2. Dangerous emergencies resulting in injury or death
  3. Income and net worth loss
  4. Response to a crisis that negatively impacts your brand
  5. Inability to operate due to malfunction of application or shut down

No matter if you are a small operation or large cooperation, remaining competitive at all times or during adverse events is your goal, and BCM can help you achieve that.

The difference Between BCM Planning and BCM Frameworks

Technically working in conjunction with each other, planning is the understanding or identification of potential risks as well as knowing your organization’s ability to recover before a disaster happens while frameworks are a clear and defined structure to follow during uncontrollable events. The importance of frameworks for defined strategies allows scopes, key members, and steps to be known ahead of time and taken within a moment’s notice. A clear response is what matters most in order to continue operations without a disastrous level of disruption.

Implementation An Effective BCM Framework

Create a Framework

    1. Risk Assessment

      A full study of what your industry and operational threats are, once each possible disaster is identified, take into account how damaging they would be to your organization. Then rank them in order of severity. Use as much depth and understanding of each risk as possible and be sure to back it all up with data, giving each risk serious attention to detail.

    2. Impact Analysis

      Once you have identified the risks and their level of severity, take each one and identify what areas of your business it would impact and what type of time it would take you to get running again. Use disciplined thinking and clearly weed out which processes are mission-critical and which ones you can survive without. This way, you can correctly allocate your resources.

    3. Metrics

      Measure and compare the amount of risk you have and the amount of risk remaining once your system or framework is in place. Always keep detailed evaluations but don’t waste time or cost on collecting metrics that do not contribute to your continuity and recovery.

    4. Budget

      Set aside a substantial amount in order to deploy operations covering the key mission-critical processes that were identified by the impact analysis. Focus on the right areas, for example, investment in a system that allows employees to sign in to work systems from anywhere or backup hardware that your operation can not run without instead of a salary for a team member that does very little.

    5. Recovery

      Finally, once all of the above is collected and understood clearly, write plans and strategies, aka frameworks, that are solid and executable. They should be checklist heavy, focusing on actual steps that can be taken for each found risk. From before, during, and after, each step of the procedure needs to be covered. Don’t focus on policies, instead focus on how your organization can adhere to industry standards during a disaster. Include budget allocations and try to make systems fully adjustable for various situations, like loss of equipment or inability to go into work.

Test Frameworks

Following the completion of your plans and strategies, you need to test the viability of each. To do so, conduct realistic exercises that work through each step-by-step list. From full-scale to drills and walkthroughs, do whatever you need to do to ensure the BCM system you adopt is fully functional. The worst thing you can do is not test.

Review and Improve

Always improve. Creating and testing is not enough. Over time your frameworks can become non-relevant. On top of that, the state of your organization is in constant change. Budgets can adjust, important hardware can go outdated, you name it. Every framework is subject to need maintenance and continual review.

Train, Governance, and Oversight

Take the time to ensure your entire staff knows what to do in the case of an uncontrollable event. Having your employees on board will make the transition and recovery process much smoother. Enlisting a specialized team to guide the programs and eliminate any roadblocks, as well as take care of maintenance, will help you stay one step ahead of the rest. It can also be very beneficial to seek outside expert advice from time to time.

Plan For Adaptation

As we are talking about planning for and managing unforeseen, unknown events, always keep in mind that one risk may not be exactly what you thought would happen but can fit into a framework. Making small adaptations and being ready to utilize your resources means BCM is your organization’s lifeline.

Resilience Management For The Future

If ever there is a time when resilience is needed, that time is now. No matter where your organization stands, implementing a BCM system will strengthen future standing and put you in that 25% group of businesses that are likely to survive after a disaster.

Buyer's Guide for IT Service & Operations Management

This buyer's guide helps you understand what to look for and how to choose the right tools for ITSM and ITOM. Topics in this buyer's guide include:
- 5 key capabilities for seamless, automated ITSM/ITOM
- Managing complexity and gaining insight with machine learning and AI
- How to help IT, business users, and the enterprise achieve their goals


These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Stephen Watts

Stephen Watts (Birmingham, AL) has worked at the intersection of IT and marketing for BMC Software since 2012.

Stephen contributes to a variety of publications including CIO.com, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.