Wednesday, 23 January 2013

BC Predictions for 2013: Number 4 - Contingency Planning will become fashionable again

Lyndon Bird FBCI
There has been some puzzled faces questioning our BC prediction number 4 – “Contingency Planning will become fashionable again as a part of a broader understanding of Business Continuity which includes Continuity Capability and Crisis Response”.

Without stealing the thunder of my colleague Lee Glendon who is researching this proposition and will issue a discussion paper on the topic later during BCAW 2013, I think it is becoming obvious that conventional BCM as defined by a management system does not cover the full range of BC thinking. British Standards are working on a Crisis Management Standard (BS11200) and an Organizational Resilience Standard (BS45000) so we can only assume that they agree with us.


If you reflect on many of the issues that we habitually discuss as BC professionals, many are more akin to the BSi view of Organizational Resilience or Crisis Management than the detailed planning envisaged by conventional BCM methodologies. The limitations imposed by conventional approaches have led to the assertion: “risks which concern BCM lend themselves to a pre-planned response whereas crises are often produced by risks that have not been identified” (PAS 200:2011).

This naturally leads to the question of why such a distinction needs to be made and reminds me of the old “known/unknown, knowns/unknows” debate. To me I have always felt that the natural home of BCM is in the “known,unknown” category – that is we know a type of incident could happen (e.g. fire) but we have no real idea of how, where, when or its likely severity. Therefore we must plan for the worst case and train people accordingly. Actually it can be argued that what is really important is having the capability in place, a plan is fine but without the resources it is largely ineffective.

The promoters of Crisis Management (CM) might argue that it is about dealing with “unknown, unknowns” – the things that we haven’t thought about yet. However that is probably not really true as most of the things that result in a crisis (media attack, inappropriate PR, legal, regulatory or safety breaches) are known about – it’s just you don’t know the how, where, when or severity. To me that sounds very familiar to BCM and I can really only conclude the difference between BCM and CM is just the type of incident (perhaps operational failure for BCM rather than reputational damage for CM).

In fact, organizational resilience lends itself to both topics; PAS200 states that BCM and CM must “operate at the same time in a coherent, integrated and complementary way”. So perhaps the old-fashioned word contingency might not be so bad after all. In a resilient organization we would have contingency for regular failures (holding inventory and duplication of resources are really contingency measures), contracted extra resources and capability to handle continuity problems and a management philosophy able to deal with the issues arbitrarily defined under Crisis Management.
Posted by at
Labels:

2 comments:

  1. Mark Cannadine24 January 2013 at 22:25

    I'm so glad to read your piece Lyndon. Having tried to breath life into a BC programme that lacks the resources to succeed, I've reccomended a more CM based approach with plans for loss of global/site resources (power/water/comms) supported by a robust crisis management capability. I like to thnk it's a mic of BCM/CM until our orghanisation is more mature and capable to develop it's BCM programme. Great piece, thanks.

    ReplyDelete
  2. Ken Simpson29 January 2013 at 12:00

    Good piece Lyndon, totally agree that contingency planning is on the rise - although I am not sure that it really went out of fashion - perhaps mainly with us in BCM? No question that the new conventional narrow focus of BCM does not cover the scope of the free thinkers - but then they are discouraged in the world of management systems.

    It will be interesting to see where the Crisis Management standard fit with respect to BCM, to an outsider it seems that the BSI may also see BCM in the narrow sense and CM as different, parallel discipline and not part of a "greater BCM".

    Perhaps one of the dimensions of CM is that it needs to kick in when the assumptions and limitations of the BCM capability are exceeded. So not really a different type of incident in all cases, but at times just taking the incident beyond the narrow scope and assumptions of a BCMS.

    I have argued for some time that we need to switch our focus from 'crisis to contingency' and 'disasters to disruptions' as part of making BC relevant to BAU and line of business leaders. Some slides from a presentation early last year on that subject to promote discussion
    https://www.dropbox.com/s/mcgbinctptvabxp/EverydayBC.pdf

    I look forward to seeing Lee's paper on the subject in March, would be happy to discuss and debate further in the lead up.

    ReplyDelete

Subscribe to: Post Comments (Atom)