 |
| Lyndon Bird FBCI |
Today I will look at our
predictions 5 and 6, which have some degree of overlap.
Firstly we predicted
that “ISO 22301 will start to take off, with certificates issued in more than
one country”. Hardly a difficult prediction I know, but still an opportunity to
test the often argued premise that many companies had delayed certification to
BS25999 because they were waiting for an ISO standard.
Whether this is true or
not, we will start to find out in 2013, but indications from our research is
that the vast majority of organizations will still opt for the nebulous concept
of alignment, rather than full certification.
However, certification should be
made easier by the release of ISO22313 which acts as a guidance for those
wishing to follow the full certification route.
We would predict companies in
Japan, Korea and India will be amongst those most eager to acquire
certification if the pattern of other management systems certification schemes
is repeated for BCMS.
Standards, of course, are
only one way of validating how well you comply with a 3rd party
expectation. For regulated industries a more powerful compliance mechanism is
usually found in the demands of the regulators.
If a regulator specified that
compliance with ISO22301 was mandatory, then take-up of the standard would be
immediate and dramatic in that sector at least. This rarely happens, however,
and regulations are normally purpose-made for the individual industry or sector
considered such as financial services, energy or telecommunications.
This has led
to our prediction number 6 which (perhaps optimistically) postulates that
regulators begin to understand that resilience will not be improved just by
more regulation.
Resilience is a journey, not a destination and that journey
can only be started with the correct equipment in place (for which compliance
can help monitor) and a suitably committed and capable driver.
In-depth understanding
of whether a business model is fit for purpose in both good and bad times is a
better way of assessing resilience than even the most sophisticated compliance questionnaire.
No-one suggested that Northern Rock failed because it had poor conventional BCM
or that Lehmann Brothers BCM was inadequate. In fact, the latter programmes won
numerous industry awards.
In my view, BC needs to up its game and really do
“what is on the tin” – protect business from all threats and hazards that can
threaten continuity of service, not just treat specific risks that someone has
packaged up for it.
No comments:
Post a Comment