Monday, 20 October 2014

Business continuity vs risk management

According to ISO22301, business continuity is defined as the capability of an organisation to continue the delivery of its products or services at acceptable predefined levels following a disruptive incident.

Risk management on the other hand is the systematic process of understanding, evaluating and addressing the risks that an organisation faces in order to mitigate against them.

So that all sounds quite clear. The former is more concerned with the management of a disruptive incident after the event and so deals with the consequences, while the latter focusses on the management prior to any incident taking place and so deals with the threats. Two very distinct disciplines, aren’t they?

If you go back to the basics however, risk management assesses the likelihood of an incident occurring and the impact that it would have on the organisation. If one of the aims of risk management is to mitigate against the impact of an incident, then isn’t this moving into business continuity territory? Doesn't this mean that business continuity is just a function of risk management?

This is the issue that is up for discussion on day two of the BCI World Conference and Exhibition on the 6th November. Panel members from a wide variety of organisations on both sides of the debate will clash as they discuss the motion ‘business continuity can only ever be subservient to risk management’. Don’t miss out on this opportunity, book your place at the conference and join the debate.

No comments:

Post a Comment