Mind your own business continuity planning

share this article

Business continuity management has been around for a while. In today’s increasingly complex global world, it needs to become more holistic and Darwinian.

In business, you shouldn’t jump the gun, but failure to plan properly for contingencies will boomerang on you.

The term ‘Going Concern’ is an apt one to denote a commercial entity. Businesses are constantly ‘concerned’ about how to keep themselves ‘going’. Business continuity management (BCM) strategies have evolved as business became more complex, more global, and more digital. As the importance of business continuity planning has become increasingly evident, it makes sense to explore how BCM works to protect the longevity of organisations.

Most of the early focus (1970s) in the art of business continuity was on protecting large data centres with large mainframe systems. These data centres were water-cooled and the purpose of BCM was to protect the pipes providing the chilled water supply.

Business continuity grew into an actual profession in the early 1980s. The West led the charge. The United States government introduced its first standards on BCM in the 1990s, originating the terms ‘continuity of operations’ (COOP) and ‘continuity of government’. Today, all federal agencies must have COOP programs.



The dawn of the 21st Century brought along the Year 2000 problem, a.k.a. the Y2K problem, which affected businesses that were dependent on Information Technology, especially the banking sector. This highlighted the need to conduct a business impact analysis to proactively mitigate risks. One of the inflection points which reinforced the need for a robust business continuity was the terrorist attack on the World Trade Center which took several successful firms out of business. Over a period of time, new threats like pandemic attacks, and many extreme weather conditions started disrupting businesses across the globe, necessitating the need for stronger BCM practices and corresponding regulations.

Today, global regulations and standards — GDPR, NIST, HIPAA, ISO 223001, etc., — specifically mention business continuity as a non-negotiable mandatory requirement. More than 125 such global regulations, standards and good practices across the globe highlight the need for business continuity.

Where are we now?

Business Risk forecasting and management is constantly evolving. The business landscape continues to be transformed drastically due to disruptions by technology, geopolitical risks and increase in scrutiny. In this context, BCM takes on a whole new meaning. It’s time to redefine the boundaries of business continuity and make it more comprehensive. We see the risk landscape evolving at all three layers for an organisation. We can broadly categorise them into Macro, Strategic and Operational factors.



Macroeconomic risks are global factors that are likely to affect the overall ecosystem in which an organisation exists. According to the WEF Global Risk Report 2018, there is a slew of security, financial and environmental threats that pose the greatest risk to businesses around the world today. These include political disruption, economic recovery, terrorism, natural and man-made disasters, and pandemics, apart from new disruptive technologies and cyberattacks.

Strategic risks faced by an organisation are those which may affect the viability of its strategy and growth opportunities. Increasing competition, failure to innovate, talent and skill shortage, profitability/cash flow, reputation management, organisational culture around innovation and risk management are some of the strategic risks areas going through rapid change.

Operational risks are factors that might affect key operations that an organisation performs in executing its strategy. Increased regulatory and public scrutiny, increased likelihood of business interruptions, outsourcing of operations and supply chain, rapid evolution of delivery models, investments in new technologies and quality control are some of the vectors at play in this space.

Long-term prosperity in business is rare and decreasing. In the U.S., for example, research has shown that companies currently remain in the S&P 500 index for an average of just 18 years, down from 61 years in 1958. And it’s a similar story elsewhere in today’s dynamic, interconnected world. (Source: Creative Destruction Whips Through Corporate America, Foster R. Innosight. 2012).

Organisational resilience

Traditionally business continuity has fallen into the realm of operational risk, limiting itself to managing continuity of operations alone. This principle, today, needs to be revisited. The evolution of Business Continuity into Organisational Resilience perhaps provides us with a shade of the answer.

The landscape of business risks is constantly shifting and organisations need to be on top of the potential factors that could impact chances of success. This age needs a new type of strategic thinking which is nimble with real-time feeds from different sources so as to enable firms to seize opportunities, mitigate risks and refresh business models on the go. The need of the hour is to take a holistic approach — both internally and externally. It requires firms to look at organisational resilience as a metric while involving multiple stakeholders — industry, government and civic society in the journey.

As per BSI, (British Standards Organisation) Organisational Resilience is based upon a much broader view of resilience as a value-driver for organisations, enabling them to perform robustly over the long term. Organisational Resilience reaches beyond survival, towards a more holistic view of business health and success. An organisation becomes resilient by inculcating and applying Darwinian principles to its approach, adapting to a changing environment in order to remain fit for purpose.

Today’s BCM is about the overall resilience of an enterprise.

Why you should pay for quality journalism - Click to know more

share this article
This article is closed for comments.
Please Email the Editor