Tag Archives: BCM

The Glo-cal Approach for Business Continuity across Multiple Locations


To view this article in its original location, please click here.

What is the common factor between worldwide fast-food chains and successful business continuity management in different offices of the same organisation? The answer is that both use a combination of global and local approaches, otherwise known as ‘glo-cal’. For the fast-food restaurants, global rules that must apply everywhere include safety, hygiene, accounting and branding policies. However, on a country-by-country basis, establishments may be able to offer their clientele supplements or variations to the standard menu. A similar idea can be applied to implementing business continuity planning and management across different branch or country offices.

Business continuity standards and best practices are relevant to everyone. They describe the principles to be used, as well as the key processes. This foundation is essential if business continuity is to work correctly. Consistency between locations is important for ensuring efficient use of resources. It also allows different members of staff to step in and maintain business continuity if necessary. In addition, using the same proven process to reliably assess and plan for business resilience means that items are less likely to be overlooked.

However, local adaptations in business continuity management are also possible. For example, communicating and educating employees about business continuity might be done in different ways. In one office or country, the business culture may be to have formal training sessions. In another, on-the-job instruction and monitoring of employee business continuity awareness may work better. Part of the art of good business continuity is finding the right balance between defining policies and procedures that must globally be observed, and allowing suitable local flexibility to enhance people’s acceptance and enthusiasm for following them.

Where Should Business Continuity Management Live?

Where in your company orgchart should you put BCM? The quick answer is ‘in the business continuity department’. However, unlike marketing, sales, production and so on, business continuity doesn’t always benefit from being a department in its own right. You could tackle the question by putting business continuity management in the department where it first started. You could put it in an area that reflects the way that BCM has grown from a technology-centric consideration to an enterprise-wide concern. You could even make it a direct responsibility of your organisation’s CEO or at least a C-level function like the CFO, CIO and so on. But which of these possibilities makes the most sense?

Business continuity management started some time ago in the IT department. Disaster recovery management that was initially centred on the data centre gave rise to new ideas. These were not just about reacting to disasters, but also preventing them from happening in the first place. The scope of continuity grew as well as organisations came to realise that interruptions could potentially happen anywhere, and not just in IT. As a result, some CIOs have seen how board-level interest in BCM has risen and have been pushing for BCM to remain within the IT remit.

In other cases, BCM has been integrated into the risk management function of the organisation. The advantage is to broaden the application of BCM to make sure that the whole enterprise benefits. However the greatest visibility for this essential function may come from having a CBCO (Chief Business Continuity Officer) at a peer level to the CIO. How many organisations are willing to take this step remains to be seen. What they should avoid however is simply positioning BCM as ‘everyone’s responsibility’ without a clearly designated manager or director to coordinate and drive BCM across the business. So choose the home for BCM that makes most sense for your situation – and is therefore not homeless.

How the Consumer IT Market is Driving Business Continuity Management


To view this article in its original location, please click here.

For many aspects of IT, the business market takes its cue from developments in the consumer sector. Even if other items like servers, databases and virtualisation are still enterprise-centric, developments in tablet PCs and smartphones are driven first of all by what private users want. These mobile computing devices are accounting for an increasingly large part of IT everywhere. That means that if you want to see what will happen in the business market tomorrow, look at the consumer market today. Tablets and smartphones also open up new possibilities for effective business continuity management. But other consumer IT innovations are contributing to changes in BCM too.

Consumer IT has also given us social networks. At first they were a means for making friends, sharing news and expressing opinions. When business discovered the power of social media, it started to put them to use to run operations more effectively, share knowledge better and engage employees. It also spotted the potential for Twitter and Facebook, the two largest social networks, for keeping stakeholders and customers informed in times of crisis. Likewise, several project management software applications now offer internal Twitter-like and Facebook-like functionality for internal social networking to help project teams to better achieve their objectives.

However, that doesn’t mean that every consumer IT novelty will automatically cross over into business. Wearable computing for example may help you to keep tabs on your kids (which may be important), but business users don’t seem to have been convinced so far. One exception may be Google Glass. With its voice recognition, camera and miniature screen, it has already found its way into a number of business applications. It could also help in business continuity situations where hands-free real-time two-way information access and communication is required. And for the future? While Google makes up its mind about an official release date for Google Glass, the 3D web, mobile chips under your skin and the totally connected everywhere Internet of Things provide food for BCM thought too.

Making Business Continuity Management the Bearer of Good News


To view this article in its original location, please click here.

Business continuity management depends on good risk management. That’s a term that resonates with senior management because enterprises and organisations are constantly exposed to risk. So presenting BCM as a way to reduce or even eliminate the negative consequences is often a way to attract the attention of departmental heads and C-level directors. However, as marketers and sales people will tell you, once you have senior management’s attention, you need to build up the interest and move them to action. You could continue pounding home the message about potential damage, but is this most effective way of getting management to act by visibly supporting and implementing BCM?

The fact is that good business continuity management brings opportunity for upside as well as helping to avoid possible downside. Statistics about business failures may get people to listen at first. But BCM done well protects an organisation from all of this. So it’s more of a challenge to get your colleagues to appreciate all the dire problems that BCM has helped them avoid. On the other hand, if you can point to areas where BCM brings positive benefit, you can further reinforce enthusiasm. Of course, you can use a mix of both the positive and the negative to play both angles.

So what are these positive benefits that BCM can offer? They include cost savings (a dollar saved is a dollar earned) on bank loans and insurance premiums, as well as increases in customer loyalty and competitive advantage when bidding for new business. This requires presenting BCM in its best light (talk to your marketing colleagues) so as to bring out key points of interest to your senior management. Then by adding up the various advantages in terms of money saved and business won, you’ll be able to put a figure on what BCM contributes to the organisation to earn money, and not just what it costs to stay safe.

DRI Participates in the Central Bank of the Philippines Business Continuity Awareness Week

Jerome P. Ryan

As vice-chairman of the board of DRI International , I had the great honor of being invited to be the keynote speaker at the Central Bank of the Philippines (BSP) Business Continuity Awareness Week. This was a wonderful opportunity for DRI International, as DRI continues to extend its international outreach and participate even more closely with government regulatory bodies.

I can’t say enough about how impressed I was with both the Central Bank’s hospitality and the maturity of its program. Antonio Grageda, CBCP, is the director and head of the bank’s crisis management office, which is responsible for the BCM program. He has been working hard over the past several years to ensure that the Central Bank has one of the best BCM programs in Asia. It is clear that he has had success in integrating BCM into the everyday activities of the Central Bank, and his office demonstrates this through frequent drills and exercises. Once a year, he and his team, most of whom are also DRI-certified professionals, showcase their achievements and plans for further maturity during the Business Continuity Awareness Week (BCAW).

Screen shot 2014-07-07 at 10.47.30 AMBCM at a Central Bank

We all know how important BCM is; but BCM takes on a special level of importance when it is applied to a nation’s central bank. The resiliency of a central bank to continue to maintain its role as being the banker, financial advisor, and official depository of the government is critical, especially in times of disruption. As many of us know, the Philippines has its share of disruptions from earthquakes, to typhoons, to flooding, and more. Without a central bank’s financial super- vision, management of exchange rates, currency issues, and liquidity management, central banks’ would not be able to promote and maintain price stability and provide proactive leadership in bringing about a strong financial system conducive to balanced and sustainable economic growth.

Simply put, there is far more at stake for BCM planning at a central bank than at most other companies and organizations. Quite literally, the stability of the country depends upon the ability of the central bank to continue operations. We need look no further than the recent events across Europe and most recently in Cyprus to understand what can happen when crisis interrupts a country’s ability to provide strong financial leadership and liquidity.

The Journey Begins

The activities began with a ribbon cutting ceremony in the main lobby of the Central Bank. I had the privilege in joining Deputy Governor by cutting the ceremonial ribbon, thereby officially beginning the BCAW activities. Grageda then provided a walking tour of the exhibit hall to me, the Deputy Governor and other Bank executives and dignitaries. The first stop included in the exhibit showcased a thoughtful message by Al Berman, DRI International president, conveying his acknowledgement of the bank’s program, activities, and commitment to BCM.

In his message to the Central Bank, Berman explained that, “The Central Bank of the Philippines has clearly stated that the overall goal of its business continuity plan must be to (1) ensure that there will be minimal disruption of bank operations (2) to minimize financial losses through lost business opportunities or asset deterioration, and (3) to ensure a timely resumption of normal operations.”

Other stops along the exhibit hall included pictorial representations of the accomplishments in the Central Bank’s BCM program over the past year.

Beginning this year, the Central Bank will transition its program to align more closely with the new ISO 22301 standard. This is a large project, but will certainly pay off in the future.

“We intend to align our BCM practices (now based on BS25999) in accordance with ISO 22301,” said Gregada. “For this, we are now reviewing our existing policies, procedures, guidelines, and processes to ensure that we adhere to its requirements. We also intend to strengthen our BCM governance structure by having a more concrete definition of management responsibilities and oversight functions such as, but not limited to, sponsorship of regular business impact analysis, risk assessments, and BCM strategies implementation.”

All in all, Grageda successfully delivered a BCM prepared- ness message, which we all know can be a bit complex and at times boring for those not in the industry, to the highest level of the Central Bank’s management.

Screen shot 2014-07-07 at 10.48.58 AM

Next Stop, Superb Speeches

After the tour of the exhibit hall, we moved on to the conference room for formal activities. Approximately 70 of the Central Bank’s most senior employees attended this half day event. Amando M. Tetangco, Jr., governor of the Central Bank, joined us and delivered a speech about how important BCM is to the bank and to the Philippines, confirming his commitment to supporting the program.

He emphasized that all employees should be aware of BCM principles as well as their practical applications in the workplace. “Business continuity is at the core of corporate governance and keeping a BCM mindset among BSPers is a patriotic duty. We continue to develop the habit of incorporating BCM in our operations. It should be second nature for us at the BSP to embed BCMS in our processes.”

“The BSP is mandated to provide price stability to the economy through monetary and banking policies. Stability is our mantra, thus, we should do our best to prevent disruptions in our operations,” Tetangco said. “BSP places great importance on BCM. For this reason, the BSP has organized business continuity management teams and key personnel to work in alternate sites to continue mission- critical and time-sensitive operations in case of disruptions. BSP management has adapted BCM concepts and strategies since 2003 and has approved BCM initiatives through the years such as the approval of the bank-wide business continuity plan, and has continuously invested in time and resources for the implementation of its BCM program.”

He added that “resiliency is not just having an alternate site or back-up system, but more about having concerted effort and shared responsibilities among all members of the organization. Business continuity is everyone’s responsibility.”

Armando L. Suratos, a member of the Monetary Board of the Central Bank, also spoke about BCM and affirmed his commitment to its implementation at the Central Bank. I had the opportunity to sit with Tetango and Suratos to exchange thoughts on BCM and benefits of well- defined programs. It was certainly exciting to be sitting with the top level of management and to truly appreciate their commitment and participation in the BCM program.

My Turn to Talk!

I was then introduced to deliver the keynote address. In my speech, I talked about DRI International’s involvement worldwide in standardizing and professionalizing BCM. I also spoke about lessons I have learned in my career both running a large international program and as a consultant to numerous clients across nearly all industries. At the conclusion of my speech, the floor was opened for questions. I was expecting there to be very few questions, but I was proven wrong. This group of senior officials took the opportunity to ask a variety of questions the both related to their own program and that of their wider responsibilities in ensuring access to cash and liquidity to the entire country. Here’s how some of those questions were asked and answered:

What are the common challenges you face in imple- menting BCM in your organization?

Senior management buy-in – when this is accomplished members of the organization, from the top down, show more commitment to building and maintaining a robust BCM program.

How do you secure executive buy-in given that imple- menting BCM program is a challenge?

Senior management buy-in can be obtained through showing value in the BCM program by highlighting the local and international regulations that either directly or indirectly effect the organization, illustrating examples of company failures for not having BCM, describing the BCM program and maturity, and highlighting if your organization is ahead or behind the curve. Finally, senior management will want to see how the organization will be in a stronger position by having implemented BCM.

How frequent should the BCM program be audited?

The general rule of thumb is once a year, but this is really a decision that needs to fit the organization. An audit does not need to take the form a very intensive audit – that can be completed on about a three-year rotation. But every year, the BCM program should undergo a self-audit or a light internal audit. Again, this is supplemented by the larger full audit that should occur about every three years at a minimum.

Screen shot 2014-07-07 at 10.54.21 AM

At the End of the Day

As a former head of BCM at a Fortune 40 company, I understand how hard we professionals work to involve senior management. To be sure, we often accomplish the task of having a C-suite level official endorsing our program or formalize it in a policy statement. But, when was the last time your company CEO, CFO, etc… sat down with you and your staff to both celebrate your program’s accomplishments and discuss improvements of the future? This is what I think sets the Central Bank of the Philippines apart from many other companies and organizations – true senior management support.

In closing, I would like to thank everyone at the Central Bank for their hospitality and congratulate them on a job well done in preparing the Central Bank of the Philippines BCM program.

Jerome P. Ryan, CBCPis vice-chairman of the board of DRI International and CEO of GRM Solutions. Ryan has more than 14 years of experience as a business continuity professional in a variety of industries including financial services, healthcare, and manufacturing.

Prior to joining GRM Solutions, Ryan was the global head of business continuity management at Pfizer. He has also worked at Marsh & McLennan in its risk consulting practice and at PricewaterhouseCoopers in its global risk management solutions (GRMS) consulting practice.

He has a Bachelor of Science degree with concentrations in finance, management information systems, and marketing from Syracuse University. He is currently pursuing his Masters of Business Administration (MBA) degree at Syracuse University’s Whitman School of Management. Jerome is a Certified Business Continuity Professional (CBCP). In addition to serving on DRI International’s board, Jerome is a trustee and budget director for the not-for-profit organization Friends of Leadership in New York City.