Business
In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses Business Continuity standards and how they can help you improve your business continuity and resiliency program. Topics discussed include the ISO 22301 Standard for Organizational Resilience, NFPA 1600, and the ASIS Business Continuity & Crisis Management Standard. Related Episode & Blog Posts Blog Post: ISO 27031: Looking at ISO’s Disaster Recovery Standard Blog Post: Business Continuity Standards: How each can help you Blog Post: An overview of the NFPA 1600 Standard Episode #24 – The Traditional Business Impact Analysis (BIA) Episode #123: Plan Do Check Act and your BC Program Episode Transcript Hello, and Welcome to the Managing Uncertainty Podcast. This is Bryan Strawser, Principal and Chief Executive at Bryghtpath. And in today’s episode, I’d like to talk about business continuity standards and how each of those standards can help you improve your program of resiliency and business continuity in your organization. No matter how much business experience you have, or how long you have looked, or studied, or thought about risk and resilience in your business, creating a business continuity program can seem daunting. But there are internationally recognized guidelines that exist to help you build the right program for your organization’s unique solution. I want to talk through all the essentials you need to understand each of the internationally accepted guidelines and decide which one works the best for you. These standards and guidelines save you from reinventing the wheel when it comes to business continuity by describing what your program needs. These guidelines share many common elements, such as calling for top leadership support, your board, your senior executives, assessing risk and business impact analysis. In general, these standards can be adapted to large and small organizations in any industry. They’re also not prescriptive. They describe what you need to do, but not how you need to go about doing it. All of them though, reinforce the same broad business continuity goals. And those are reducing the risk of disruption, supporting the continuity of your business, and reassuring customers and stakeholders that you can continue to operate. I want to start by describing the NFPA 1600 standard on continuity emergency and crisis management. NFPA is the National Fire Protection Agency, NFPA. This is a U.S.-centric emergency planning specification that’s become globally accepted. NFPA was one of the first standards related to business continuity that appeared after September 11th. The United States Department of Homeland Security adopted this standard, calling it as a, they were describing it rather, as a voluntary consensus standard for emergency preparedness. Likewise, the September 11th Commission Report recognized NFPA 1600 as the national preparedness standard at the time. Despite these endorsements, NFPA 1600 is just a guideline. It’s not a regulatory requirement. It makes up nine chapters on business continuity and emergency management, program management, planning, implementation, training, exercises and tests, and program improvement. Then there’s an Annex B that includes checklists for ongoing self-evaluation.