The purpose of this paper is to try to encapsulate from a Business Continuity Management angle the dilemma between growing your business by focusing on your key competencies while making sure not to compromise safety.

Intelligent growth through “knowing your business well”, agility, innovation (differentiation), motivation and “being in charge”!

The continuous globalisation, streamlining and harmonization will require that companies more prudently will have to focus on what they do best in a responsive and resilient way – i.e. management will have to prioritize solutions that can be quickly implemented in order to secure further process integration and to continuous improve on ROI. All solutions, no matter their ranking and speed of implementation, should never compromise the interests of the key stakeholders of the company nor the reputation, brand and value creating activities of the same company.

BCM is concerned with managing risks to ensure that at all times an organisation can continue operating to at least a pre-determined level. The responsibility of defining a satisfactory pre-determined level of continuous operations lies with top management/board.

Therefore, top management having an increasing complexity in relation to their IT – investments, which also becomes ever more synonymous with the supporting infrastructure of the company have to be incentivised in a way in order to increase employee awareness with respect to security in general and IT-security in particular. The people in a company can with the right motivation be “the strongest layer of defence”. “Setting the tone at the top” – drives behaviour more than anything else.

In order to do so top management should make sure that a process exists, that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response, which safeguards the interests of its key stakeholders, reputation, brand and value creating activities. Such a process is Business Continuity Management/BCM.

As IT is the most critical element in supporting the vital/critical processes of most companies today, this e.g. also requires that a regular assessment process exits regarding the services of their IT outsourcer in order for top management to evaluate the value-added contribution from the IT vendor. This should be done by prioritizing each outsourced component (i.e. mainly commoditized component) and attaching a specific value to each component. This value is supposedly mainly an operational value, which describes the importance of the component with respect to securing the continuous outsourced supporting infrastructure.

BCM is also the process of anticipating incidents which could affect critical functions and activities of an organisation, and ensuring response to any such incident is in a planned and rehearsed manner.

Above and beyond anything else – with respect to security – it pays to hire people with the “right attitude”

Henrik Ahlm, 31. July 2008

Henrik Ahlm