A pair of business continuity planning (BCP) experts recently voiced concerns about their profession. Tim Armit from the U.K. recently observed that the scope of business continuity too often gets restricted to physical disasters and IT failures. Ken Simpson later weighs in from Australia with an observation that BCP is becoming more fixated on management systems and certifications, rather than the holistic ability to manage incidents and recover.
We who focus on crisis/reputation management should echo their concerns.
To Tim’s point, we witness far too many organizations that restrict crisis management capabilities down to media management and, increasingly, reacting to the blogosphere. This approach falls far short of a comprehensive crisis management approach that (re)evaluates threats to/from employees, customers, business partners, regulatory authorities, politicians and other stakeholders and publics.
To Ken’s point, far too many organizations fixate on crisis management plans – sometimes, to satisfy Board member requirements or to “certify” that a preparedness program exists. A plan, however, is not a capability. Training, testing, monitoring, analyzing threats, mitigating threats and making ongoing improvements to your systems and approaches – those are the ingredients required for a robust crisis management capability.
Sadly, I’m aware of a fraction of organizations that dedicate enough attention and resources to manage crises comprehensively. Tim and Ken, you’re not alone in your lament.
What are your thoughts?