The Development of Business Continuity Management

Since its introduction in the 1970s, the practice of Business Continuity Management (BCM) has greatly evolved, due to the shift toward digitalisation and globalisation in addition to the introduction of governance and legislation within the approach.

From its conception, BCM developed from an initial focus on technology only, into an approach integrating compliance in the 1980s.

The 1990s then saw the consideration on how Business Continuity (BC) could add value to an organisation taken into account, and into the 2000s the industry moved further toward an integrated approach factoring the element of people within the business as a key priority.

From here, we have noticed the number and complexity in the types of incidents which could disrupt a risk increasing, and the market responding to this by progressing to a complete Risk and Resilience platform combining BC with other key disciplines like Enterprise Risk Management (ERM), Disaster Recovery and Crisis Management.

In this article we will investigate this evolution and its causes in more detail.

1970s

BC was introduced into industry for one major reason to protect the cooling pipes that at this time kept mainframe computers at operating temperatures in server and control rooms.

The common thought (and now widely known as misconception) at this time was that business disruptions could always be put down to issues with technology, so the entire Business Continuity Management System (BCMS) focused around an organisation's hardware.

1980s

When this decade began, there was a shift from a technological aspect, in that the mainframe computers which had until then been the most common way for a company to handle data were replaced with end-user machines. This highlighted a requirement for compliance and policy.

Business Impact Analysis (BIAs) were brought into the practice at this time, and we saw a gradual progression toward some consideration of protecting other elements of the organisation than its technology, such as business processes however the market was still majorly concentrated toward the functionality of a business in terms of its hardware and systems.

1990s

With the 1990s came another change this time a more inclusive approach around the requirements to protect the business as a whole, which meant including additional factors which had not previously been considered such as a company's employees.

In line with pandemics like the bird flu outbreak within this decade, it was acknowledged that a business disruption did not necessarily have to be a technological one, and an incident affecting an organisations people could be just as detrimental to its operations.

2000s and beyond

From the 00s to modern day, the practice of BCM has continued to become more integrated in order to address the growing factors which affect contemporary operations, including an ever-increasing level of policies, governance and legislation in addition to the growth in number and complexity of risks a business is exposed to from increasing cyber threats and data breaches, adverse weather incidents from the global warming effect and many more.

Business Continuity Management Systems are designed to incorporate an entire company its functions, people, property and products/services.

A BCMS, when correctly implemented, is a continuous process, integrating with other risk practices being carried out within the business, to create an overarching Risk and Resilience ecosystem.

As with all modern practices, Business Continuity Management has benefitted from digitalisation and practitioners that were at one time pained with a number of tiresome, time-consuming manual tasks to complete plans, BIAs, testing and more, now have the capability of automating and coordinating all of their activities and processes into one comprehensive platform utilising software like the offering from C2.

The introduction of international BC standards firstly BS25999, which has since been withdrawn in response to the publication of ISO22301 - provides the discipline with more structure than ever before, and Institutions like the Business Continuity Institute and its best practice guidelines providing further support and guidance for business continuity management.