How mature is your organization when it comes to business continuity & organizational resilience? Does your Business Continuity Management (BCM) program crawl, walk or run? From self-governed to synergistic, we have identified 6 levels of BCM maturity that most companies fall into. What is your organization’s level? Here is our breakdown:
You’re so BCM immature!
Levels 1-3 represent organizations that have not yet completed the necessary program basics needed to launch a sustainable enterprise Business Continuity Management (BCM) program.
Individual business units and departments are "on their own" to organize, implement, and self-govern their own business continuity or disaster recovery efforts. The state-of-preparedness for disruptive events is low across the organizational enterprise. The organization or individual departments reacts to disruptive events when they occur. There is no real planning involved: business continuity recovery if reactive vs. proactive.
At least one business unit gets it. You have reached Level 2 of BCM maturity if at least one department or business unit has initiated efforts to establish management awareness of the importance of Business Continuity. A few functions or services have developed and maintain BC plans within one or more BC disciplines such as:
At level 2, your organization has at least one internal or external resource assigned to support the business continuity efforts of the participating business units and departments. The state-of-preparedness may be moderate for participants, but remains relatively low across the majority of the company. Management may see the value of a BCM Program, but they are unwilling to make it a priority at this time with minimal executive buy-in.
Participating business units and departments have instituted a rudimentary governance program, mandating at least limited compliance to standardized BCM policy, practices, and processes to which they have commonly agreed. (Note: this is not an enterprise BCM policy.)
Levels 4-6 represent the evolutionary path of the maturing enterprise BCM program. If your company achieves level 4, you are compliant with most standards. Content has been added that specifically address the following standards; ISO 22301, NFPA1600, ASIS and BS25999.
Congratulations! Senior management gets it and is committed to the strategic importance of an effective BCM program throughout the organizational enterprise. In addition there is an enforceable, practical BCM policy which adopts associated standards, including methods and tools for addressing all 4 BC disciplines:
But wait, that’s not all! A BCM program office or department has been created to govern the program and support all enterprise participants ensuring that:
At level 5, the organization meets all of the requirements of level 4 that is now integrated throughout the company enterprise adopting continuous quality improvement practices.
You rock levels 4 and 5 with a new air of worldly wisdom. As official business continuity gurus you have:
CONCLUSION:
Keep in mind, BCM maturity is not static, so if you haven’t reached your desired maturity level, you can still progress to the next level. Be sure your BCM program doesn’t lose momentum or it can fall back one or more levels. As with any business process, if the supporting infrastructure is removed or significantly diminished, the effectiveness of the BCM Program will deteriorate and with it the company’s state-of-preparedness.
These Business Continuity Maturity Model (BCMM) standards can be easily applied to other standards including government and military COOP standards. Please contact our business continuity service center for a free 15 minute consultation to find out more.