/ Home / Blogs / Russell Price's blog / ISO 22301 ... Business Continuity, Red Tape and Seat belts

ISO 22301 ... Business Continuity, Red Tape and Seat belts

Submitted by Russell Price on Fri, 11/25/2011 - 15:14
in
 
ISO22301 Business ContinuityThere has been some fairly active discussion on a few of the industry forums recently about how standards such as BS25999 and ISO22301 are being seen as potentially even more 'red tape' by many businesses and SME companies in particular.
 
A key comment made was that many smaller organisations are under tremendous pressure at the moment, with more loaded on them by adding Business Continuity to the mix through the new ISO. It was summed up by the title … "It's unlikely that SME's will welcome the new standard with open arms".  
 
While I have great sympathy with the position taken about the plethora of regulations, legislation and other seemingly nonsense GUMPF* that surrounds us and eats away our time, I confess unsurprisingly though it's very hard to agree this is at all valid when it comes to Business Continuity.
 
The point made was not just a specific criticism of a BCM Standard, but more how we need to reduce regulation and red tape.  My observation though is that Business Continuity standards are not comparable to much of the Red Tape (or other hoops) that organisations are made to jump through, and I think I can show this by asking a simple question that is useful in determining if something is merely 'Red Tape' or something more… It's Cui Bono? … meaning "to whose benefit" 
 
Fans of police drama etc may recognise this phrase; it goes all the way back to Cicero and Cassius in Ancient Rome. 
 
Well, good Business Continuity delivers benefits to BOTH sides of the supply equation … the originating company and the customer. Unaddressed risks in the supply chain frequently impact on the customer and it is eminently sensible for them to verify that these risks and events are being assessed and addressed in a reasonable way. Hence the need for consensus on what Best Practice actually is and ipso facto the need for Standards.
 
In a free market, companies have choices. They can choose to apply standards because they benefit directly or indirectly (in BCM terms through increased resilience and an ability to reassure customers of their reliability in dealing with their interests), or not. It is entirely up to them, but market forces will have a say too… 
 
If the general experience of industry is that BCM is a GOOD practice, then it'll grow in use and reach out, becoming a standard practice. If not, it'll wither and die. What we are seeing is that BCM IS being seen as valuable and is increasingly being seen as a essential part of a Good Business' modus operandi. ISO is providing an international consensus on what it entails - and don't forget that there is always the option to 'comply or explain' too.  I am not sure that explanations as to why you aren't protecting the customers - and indeed your own interests - are going to be too convincing though. 
 
Seat Belts and BCM - a tenuous analogy?
 
Business Continuity and Seat Belt Safety - an analogy When I was a kid, I had a friend with horrific facial scarring caused by a relatively minor car accident; his head went  through the windscreen.
 
Back then, road deaths were high and a big contributor to this was the lack of seat belts in cars.  A seat belt would have completely prevented my friends injury.
 
It took years for seat belts to become mandatory, and there was even resistance though they made sense. Today it is estimated that still 5% don't wear them!
 
Below is link is to a study in 1993 about the 'cost of not wearing a seat belt' (North Carolina School of Medicine et al). Now it may seem tenuous, but bear with me. 
 
 
By now many 100,000's of those that opposed seat belts will have been saved from the scars of an accident or worse. Prevention and mitigation of harm is achieved by using a seat belt - it is simply a fact.  What the study also shows is that those NOT using a seat belt are far more likely to engaging in other risky behaviour like drinking (nearly three fold higher and at higher alcohol levels), driving without Insurance or a license (twice as likely), Speeding and so on … In very many of these accidents someone else, an innocent victim if you will, was involved, often suffering injuries and financial loss too. 
 
The cost of seats belt is a tiny fraction of the cost of the Car (<0.3%) yet has a long lived and enduring value (a bit like BCM).
 
You might not think it connects, but I feel that this provides a correlating insight into how some folks see risk, mitigation and BCM. They will just take a chance despite the evidence and the consequences to them and others.
 
Many folks, even now, are prepared to be more than a little reckless in their approach to seat belts, drinking and speeding etc and some folks run their organisations this way too.
 
They fail to take seriously the expectation that it is entirely reasonable to protect the interests of your customers, stakeholders and even communities though some measured preparations (BCM). Many of these are smaller businesses, under pressure and maybe even struggling, but these are exactly the sort that are at far greater risk of the effects of disruption and failure. They might not realise it, they might even resent it, but there could well be an accident round the next corner and it's best that they have a BCM seat belt. 
 
You never know, but some might even come to see BCM in a positive light if they win a few more contracts and avoid a few losses.  One can but can hope!
 
BCM in Business - a seat belt?Standards for Business Continuity make sure that businesses BCM 'seat belt' is fit for purpose.  
 
Market forces, that are increasingly expected to require more consistent standards based planning, is the way of reducing the number of innocent victims of a lack of responsibility. 
 
People who may not want to have a seat belt in the car or in their business are still going to get the value if they are in a crash, even if they have been drinking and taking short cuts in other areas, and stakeholders are more likely to be better protected too.
 
It is a win/win for everyone and for very little money, just like seat belts.
 
Whether ISO22301 is embedded into policies, treaties or legislation is almost a side issue, because the fact is when we answer the question Cui Bono? the answer is everyone.  
 
(* - did you know that GUMPF comes from the Aviation World and is a checklist that stands for Gear, Undercarriage, Mixture, Propellor, Flaps. All pretty important stuff if you are hoping to have a successful flight!) 
 
If you have a comment or want to provide feedback please do let us know HERE!