| Is the business continuity manager’s role changing? ‘Yes’ is the conclusion of Continuity Central’s latest quick survey.
Interestingly, the common assumption that business continuity responsibility is migrating towards being a board level position may be incorrect. Survey responses were only accepted from people who had a business continuity role. Of these their executive level was as follows: Board level director … 0 percent Clearly, if companies have aspirations to make business continuity a board position, this has not yet happened in reality. Respondents were asked to provide more details about how their role had changed. A sample is included below: COMMENTS FROM THOSE WHO NOW HAVE MORE RESPONSIBILITY THAN THEY DID TWO YEARS AGO: * BC has moved from being an IT function to a function on its own where IT is just a part of the whole. * The BC role gone from a facilities role "add-on" to a full role by itself. * BC and IT security roles have been more closely aligned, with staff taking on responsibilities in both areas. * Risk analysis for IT systems introduced as opposed to pure DR. * 2 years ago, I was responsible for corporate DR on a s/390 & AS400 only. Now I am responsible for BCP for all ICT-related issues within the 3rd largest municipality in South Africa. This responsibly has included the drafting of an ICT security policy document. However, I am not responsible for security or compliance issues. The BCP covers 5 data centres which include s/390, AS400, SAN and +/- 40 server-based systems. * The role was primarily focused upon "facilitation" and embedding the culture and ownership of BCM within business areas. To ensure momentum and the subject does not disappear into the "strategic void" this is demanding that the role continually drives the business along the BCM path. * Assumed responsibility for crisis management arrangements and for aspects of information security. * More integration with disaster recovery and crisis management. * More security activities, more problem management participation, less technical knowledge required, more audit knowledge required. * More crisis management issues expected to be managed - not just BCP. * The range of credible hazards has increased dramatically without executive managers comprehending the consequences upon operations and the organization. * There is a lot of misunderstanding about business continuity, and senior managers have a tendency to panic, jump on the buzz-words and not really know what they are asking for. This has been fuelled by Sept 11 and Bali and so we are spending a lot more time educating and fire fighting and trying to get people to understand that BC is an ongoing program not just a 3 month project. * Less money and more interesting, challenging work. * Being a utility, NERC, DOT OPS, AGA now require compliance by 2004 in the area of continuity. * My accountabilities include merging the IT BC plan with the corporate BC plan as well as collaborate with security, facilities management and risk insurance to create a consolidated incident command process. * Responsible for more regulatory compliance issues. * Emergency manager: have had business continuity and risk management added to area of responsibility. * HS manager: The title health & safety manager is fast becoming old hat. Far more outside influences on the business require a different approach to managing safety or risks, we are therefore risk managers. In my particular case the job has grown from managing safety to recognising the hazards, identifying the risks and recommending/driving through solutions. This has incorporated disaster, emergency and business continuity. * Responsibilities increased from a primarily local focus to a more global focus. * Disaster recovery and business continuity used to be only part of my network job. In the past 2 years I have made a career of disaster recovery. * The job has evolved from an operational one to a coaching and auditing one. * Moving more into other aspects of operational risk management. * New role created in June 2003. Initial remit has grown to include input to new bids, other projects and has focused on a lot of head office work. Now have agreement to reps in each department on a permanent basis with 'dotted reporting lines' to me as opposed to temporary project reps. * Previously my role included some project management work, but now I am responsible just for business continuity for all of our customer contact centres. There is a lot more focus on it now. * Since being employed 2 years ago as a specialised BC manager my role has had more responsibilities added to it leaving less time for BCP. * Added physical security plus information security. * I now manage Corporate OH & S and business continuity across the company. * BCM added to my information security mission. * Role expanding beyond single entity focus. * Business continuity vs. disaster recovery focus and "push back" on business assumptions and RTO/RPO categorisations. * More involvement in risk assessments, FSA reports, more recovery tests at DR site, more testing of employees on their knowledge of company's DR policy so they know what to do in the event of a problem. * FSA emphasis on risk management has meant that the focus of the roles throughout the company has changed, and become more prescribed. Areas we would have wanted to remain flexible in, we have had to become more rigid etc. * The initial work was around getting BC plans and structures to support them in place. The emphasis now is more on resilience and management of critical incidents - whilst maintaining and developing plans too. * I have moved into a newly created full time BCM & operational risk management role - previously this was a part time role amidst many other project driven work. The focus has also moved out of IT and into Operations COMMENTS FROM THOSE WHO NOW HAVE MORE RESPONSIBILITY THAN THEY DID TWO YEARS AGO: * Moved from operations to a governance role. * We have taken the approach of rolling BCM out to the business units where they are responsible for their own destiny and corporate taking an audit role against the policy. WANT TO TAKE
PART?
•Date:
6th January 2004 •Region:Worldwide •Type:
Article •Topic:
BC general |
