EH&S professionals should understand and implement Business Continuity Planning (BCP) within their organisations, thereby adding value to the overall management of business risk and hence organisational profitability and sustainability.
Business continuity is often overlooked by safety, loss control and risk management professionals: hence the missing link in the title of the paper.
The component parts of a risk reduction or loss control programme are accepted to be:
injury prevention
damage control
fire prevention
security
occupational health and hygiene
environmental pollution control
product liability
public liability
business continuity
Business Continuity Planning (BCP) is not just about disaster recovery, crisis management, risk management or IT. It is a business risk management issue. It presents you with an opportunity to review the way your organisation performs its business processes, to improve procedures and practices, and increase resilience to interruption and loss.
To quote the Business Continuity Institute, the professional body for BCP:
"BCP is the act of anticipating incidents which will affect critical functions and processes for the organisation, and ensuring that it responds to any incident in a planned and rehearsed manner."
The Turnbull Committee "Guidance for Directors on Internal Controls" sets out an overall framework of best practice for business, based upon an assessment and control of their significant risks. For many companies, BCP will address some of these key risks and help them to achieve compliance.
Hence BCP as an activity has two primary objectives:
Minimise the risk of a disaster befalling the organisation, and
Maximise the ability of the organisation to recover from a disaster.
The BCP is therefore a combination of disaster/risk avoidance and the ability to recover.
Modern businesses cannot avoid all forms of corporate risk or potential damage. A realistic objective is to ensure the survival of your organisation by establishing a culture that will identify, assess and manage those risks that could cause it to suffer:
Inability to maintain customer services
Damage to image, reputation or brand
Failure to protect company assets
Business control failure
Failure to meet legal or regulatory requirements