How I Met With Business Continuity
By Burak Deligöz, Unit Manger | Corporate Strategy and Performance Management
Other than those who start working in companies providing consultancy in Business Continuity (BC), the role of the BC professional is usually obtained along a career path, sometimes voluntarily and sometimes due to the role undertaken.
I first encountered BC because it was part of the responsibilities of the department I worked for and because of my work on management systems. I am glad that I found it.
The syllabus for the undergraduate department of Management Engineering, which I graduated from around 20 years ago, included the management of corporate operations, finance and marketing. However, I don't remember hearing about BC. This is understandable because we can assume that the concept only became widespread after 2000. The first academic thesis in Turkey that includes the concept of BC is a 2002 master's thesis on the risks and control of electronic transactions in financial markets. For some sectors, legal regulations on BC entered into force in the 2010’s.
In my company, where I started as an assistant specialist 15 years ago, I was asked to complete research into the Information Security Management System (then called ‘BS7799’ but later ‘ISO/IEC 17799’ and now ‘ISO/IEC 27001’). One of the sections in that standard was “Business Continuity Planning” and this was my first encounter with the concept of BC.
I was then responsible for IT project and programme management and this lasted for about 8 years -meaning I was no longer directly responsible for management systems or information security. Although, a study was initiated by our company during this period and I remember that, as a business unit, we filled in forms for the Business Impact Analysis (BIA). Training and presentations were made available for the entire company and a Business Continuity Management System was established.
After this, I moved to the management systems department, with BC one of its responsibilities. My job was made easier by reviewing previous studies, a well-developed knowledge base and industry standards. Other ISO management system standards (ISO 9001, 10002, etc) had undergone changes and we had to make adaptations within the organization. In addition, the ISO 22301 standard was now accepted and used in the field of BC. As a result, we started to manage them as integrated management systems.
Future proof your career
In accordance with the theme of The BCI’s Education Month (‘Future Proof Your Career’), these are some of my humble suggestions to increase the level of knowledge and encourage good practice within your organization:
- Watch The BCI's webinars amongst other resources (Continuity Central, etc). They are very useful to see both the agenda and where BC evolves.
- Subscribe to the e-mail listings of these organizations, follow related websites and institutions on LinkedIn, and listen to podcasts.
- If available, request consulting services to analyse your current situation and see what can be improved or to increase your maturity level. An outside eye can see the points that you cannot see in your daily routine and can provide know-how.
- There are many aspects of BC and Resilience: communication, IT recovery, HR, facilities, emergency management, training, core operations, suppliers, etc. For this reason, first look at the big picture of your organization's activities, then prepare alternative solutions in detail, according to the level of criticality.
Overall, I find ISO's “Plan - Do - Check -Act” mechanism is well suited to BC because the essence of the job is to:
- Plan - for all kinds of interruptions
- Do - disseminate alternative communication tools, such as satellite phones/internet-based tools, IT backup, DRC, carrying out training and awareness raising
- Check-through drills and exercises
- Act – by making improvements for faults and deficiencies
The importance of increasing BC awareness
“Not If, When?” is the title of an article I read while working in BC. It affected me a lot. As people or institutions progress, they may encounter many natural or human-induced obstacles, this is the flow of life. While preparing training on BC issues, I used to give examples of real events, such as sharing news and links that an event, such as a power outage, flood, fire, or cyber-attack, which had just happened in an institution or to a city recently.
Unfortunately, Turkey is a country that frequently encounters crises. From earthquake to economic crisis, fire to flood, many disasters take place. Companies usually have some structures in place because of these events, but of course, we can say that the number of companies that structurally implement BC and Resilience is low. There were 136 companies with the ISO 22301 Business Continuity Management System certificate in Turkey in 2020. Of course, this number does not provide clear information, as not being certified does not mean not having these functions/competencies, but it gives an idea.
The importance of BC, both in terms of risk management and overall perspective, was not where it should have been. Although, this has changed since the COVID-19 pandemic. Now, we see that BC is more on the management agenda for both large-scale and medium-sized companies and it has started to become a part of the organizational strategy.
When the news broke that the pandemic had reached Europe from China, while no patients had yet been announced in Turkey, we started preparing with senior management and relevant units and immediately put the existing BC practices into action. All relevant business units took and implemented fast and people-oriented decisions. Since then, we have continued the measures with a continuous review. Perception of the importance of BC and Resilience has increased. We are now using this awareness to increase our preparations against other disruptions and crises, especially the earthquake that is expected in the Marmara Region.
Learn more about Education Month 2022 and upcoming webinars: