A very good write-up by one Mr. Paul explaining what is Business Continuity all about and his respect to the profession he and others are engaged in….
Business Continuity, A History of Challenges
Rooted in the need to protect expensive investments in mainframe computer systems, the business continuity profession was originally called “disaster recovery”. Considering that millions of dollars were typically invested in medium- to large-scale installations, often in a single data center, many companies were at risk of catastrophic loss if their “glass houses” were damaged or destroyed.
During the late 1970s, the height of the mainframe era, a number of visionaries in the US, UK and other parts of the world realized that they had to develop ways not only to protect their massive investments from potential disasters, but also to devise procedures for recovering and restoring systems and data to their original pre-disaster state.
Leveraging vendor support, planning and project management skills, as well as common sense, the early disaster recovery planners created primitive – by today’s standards – recovery plans and strategies to protect their complex infrastructures. A few early technical standards emerged, such as “circulars” issued by the U.S. Comptroller of the Currency, Federal Information Processing Standards (FIPS), and others mostly from financial sectors.
As the embryonic profession entered the 1980s, several of the early visionaries realized there was money to be made by selling their disaster recovery skills to others. These individuals were, essentially, the “founders” of the profession as we know it today. Only a few books and technical articles were written on the subject during the 1980s; it was such a new activity.
One of the first professional groups to address the discipline was the Association of Contingency Planners (ACP), opened its doors in 1983. The Contingency Planning Exchange (CPE) and Disaster Recovery Information Exchange (DRIE) launched in 1985 in greater New York City and Toronto, Canada, respectively. Survive, based in London, UK, launched in 1989. The first publication to recognize the new discipline, the Disaster Recovery Journal, launched in 1987.
Disaster recovery was truly a global phenomenon. Other city-based professional groups emerged during the 1980s; their mission was to network, exchange ideas, and educate themselves on the profession. It still is today. The first book publishing firm dedicated exclusively to disaster recovery was Rothstein Associates, Inc.
The first organization that offered professional accreditation in disaster recovery was the Disaster Recovery Institute, today known as DRI International, which launched in 1988. Various companies entered the disaster recovery industry during the 1980s, including SunGard, Comdisco, IBM, Hewlett-Packard, Iron Mountain, Vital Records, BMS Catastrophe, and many others.
The profession was gaining acceptance as an important element in data processing and information technology departments around the world. More attempts at standardization occurred; these efforts were supported by the DRI and its accreditation program. A few academic institutions offered coursework in disaster recovery.
As the disaster recovery profession entered the 1990s, it became clear that entire enterprises – not just data centers – were in need of the protective aspects of disaster recovery. To reflect this gradual shift to a holistic business focus, the profession was soon known as business continuity. As is often the case, more vendors entered the game; more publications competed for readers and advertisers; new professional groups chartered around the world; and a new accreditation group based in the UK, the Business Continuity Institute, entered the game in 1994.
A new publication, Contingency Planning & Management, entered the game in 1997, despite the failure of several other magazines.
As the US economy exploded during the 1990s, the business continuity profession also experienced solid growth and acceptance, albeit mostly in such industry sectors as banking and finance, insurance, health care, and pharmaceuticals, where heavy government regulation and scrutiny were the norm. Many focused efforts in business and government sectors resulted in better defined and standardized business continuity activities.
Practitioners had numerous software-based products that could greatly enhance their abilities to complete business continuity projects. A few more academic institutions offered courses, but more emphasis was placed on emergency management.
As the profession proceeds through the early part of the 21st century, it faces perhaps its greatest challenges. With a base of perhaps 15,000 to 20,000 practitioners worldwide, the profession is challenged to assert its position as a valuable part of corporate governance.
In the aftermath of several devastating disasters, such as September 11, 2001, massive hurricanes in 2004 and 2005, and numerous terrorist activities around the world, the profession is challenged to define not only its presence, but its value proposition to business and government agencies that may still be largely ignorant of its value. The prospect of still more natural disasters looms over this country and around the world, as does the threat of terrorism in the form of chemical, biological, radiological and nuclear events.
The business continuity profession is at a major crossroads in its limited history. It continues to define itself, its standards and professional practices, its professional recognition and acceptance, and its role in the areas of risk management and corporate governance. To be successful in the future the profession must gather its various elements into a cohesive holistic approach to protecting business and government.
It must be able to work effectively with other related disciplines, such as physical security, information security, facilities management, emergency management and homeland security. And it must earn the respect and acceptance of business and government leadership, the same as other professions like engineering and accounting.
Paul Kirvan, FBCI, CBCP, CISSP
1166 Avenue of the Americas
New York, NY 10036