This week, I’m providing an in-house 5 day business continuity training course to a group of business continuity coordinators for a large UK company. These things raise my spirits as they demonstrate a company that is not only taking business continuity seriously, but is paying money and putting time aside to ensure that those involved in the implementation of business continuity are properly trained and equipped for their role.
This is very much out of the good practice mould, and the company is to be applauded. However, despite getting this important and costly element right, they have managed to stumble over something that is quite simple and cheap to get right.
On the first day of the course I was describing the BCM Policy to the delegates, and naturally asked them about their own company’s BCM Policy. None of them had seen or heard of it, despite the fact that I know that it has been produced and contains all the usual things that you would expect in such a document. Why hadn’t they seen it? It’s not a highly secure document, in fact its available to any stakeholder. It appears that the document has been in existence for some time, and although it may once have been circulated to all those with some kind of a role in implementing business continuity, it now seems to sit passively in a central folder waiting to be accessed by anyone who is interested.
All the company needs to do is to provide the BCM Policy to relevant staff on a periodic basis, and in particular when someone is newly appointed to a business continuity role. Simple, cheap, but easy to forget.