Risk has always been a part of business. Whether making an investment in a new technology or taking on a new supplier, there is an element of risk in more or less every business decision. Standards have traditionally been used as part of the toolkit to reduce risk. ISO 14001, for example, helps companies manage environmental risks, while BS ISO/IEC 27001 (formerly BS 7799) offers business a clear way to mitigate risks in information security.

During recent years that saw the London terrorist bombings, hurricanes Katrina and Wilma and a major oil depot explosion just north of London, it’s hardly surprising that the broad subjects of risk management (RM), disaster recovery (DR) and business continuity management (BCM) have moved back onto the business pages of the nation’s media. Despite this heightened awareness, however, businesses are still putting themselves at unnecessary risk by failing to prepare thoroughly for IT or supply chain failure.

While risk management covers a large and overlapping range of business areas for which there are already a number of existing standards, from corporate governance to corporate social responsibility and health and safety, BCM represents an effective starting point for companies concerned about interruptions to their business.

Risk management revolves around the critical activities that keep the business alive, and BCM is a vital component of this process. Through BCM, an organization seeks to identify what needs to be done before a disruption or incident occurs, to keep an organization’s people, assets, systems and information secure. BCM also outlines the skills needed to manage situations if they occur, to protect the reputation of an organization and keep it up and running.

BCM is a holistic management process that creates a framework for defending against potentially negative incidents that a business could suffer. It is not limited to any individual department or supplier, but looks at the big picture, assessing potential disruption at all levels. 
An integral part of any well-run organization’s risk management strategy, a good BCM protects stakeholders’ interests, reputation and brand, and is a key element in any well-run organization’s risk management strategy.

RM consitutes an umbrella framework which takes in disciplines as diverse as knowledge management, health and safety, crisis communications and PR. As such, it represents the ideal place to begin searching for common ground and build a risk-aware standard for the future.