BCI publishes much anticipated GPG 2018
Written by staff reporter
The Business Continuity Institute has published its highly anticipated Good Practice Guidelines 2018 edition. Its arrival coincides with the first day of the annual BCI World Conference and Exhibition, which kicks off in West London this morning.
The 2018 edition of the guidelines features a new concept for both the design and content. The BCM Lifecycle has evolved from a separate stand-alone cycle of activities to become a series of interconnected cogs. The related management disciplines are shown as separate but closely linked cogs to represent the relationship between the disciplines. Throughout the document, the importance of collaboration between these disciplines is emphasised.
The Policy and Programme Management Professional Practice has been revised to recognise how business continuity has become more established, with programmes being embedded into organisations. The guidance is for professionals who are initiating a new business continuity programme, and to those who are reviewing or revising an existing one.
The Embedding Professional Practice has evolved to cover the integration of business continuity into business as usual activities using a collaborative approach to improve organisational resilience. It addresses the importance of understanding and influencing organisational culture, but a greater emphasis is placed on an organisation-wide approach. It includes adapting to change, and engaging with individuals and groups more effectively.
The Analysis Professional Practice has been subject to the most change as part of the GPG revision. The BCI says the key change here is the alignment to ISO/TS 22317:2015; the international standard for business impact analysis guidance.
While different BIA methods exist, the GPG 2018 edition provides guidance for professionals to apply and adapt these methods as appropriate to the organisations they work in. Combined with a risk and threat assessment, the BIA remains the most effective technique to analyse the organisation and to determine the business continuity requirements that will support a more informed response to disruption.
The Design Professional Practice is the stage of the BCM Lifecycle that identifies and selects solutions to determine how continuity can be achieved during a disruption. The move away from the strategic, tactical and operation-levels in the GPG 2018 edition has led to a more organisation-wide approach to designing business continuity solutions.
Response and review
The Incident Response Structure has moved from this stage of the BCM Lifecycle to the Policy and Programme Management stage when roles and responsibilities are assigned.
The renamed Response Structure section is now part of the Implementation stage. This Professional Practice retains the strategic, tactical, and operational-levels for response structure and plan development, however, the GPG 2018 edition recommends that the organisation should develop a flexible approach that is closely aligned to the existing management structure, and is capable of dealing with many different types of disruption.
The activities of exercising, maintenance and review remain key to the Validation stage of the business continuity programme. The names of the different types of exercises have been amended and guidance is provided for the development programme and the planning and delivery of exercises.
A management review is recommended in the GPG 2018 edition as an additional type of review. It provides opportunities for top management to understand the performance of the business continuity programme and to ensure that is remains aligned to the overall objectives of the organisation. Regular review of the business continuity programme is essential for continual improvement.