In the
world of Business Continuity Management (BCM), two terms often confuse
professionals: Policy and Strategy. Although they’re closely related, they
serve distinct purposes in ensuring an organization’s resilience.
A Business Continuity Policy is a concise and accessible document that
defines the organization’s commitment to BCM. It outlines the roles and
responsibilities, top management’s support, and the overall direction for
implementing and maintaining BCM. The policy should be:
· Readable and accessible to all employees.
· Included
in awareness programs and induction for new employees.
· Shared with
external stakeholders, such as regulators, auditors, and suppliers.
It must emphasize continuous improvement, highlighting that everyone in the
organization—not just top management or the BCM department—plays a role in
enhancing resilience. On the other hand, a Business Continuity Strategy
is a detailed framework that outlines how the organization will achieve the
goals defined in the policy. The general strategy for business continuity
serves as a comprehensive framework that focuses on bridging the gap between
the current state (As-Is) and the desired future state (To-Be). This strategy
aims to achieve the overarching objectives outlined in the policy by
analyzing these objectives, breaking them down into initiatives, and further
translating those initiatives into actionable projects.
Does your organization have a Business Continuity Policy? If not, do you
believe its absence could impact on your organization’s resilience?
|