An Interview with the Chairmen of the
Business Continuity Institute, (BCI), Lyndon Bird
and Disaster Recovery Institute International, (DRII), John Copenhaver

e-GUIDE() : Many Business Continuity Management (BCM) practitioners are concerned that the DRII and the BCI do not work together more closely. Do you have plans to change this situation?

BIRD: The answer is yes, and it is already happening. Recently, two significant meetings were held in London and San Diego. For the first time, the leaders of the two major Business Continuity professional institutions joined forces to discuss issues of common concern. Firstly, John Copenhaver visited London to address the Board of the BCI. Two weeks later this was reciprocated when I met with the Directors and Members of the DRII in San Diego. This spirit of co-operation was also evident at a joint presentation given at the Disaster Recovery Journal (DRJ) Fall World Conference, which followed the DRII meetings. After introductions from John and myself a presentation was given by representatives of both Institutes about the revised set of certification standards for the industry. These had been developed by a joint working party from both bodies, working in a spirit of friendly co-operation.

COPENHAVER: The meetings this fall and the conference presentations were largely the result of hard work done by representatives of both Institutes on the certification standards – a good start, but by no means an end product. We – the BCI and the DRII – will continue to collaborate on these standards to ensure that the standards represent the best thinking in our industry across the globe. And keep in mind that we will both be looking to expand our collaboration into other areas where such a combined approach lends strength to our industry. We hope, and fully expect, that the excellent working relationship that exists between Lyndon and me will be continued by our successors well into the future.

: Has there anything fundamentally changed that has made this co-operation more likely to be extended in the future?

COPENHAVER: World events in the past several years have shown dramatically that the nature of the risks faced by businesses today – in particular those companies with multinational operations – has changed, and not for the better. The consequences of terrorism, network failures, and even executive misconduct have changed the face of business in general, across all national boundaries. We live in a more dangerous world, where the proliferation of technology and its impact on communications have created a new environment in which businesses can fail much more quickly and for a greater variety of reasons than ever before. In this new environment, advance planning for emergencies – or interruptions, or crises, or whatever term you may use – has moved past a “nice to do” item on the “we’ll get around to that” list of corporate priorities into a requirement high on the corporate governance agenda. The DRI International and the Business Continuity Institute are well situated to provide guidance in this area of planning, and together can establish a strong direction for its implementation.

BIRD: What has made this co-operation essential is the increasing demand for a global approach to Business Continuity Management (BCM) around the world. This led us all to accept that the skills and experience embedded within both organisations needed to be fully utilised, not compartmentalised. Whilst both organisations are certification bodies for Business Continuity professionals and could be competitive in some situations, much of the mission of both is in the development and promotion of good BCM practice throughout the world. The nature of global terrorism has demonstrated the need to address risks internationally, and also the fact that it is now impractical to isolate knowledge silos (risk, emergency planning and business continuity). When BCM industry leadership is needed globally, both bodies are better able to provide that co-operatively rather than competitively.

: You say there is a demand for a global approach to BCM, but in how many countries is it a serious management discipline?

BIRD: Speaking for the BCI alone, we have over 40 countries represented in our membership and new ones constantly applying. I believe the DRII has seen a similar pattern. Professional certification is essential to the development of the quality of BCM practitioners and on a combined basis the BCI and DRII represent probably over 90% of BCM practitioners worldwide. Quality, consistency and standards between different countries, regions and cultures are difficult to achieve but essential if we are to deal effectively with global threats.

COPENHAVER: DRI International has a geographic coverage similar in scope to that of the BCI, and I completely agree with Lyndon that global coverage without a strong emphasis on quality and consistency of available training and of the certification credential itself is not enough. The emphasis paid to BCM by many countries may not rival the focus that has been generated in North America and the U.K., but we, as providers of certification, should endeavor to make certain that the beginnings of BCM capability in other parts of the world are founded on the best and strongest foundation available anywhere.

: Do you see a conflict between traditional BCM and current Risk Management ideas ?

BIRD: Synergistic disciplines like Risk Management, Emergency Planning and Crisis Management need to move into a closer relationship with BCM. BCM can be seen as an umbrella for parts of the related disciplines but will never replace them. The idea of a common philosophy for various business protection disciplines is an ongoing challenge for all of us. Some people argue that BCM is a solution for Risk Management issues, others argue the reverse that Risk Management is simply part of the BCM life-cycle. Frankly, I don't care very much about such discussions, we need to work together, not argue about semantics.

COPENHAVER: There are differing views on definitions of the terms “business continuity management” and “risk management,” and we have no real industry standards with which to broker an agreement between the key stakeholder camps. We at DRII have spoken with the BCI about collaboration to help establish certain fundamental pieces of an industry standard, such as a true BCM dictionary or glossary so that we can more effectively communicate; this discussion is moving forward, and we hope that we can collaborate on such an initiative in the very near future. Arguing about semantics at this point would seem like an argument between shipmates on the Titanic as it sank concerning how big the iceberg actually was – we have more pressing concerns to address, and we do not have an unlimited time within which to address them!

: How would you describe Business Continuity as opposed to the more traditional Disaster Recovery?

BIRD: Across the developed industrial world, business pressures are changing the way major companies and governments view Business Continuity. The concept of the “Connected Business” has taken hold. Email, once nice to have, is now a strategic essential for many organisations. The CIO of one of world's largest telecommunication companies told me recently their whole business method of working was predicated upon everyone using email for all communications and that all emails would be received within 1 minute of sending. They are the world’s 3rd largest user of email, so the effect on their entire business of a service interruption is almost instantaneous. No longer can the term Business Continuity be treated as interchangeable with Disaster Recovery. No longer can we concentrate our efforts on financial loss alone. In many modern corporations, operational chaos can result in minutes of a key process being interrupted.

COPENHAVER: The term ”Disaster Recovery” has come to be associated more with recovery of technology, such as IT and network functionality. “Business Continuity” is typically considered to be the broader concept involving the protection and recovery of a company’s key functions and processes, including technology. Once again, however, this industry must take the time to inventory its terminology and agree upon a uniform glossary of terms – if we have trouble communicating with each other, how will we ever adequately convey our message to the ultimate end users of our product, the senior executives that make strategic decisions about corporate direction?

: What is driving this rapid growth and change of emphasis in BCM?

COPENHAVER: The answer to that question lies in the events of the past few years. Terrorism, cyberattacks and corporate scandal have helped to change the perception of risk held by most senior executives; their world is now much more dangerous than before, and a misstep in this new environment can topple even a huge corporation. This is a time when executives need more than ever to make informed decisions about the protection and preservation of the assets of their business.

BIRD: Many drivers behind the growth in BCM are coming from regulatory, insurance and audit pressures. However there are other factors emerging – not least the need that smaller companies down the supply chain often have to demonstrate BCM compliance to their large customers.

: How do you see the future for BCM?

BIRD: In Europe, BCM is now being seen as more about community resilience, rather than just a single entity. Large-scale incidents can affect your customers, suppliers, competitors and the general population all at the same time. Small-scale plans for localised small incidents are no longer sufficient.

When national (or even global) infrastructure is threatened (e.g. financial world after 9/11), major natural disasters occur, power outages as we have recently seen cripple wide areas - then BCM is everyone's problem from the government down to individuals. Corporations are only players in a bigger game.

COPENHAVER: Absolutely! And just remember – the BCM industry must have a significant role in helping to define the rules of this bigger game, and helping our “customers" to play it!

About the Chairmen

Lyndon Bird, FBCI, MSc, BSc (Hons)
Chairman, Business Continuity Institute

Lyndon Bird has an Honours Degree in Chemistry and a Masters Degree in Business Management. He is a Fellow of the Business Continuity Institute (FBCI) and currently Institute Chairman. He has previously served as Chair of the Education Committee and as a Member of the Audit and Executive Committees.

After a business career in the UK, the Netherlands and Belgium, Lyndon was one of the founding members of Continuity Planning Associates BV in 1986. Since its inception, CPA has been actively involved in consultancy, education, software and project management in all areas of Business Continuity Management.

He designs and presents regular BCM workshops, which meet BCI/DRII standards. He wrote the chapter on “Software Tools and Methodologies” in the Definitive Handbook of Business Continuity published by John Wiley. He has had many articles published on various BCM and Risk Analysis topics, being featured in all of the main industry magazines.

He has chaired and spoken at numerous international BCM conferences. He was voted "Business Continuity Consultant of The Year" at the Corporate Insurance and Risk Magazine Awards in May 2002.

John B. Copenhaver, CBCP
Chairman and CEO of Disaster Recovery Institute International, Inc.

John is Senior Vice President of Marsh Risk Consulting. He graduated with a Bachelor of Science from Brown University and later earned a JD from the University of Georgia Law School.

In 1997 John was appointed by President Clinton to head the largest regional office for the Federal Emergency Management Agency (FEMA). While serving as Region IV Director, John directed the Federal government response to 58 Presidentially-declared disasters.

Other positions include Chairman and CEO, Contingency Management Group, Chairman of the Atlanta Federal Executive Board, Senior Advisor to IBM International Crisis Response Team, and Director of Business Continuity Services for BellSouth Business Systems.

For the two organizations' websites:

Business Continuity Institute, www.thebci.org

Disaster Recovery Institute International, www.drii.org