• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar
  • Skip to footer

Before Header

About Us | Articles | Free Resources | Podcast | YouTube Channel

Contact Us Subscribe

Bryghtpath

Business Continuity and Crisis Management Consultants

  • Start
        • Start your Resilience Journey

          Moving your organization – or your career – forward on your resilience journey can be a difficult and scary proposition.  Often, we find that prospective clients aren’t quite sure where to start.

          To help you along your journey, we’ve outlined below four curated collections geared towards momentum-building action and advice perfectly paired with your organization’s current stage of resilience.

        • I want to learn more about Resilience

        • We’re just getting started with our resilience program

        • We’re seeking to optimize & mature our resilience program

        • I’m a Resilience Professional seeking to further develop my skills

  • Company
        • About Bryghtpath

        • Our Core Values

        • Meet our Team

        • About Bryghtpath
          • Case Studies & Results
          • Certifications and Awards
          • Contact Bryghtpath
          • Contract Vehicles
          • Media & Professional Appearances
          • Our Clients
          • Our Proven Process
          • Security & Compliance
          • Strategic Partners
          • Work with Us
  • Capabilities
        • Our Capabilities
        • We help your organization strategically navigate uncertainty and disruption.

        • Case Studies & Results

        • Business Continuity as a Service

        • Business Continuity
          • Business Continuity - Overview
          • Business Continuity as a Service (BCaaS)
          • Business Continuity Software
          • Coaching
          • IT Disaster Recovery
          • Resiliency Diagnosis®️
        • Crisis Management
          • Crisis Management - Overview
          • Crisis Communications
          • Crisis Exercises
          • Cyber Crisis Exercises
          • Cyber Incident Response Planning
          • Crisis Playbook®️
          • Global Security Operations Center (GSOC)
          • Resiliency Diagnosis®️
        • Other Capabilities
          • Intelligence & Global Security Consulting
          • Speaking
          • Training
  • Courses & Training
        • Courses & Training

          We’ve created a number of free and premium courses that have helped thousands improve their skills, build more resilient organizations, and lead through organizations through difficult critical moments successfully.

        • Coaching
          • 1-on-1 Coaching Call
          • Private Backchannel
          • Private Coaching Program
        • Free Intro Courses
          • Overview
          • Business Continuity 101
          • Crisis Communications 101
          • Crisis Management 101
        • Premium Courses
          • Overview
          • Custom Training
          • 5-Day Business Continuity Accelerator
          • Communicating in the Critical Moment
          • Crisis Management Academy®️
          • Preparing for Careers in Resilience
  • Expertise
        • Our Expertise
        • Here at Bryghtpath, in our core values, we state that we are humbly confident in our resiliency expertise.

          We write, publish, speak, and train others constantly – striving to share our thought leadership publicly to advance our industry and exercise our curiosity by interacting with other leaders in our practice domains.

        • Ultimate Guide to Business Continuity

        • Ultimate Guide to Crisis Management

        • Case Studies & Results

        • Free Resources & Frameworks
          • Overview - Free Resources
          • Bryghtpath Frameworks
            • Bryghtpath Business Continuity Lifecycle
            • Bryghtpath Crisis Management Framework
            • Bryghtpath Exercise Maturity Model
            • Bryghtpath Global Security Framework
            • Bryghtpath Long-Term Recovery Framework
            • Bryghtpath Professional Reading List
            • Bryghtpath Workplace Violence & Threat Management Toolkit
          • Resiliency Professionals Facebook Group
          • Resource Library
          • Webinars & Videos
          • Whitepapers & Reports
        • Our Thoughts & Insights
          • Articles
          • Lead Through Disruption. Stay Ahead with Bryghtpath.
          • Managing Uncertainty Podcast
          • Media & Professional Appearances
          • YouTube Channel
        • Whitepapers & Reports
          • Global Security Operations Centers & Resilience
          • Managing the Whole Crisis: The Ransomware Challenge
          • Mastering Uncertainty: Strengthening Organizational Resilience
          • Social Activism Campaigns
          • The Resilience Roadmap: 250 Ways to Fortify your Business against Disruption
  • Industries
        • Our Industry Expertise

          Bryghtpath has extensive experience in a number of industries working with clients of all sizes, geographical locations, and business models. As a team, we possess, deep global operating experience on every continent around the world.

        • Industries Overview

        • Case Studies

        • Start your Journey

        • Education

          Education Icon
        • Finance

          Financial Services 800x800
        • Government

          Government Icon
        • Healthcare

          Healthcare Icon 800x800
        • Hospitality & Leisure

          Hospitality & Leisure Industry Icon 800x800
        • Life Sciences

          Life Sciences 800x800
        • Logistics

          Transportation & Logistics Industry Icon 800x800
        • Manufacturing

          Manufacturing Industry Icon 800x800
        • Non-Profits

          Non-Profit Industry Icon 800x800
        • Retail

          Retail Industry Icon 800x800
        • Tech & Media

          Communications Industry Icon 800x800
        • Utilities

          Power & Utilities Icon
  • Products
        • Our Products

          College Classroom - Mature Teacher
        • Crisis Playbook™️

        • Exercise in a Box™️

        • Exercise in a Day™️

        • Books
          • From Panic to Poise: Crisis Management in the Modern World
          • The Continuity Code: Mastering Business Resilience
        • Crisis Playbook™️
          • Overview
          • Active Shooter Plan
          • Emergency Response Guide
          • Fatality
          • Food/Product Recall
          • Protest
          • Violent Attack
        • Maturity Models
          • Overview
          • ASIS Workplace Violence and Active Assailant
          • FFEIC Maturity Model – Business Continuity
          • ISO 22301 – Business Continuity
          • ISO 22361 – Crisis Management
          • ISO 27031 - IT Disaster Recovery
          • NIST 800-53 Contingency Planning Maturity Model
        • Templates & More
          • After-Action Process & Templates
          • Awareness Collateral
          • Business Continuity Plan Templates
          • Crisis Management Plan Templates
          • Disaster Recovery Plan Templates
          • Job Descriptions
  •  

Mobile Menu

  • Start
  • Company
    • About Bryghtpath
      • Case Studies & Results
      • Certifications and Awards
      • Contact Bryghtpath
      • Contract Vehicles
      • Media & Professional Appearances
      • Our Clients
      • Our Proven Process
      • Security & Compliance
      • Strategic Partners
      • Work with Us
  • Capabilities
    • Our Capabilities
    • Business Continuity
      • Business Continuity – Overview
      • Business Continuity as a Service (BCaaS)
      • Business Continuity Software
      • Coaching
      • IT Disaster Recovery
      • Resiliency Diagnosis®️
    • Crisis Management
      • Crisis Management – Overview
      • Crisis Communications
      • Crisis Exercises
      • Cyber Crisis Exercises
      • Cyber Incident Response Planning
      • Crisis Playbook®️
      • Global Security Operations Center (GSOC)
      • Resiliency Diagnosis®️
    • Other Capabilities
      • Intelligence & Global Security Consulting
      • Speaking
      • Training
  • Courses & Training
    • Coaching
      • 1-on-1 Coaching Call
      • Private Backchannel
      • Private Coaching Program
    • Free Intro Courses
      • Overview
      • Business Continuity 101
      • Crisis Communications 101
      • Crisis Management 101
    • Premium Courses
      • Overview
      • Custom Training
      • 5-Day Business Continuity Accelerator
      • Communicating in the Critical Moment
      • Crisis Management Academy®️
      • Preparing for Careers in Resilience
  • Expertise
    • Our Expertise
    • Our Thoughts & Insights
      • Articles
      • Lead Through Disruption. Stay Ahead with Bryghtpath.
      • Managing Uncertainty Podcast
      • Media & Professional Appearances
      • YouTube Channel
    • Free Resources & Frameworks
      • Overview – Free Resources
      • Bryghtpath Frameworks
        • Bryghtpath Business Continuity Lifecycle
        • Bryghtpath Crisis Management Framework
        • Bryghtpath Exercise Maturity Model
        • Bryghtpath Global Security Framework
        • Bryghtpath Long-Term Recovery Framework
        • Bryghtpath Professional Reading List
        • Bryghtpath Workplace Violence & Threat Management Toolkit
      • Resiliency Professionals Facebook Group
      • Resource Library
      • Webinars & Videos
      • Whitepapers & Reports
    • Whitepapers & Reports
      • Global Security Operations Centers & Resilience
      • Managing the Whole Crisis: The Ransomware Challenge
      • Mastering Uncertainty: Strengthening Organizational Resilience
      • Social Activism Campaigns
      • The Resilience Roadmap: 250 Ways to Fortify your Business against Disruption
  • Industries
  • Products
    • Books
      • From Panic to Poise: Crisis Management in the Modern World
      • The Continuity Code: Mastering Business Resilience
    • Crisis Playbook™️
      • Overview
      • Active Shooter Plan
      • Emergency Response Guide
      • Fatality
      • Food/Product Recall
      • Protest
      • Violent Attack
    • Maturity Models
      • Overview
      • ASIS Workplace Violence and Active Assailant
      • FFEIC Maturity Model – Business Continuity
      • ISO 22301 – Business Continuity
      • ISO 22361 – Crisis Management
      • ISO 27031 – IT Disaster Recovery
      • NIST 800-53 Contingency Planning Maturity Model
    • Templates & More
      • After-Action Process & Templates
      • Awareness Collateral
      • Business Continuity Plan Templates
      • Crisis Management Plan Templates
      • Disaster Recovery Plan Templates
      • Job Descriptions
  •  

Why good Business Continuity Governance is critical to Resilience

You are here: Home / Business Continuity / Why good Business Continuity Governance is critical to Resilience

June 16, 2022 By //  by Bryan Strawser

If you think that having good governance for your business continuity and crisis management program is just an exercise in bureaucratic box-checking, you’re missing the point.

Like most people who come to us with a problem, you might have issues:

  • Getting your executives to care about your business continuity and crisis management program
  • Getting other teams to participate in business continuity activities
  • Getting IT to build the availability and disaster recovery strategies that you need to ensure continuity of operations for business teams

Good governance—i.e. having the right people, policies, and practices to direct and control your business continuity and crisis management program—is the answer to all three of these problems.

Good-Governance Why good Business Continuity Governance is critical to Resilience

Having an effective governance approach for your business continuity and crisis management program can help your program on multiple fronts. It creates opportunities to advance your program with executive and board leaders, facilitates cross-departmental coordination and buy-in, and ensures a forum to have the conversations that are important to improving and maturing your program.

Here’s our best advice on how to make sure your governance approach helps you reach your resilience objectives.

Want to learn more about Business Continuity?

Our Ultimate Guide to Business Continuity contains everything you need to know about business continuity.

You’ll learn what it is, why it’s important to your organization, how to develop a business continuity program, how to establish roles & responsibilities for your program, how to get buy-in from your executives, how to execute your Business Impact Analysis (BIA) and Business Continuity Plans, and how to integrate with your Crisis Management strategy.

We’ll also provide some perspectives on how to get help with your program and where to go to learn more about Business Continuity.

Read our Ultimate Guide to Business Continuity

Key benefits of good business continuity governance

Builds visibility and awareness for your business continuity program

Most people still don’t understand what business continuity and crisis management are, let alone their value to their organization. As a business continuity leader in your organization, you need to be prepared to educate and champion your program to others at every opportunity.

Good business continuity governance is one of the best ways to do this.

Steering committee meetings provide an important forum for you to discuss how your business continuity program aligns with key departmental and company objectives and build buy-in among your stakeholders. Requiring annual or semiannual reporting to your board and executive management is also an effective way to ensure you have the opportunity to regularly champion your program to company leaders.

Helps identify and address gaps in your business continuity program

Steering committee meetings are an important forum for measuring progress and addressing program challenges. With this information in hand, you can then prioritize actions to resolve, mitigate, or accept identified gaps in your program, like recovery capabilities that may still fall short of your requested technology RTOs.

Your business continuity & crisis management steering committee—usually an interdisciplinary team of six to eight people—should meet at least quarterly to ensure your program is aligned to corporate strategy and objectives and is maturing and making forward progress towards annual goals.

Provides a mechanism for accountability

Putting your business continuity program’s performance into operational metrics is a guaranteed way to get business continuity stragglers on board. No one wants to be the department highlighted in red in your business continuity program metrics.

And while I always advocate the carrot over the stick, creating metrics around your program’s performance—and highlighting who is falling short—is a guaranteed way to get their attention.

Ensures compliance with ISO 22301

We highly recommend the International Standards Organization’s standards as a starting framework for your business continuity program and plans ( ISO 22301).  While conforming to ISO standards is completely voluntary,  it’s an important industry benchmark that’s important to most boards,  and compliance frameworks, & investors. And because ISO standards are based on a proven process for program improvement, conforming with ISO 22301 is one way to guarantee that your business continuity and crisis management program improves and matures over time.

While ISO 22301 does not establish a prescriptive governance approach, it does require a process for establishing business continuity objectives, ensuring leadership oversight and accountability, and a framework for measuring and improving upon program objectives.  This implicitly requires that there is some sort of governance process, such as a business continuity steering committee, which sets and monitors these objectives.

With this in mind, every business continuity policy that we create for our clients includes governance and accountability requirements, including roles and responsibilities of the executive sponsor, steering committee, and others in the governance process.

Benefits-of-Good-Governance Why good Business Continuity Governance is critical to Resilience

How to implement effective business continuity governance

1.   Get your policy in place

Creating a business continuity policy that aligns with ISO 22301 standards is an important first step to standing up your governance approach. It will guide you in:

  • Setting a strategic approach for your business continuity and crisis management program,
  • Getting agreement on key definitions and objectives,
  • Establishing key roles and responsibilities, and
  • Defining governance and accountability requirements.

Ideally, this policy should be created at the outset of starting your business continuity program. If you already have a program in place but no policy, it’s never too late to start.

2.   Set clear roles and responsibilities

Your business continuity policy should include clear roles and responsibilities for various aspects of your resilience program.  The board, executive team, executive sponsor, and especially the steering committee, all have key roles to play in ensuring your program’s success.

It’s equally important to make sure that you place the right person in each role. This is especially important for your executive sponsor(s)—your program’s champion(s) within the organization—and your steering committee members.

3.   Build a strong steering committee

The steering committee is the primary governance body for your resilience program. On a practical level, this is where and when things get done.

Your steering committee meetings are the time and place to talk through program challenges, obstacles, and key areas of opportunity to improve resilience.

To make sure you get the most out of your steering committee, your business continuity policy or steering committee charter should include the following:

Roles and Responsibilities—Ideally, your steering committee should include management representatives from select teams across the organization. This includes your business’s main lines of operation and anyone critical to supporting those operations.

Meeting Frequency—We recommend that most steering committees meet at least quarterly, if not monthly, depending on the maturity of your program and the complexity of your organization. As your program matures, you can adjust your meeting frequency as needed.

Meeting Agenda—Every organization is different, but most standing agendas should include:

  • A discussion of program status, including operational metrics and any strategic initiatives or projects important to your IT disaster recovery, crisis management, and business continuity programs
  • Review and discussion of program gap findings from incidents or exercises and plans to close those gaps

Your standing agenda should also make provisions for an annual review of your program structure, framework, and policy.

It’s also a good idea to make sure your policy includes an annual briefing to both your board (or the board risk and audit committee) and your executive management team.

Want to work with us or learn more about Business Continuity Governance?

  • Our proprietary Resiliency Diagnosis process is the perfect way to advance your business continuity & crisis management program. Our thorough standards-based review culminates in a full report, maturity model scoring, and a clear set of recommendations for improvement.
  • Our Business Continuity (including effective Business Continuity Governance) & Crisis Management services help you rapidly grow and mature your program to ensure your organization is prepared for the storms that lie ahead.
  • Our Ultimate Guide to Business Continuity contains everything you need to know about Business Continuity
  • Our free Business Continuity 101 Introductory Course may help you with an introduction to the world of business continuity – and help prepare your organization for your next disruption.
  • Learn about our Free Resources, including articles, a resource library, white papers, reports, free introductory courses, webinars, and more.
  • Set up an initial call with us to chat further about how we might be able to work together.

Category: Business Continuity, Crisis ManagementTag: Business Continuity, business continuity governance, crisis management, Governance, steering committee

About Bryan Strawser

Bryan Strawser is Founder, Principal, and Chief Executive at Bryghtpath LLC, a strategic advisory firm he founded in 2014. He has more than twenty-five years of experience in the areas of, business continuity, disaster recovery, crisis management, enterprise risk, intelligence, and crisis communications.

At Bryghtpath, Bryan leads a team of experts that offer strategic counsel and support to the world’s leading brands, public sector agencies, and nonprofit organizations to strategically navigate uncertainty and disruption.

Learn more about Bryan at this link.

Previous Post: « How to set up a crisis management team in your organization
Next Post: Walking away from a Fortune 30 Company to start from scratch »

Footer

Contact

BRYGHTPATH LLC
+1.612.235.6435

PO Box 131416
Saint Paul, MN 55113
USA


contact@bryghtpath.com

  • Facebook
  • LinkedIn
  • RSS
  • Twitter
  • YouTube

Our Capabilities

  • Business Continuity
    • Business Continuity as a Service (BCaaS)
    • Business Continuity Software
    • Coaching
    • IT Disaster Recovery Consulting Services
    • Resiliency Diagnosis®️
  • Crisis Communications
  • Crisis Management
    • Crisis Exercises
    • Cyber Crisis Exercises
    • Cyber Incident Response Planning
    • Global Security Operations Center (GSOC)
  • Speaking
  • Training

Our Free Courses

Business Continuity 101

Crisis Communications 101

Crisis Management 101

Our Premium Courses

5-Day Business Continuity Accelerator

Communicating in the Critical Moment

Crisis Management Academy®️

Preparing for Careers in Resilience

Our Products

After-Action Templates

Books

Business Continuity Plan Templates

Communications & Awareness Collateral Packages

Crisis Plan Templates

Crisis Playbook®

Disaster Recovery Templates

Exercise in a Box®

Exercise in a Day®

Maturity Models

Ready-Made Crisis Plans

Resilience Job Descriptions

Pre-made Processes & Templates

Site Footer

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Bryghtpath®, Crisis Management Academy®, Crisis Playbook®, Exercise in a Box®, Exercise in a Day®, Resiliency Diagnosis®, Resilience Operating Model™
and their respective logos are registered trademarks of Bryghtpath LLC in the United States and other countries.


About Bryghtpath LLC | Disclaimer | Privacy | Status Page | Terms of Use

Proudly powered by Mai Theme, the Genesis Framework, and Wordpress.