Getty Images
Business continuity roles and responsibilities
Business continuity is a vital part of an organization's recovery strategy. Make sure that these BC roles and responsibilities are accounted for when crisis strikes.
Roles and titles surrounding business continuity differ greatly among organizations. Regardless of team size, the responsibility of those involved remains the same: Return business operations to normal levels as soon as possible.
Several factors determine who performs business continuity at a given organization. Some businesses have the budget, resources and personnel for a dedicated BC team, while others rely on IT team members to perform these functions. Regardless of team size, there are five areas that business continuity personnel are responsible for: team leadership, plan management, risk management, technology disaster recovery, and incident and crisis management.
While this tip primarily addresses organizations with dedicated business continuity personnel, much of the structuring and guidance can be used by IT or other departments that perform these duties. This article will list typical business continuity roles and responsibilities, as well as provide advice for creating a business continuity team.
Department organization
Business continuity departments can be modeled after typical corporate structures. Team members include a leader, a deputy leader, heads of various functions, staff working for function heads, administrative support, and employees with specialist skills and expertise.
The chart below depicts the major tasks for which business continuity personnel are responsible.
In very large enterprises, each of the responsibilities in this chart might have multiple players addressing the issue. By contrast, small and medium-sized organizations are more likely to have a one- to three-person staff addressing BC, where each member performs many different functions.
Business continuity roles and responsibilities
Business continuity is a critical task, with many aspects that teams must manage. The following list briefly explains the major responsibilities of BC teams.
Business continuity lead and deputy
These individuals are responsible for overseeing business continuity activities and coordinating disaster recovery activities with the IT department. They perform staffing interviews and approvals, work with senior leadership and key stakeholders, and provide support to other department functions as needed.
Plan management
Personnel in these roles are responsible for all activities associated with BC planning, including plan creation, testing, updating and execution. They facilitate plan exercises and updates, and guide training activities for all employees, including disseminating information about upcoming exercises. Plan management personnel are also responsible for preparing postexercise reports that will be given to upper management. Depending on the organization's size and industry, regulatory compliance and supply chain considerations might also factor into the responsibilities of the planning staff.
Risk management
Personnel involved in risk management are responsible for the preparation, organization and facilitation of risk assessments and business impact analyses. These assessments inform upper management of the risks an organization faces and the material effects of those risks. These individuals interview employees on risk metrics, create reports on assessment findings, prepare recommendations for addressing business operations based on findings and present briefings to senior management as needed.
Technology disaster recovery
Business continuity and disaster recovery (BCDR) are deeply intertwined concepts, so there is likely overlap between the teams working on these processes. From a technology angle, maintaining business continuity requires a strong disaster recovery infrastructure to remedy tech issues and bring critical systems back online. A liaison between business continuity staff and the IT department keeps BC teams up to date with tech-based elements of a BCDR plan, such as recovery sites and data backups. Personnel in this area might also weigh in on technology decisions, such as the selection, testing and deployment of BC software or the use of cloud-based services.
Incident and crisis management
Business continuity is about recovering and maintaining normal operations in a crisis, so incident management is key. Incident management personnel are responsible for developing and exercising incident response plans, coordinating event assessment, and recommending initial response activities. These personnel help determine when an incident has escalated to where the organization must activate BCDR plans.
Ensuring that the right people are in the right roles
Finding personnel experienced in business continuity is a challenge. While a talent pool exists, finding a candidate with the specific skill set and commensurate experience can be difficult.
Traditional executive search agencies might not have the BCDR knowledge and contacts to identify and qualify suitable candidates, but internet-based search engines like Indeed can be useful. Search firm BC Management specializes in the placement of BCDR professionals and provides guidance in BCDR staffing.
Ideally, all senior-level and subject matter expert employees should possess at least one recognized professional credential from organizations like DRI International and the Business Continuity Institute. Professional certificates from accredited colleges and universities can also demonstrate that the necessary skills are present.
Senior leaders are responsible for defining the department charter, establishing how it operates and interfaces with other parts of the company. They are typically involved in the candidate evaluation and selection process, in coordination with human resources. Vetting the senior candidates and monitoring their performance on the job are important responsibilities for department leads.
Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.
