Top 10 Reasons Compliance of Business Continuity Fails

Testing is key to business continuity compliance with ISO 22301

Compliance and business continuity management are closely inter-related – ISO 22301 is just one of many standards. A company’s disaster recovery and business continuity programs would be incomplete without covering compliance risks and without using compliance tools to mitigate risks. On the other hand, compliance management is a critical component of disaster recovery and business continuity. This is recognized by executive management’s ensuring that integrity and regulatory compliance are achieved – alongside strategic, operations and reporting objectives as the key pillars of a corporate DP / BC program.

Testing Options

Looking at compliance as an integral part of DR /BC, and at disaster recovery and business continuity as an integral part of compliance, helps companies to address a number of things they tend to do wrong in compliance. Here are ten areas where compliance often goes wrong:

  • Not focusing on what matters most
  • Not having sufficient C-Level executive direction
  • Not integrating compliance into the company’s Disaster Recovery and Business Continuity program and business operations
  • Not providing a sufficient degree of independence
  • Not seeking independent validation of compliance of disaster recovery and business continuity effectiveness
  • Treating disaster recovery and business continuity compliance and as a box-ticking exercise
  • Not planning for or testing for all contingencies
  • Not providing sufficient training or materials for staffing
  • Not allocating sufficient budget to keep plans current
  • Picking a compliance standard that is not mature

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.