Rip off the Bandaid..Assess Your BCM Compliance Today not Tomorrow

Ripping off a band aid is painful but its temporary in nature.  Assessing your BCM compliance is a lot like ripping off a band aid; you deal with the initial pain of finding out where your gaps and exposures exist but then experience the healing aspect of generating a roadmap for remediation that brings about a heightened level of compliance and resiliency that significantly outweighs the temporary pain of the assessment.

 So, why are some reasons planners aren’t assessing and scoring their BCM compliance?

  •  Fear of the Unknown
  •   My Program is Already Bad, Why Bother?
  •   What Standard Should We Use that Makes Sense for Us?
  •    How Do I Present the Results?
  •    What Do I Do With the Results

The need to assess BCM compliance and generate metrics that depict your current and future state is coming to the forefront of our senior management and industry.   We must effectively and efficiently balance risks and exposures in our programs by knowing where we stand today and where we need to be over time.

Assessing your BCM compliance permits you to identify critical exposures, that if prioritized for mitigation, will bring about the greatest improvement in compliance and resiliency while permitting you to hold off resolving other exposures off that are a nice to have that we can get to later in the lifecycle of the program.

A very simple approach is as follows:

1.     Pick one standard (ISO 22301, FFIEC, BCI Good Practices, etc.) that best suits your needs.

2.     Review the standard and its requirements for each dimension (Oversight, Crisis Management, Business Recovery, etc.)

3.     Separate out each dimension and its associated requirements.

4.     Weight each requirement based on its importance (high, medium, low) to the successful execution of the program.

5.     Score your compliance on each requirement (no compliance, minimal, full).

6.     Multiply the importance times score the compliance score.

7.     Rank your compliance score (0 to 60 poor, 61 to 80 Moderate, 81 to 100 Excellent).

Once you have ranked each dimension, present the results to management for review and prioritization and remediation of the exposures.

You get a physical on a regular basis why wouldn’t you do a regular health check on your program?  Why do so many programs run without direction year after year?

So, I challenge you, rip off the band aid; pick a standard and assess your BCM compliance.  The time is now…not tomorrow.

If you want to see how we have automated the BCM compliance assessment process, visit our BCMMETRICS self assessment tool website at

Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog