ABSTRACT
In the opening chapter we presented our view of the evolution of BCM. In the first edition of this book we had suggested that a value-based approach to BCM, concerned less with compliance or technology failure and more with the needs of the business itself, would emerge. We may have been optimistic and there is evidence that the audit-based approach has been remarkably persistent (Krell, 2006; Elliott and Johnson, 2008b). We recognise that audit may play an important role in raising the profile of processes such as BCM but have a concern that compliance rather than effective BC becomes the focus. In Chapter 1 we introduced the notion of BCM as a capability, reflecting the development of a resource-based view of competitive advantage. Strategic capability is related to the competences with which activities are undertaken, resources are available to an organisation and the overall balance of resources, units and activities and how these are managed. The objective of a BCM capability is to provide effective prevention and recovery for the organisation, while maintaining competitive advantage and value system integrity. Running throughout this book, however, is the view that BC concerns more than information systems security; although the ubiquity of information systems and our dependence upon it has often made this a focus for continuity efforts. The typology of crisis introduced in Chapter 4 provided some insight into the potential range of interruptions and we have also argued that plans may suit more than one trigger or type of interruption. For example, Mellish (2000) described how Sainsbury’s activated their plans for dealing with the socalled millennium bug when faced with a fuel crisis that was caused by a blockade of UK oil refineries. More recently many organisations have reported the value of BC plans when faced with the potential threat of a pandemic (Elliott and Johnson, 2008b). Similarly, many companies, among them Deutsche Bank New York, Salomon Smith Barney and Morgan Stanley in New York City, were able to benefit from continuity preparedness on that fateful morning of 9/11 (Risk Management, 2002).
