Q. We are a medium sized business and as such my team is having a hard time showing a cost-benefit to have our business continuity plan certified to a standard as recommended by Public Law 110-53. We are not a heavily regulated industry and to follow one of the recommended standards and go through the certification process seems like overkill. Can you give some examples of benefits to becoming certified?
A. The United States Congress made it quite clear that the program is to be voluntary and what it refers to as "market based." Simply put, there are no clear cut financial incentives on the front end to have a company's plans certified. However, as the concept of Enterprise Risk Management takes hold in the private sector, many believe market forces will virtually mandate certification due to pressures from Boards of Directors, the financial rating agencies, the plaintiff's bar and individual investors. Furthermore, simply going through the certification process will enhance overall business resiliency, thereby allowing an organization to recover more quickly after the inevitable crisis is past.
Answer provided by Don L. Hubbard, Security Executive Council Emeritus Faculty.