Wednesday, January 25, 2012


Certifiers as teachers?


The other day a fellow commented on a LinkedIn group thread titled "Why has BCM not opened its doors to mental health?" that he believes "BC practitioner training (should) include a `health` component. I don`t see the BCI doing this any time soon , which is why I left in 2010 !"

So the question: Should a certifying company - The BCI, DRII - teach every aspect of business continuity?

Over the years I have created risk lists, and while all lists include HR issues, none specifically list "mental health."

When I create a risk management plan, I include employee mental health, but not usually in conjunction with a mentally traumatic event - say someone "going postal" or loss of job. My concerns typically are for personnel having to work at alternate sites.

Perhaps I have been remiss.

But that doesn't address the question: "Should a certifying company - The BCI, DRII - teach every aspect of business continuity?"

Actually, perhaps the question ought to be: "Should the certifying business teach anything other than the basic process?"

What, after all, is the function of such a business - and let's be honest, unless the certifying body is giving away certification based on XYZ qualifications, it is a business and the business is selling certification and prep courses to pass qualifying examinations.

From what I know about the prep courses, the material is (a) generic and (b) heavy on buzz words, phrases, and alphabet soup - all great for intra-planner chat, but useless when trying to sell risk management or business continuity to a non-practitioner.

Should the certifiers list all the possible threats?

I don't think that's possible. The list would go on and on and . . .

Human Resources (HR) - a/k/a Personnel - would have a lengthy list all by itself.

I confess that although I have on a number of occasions written about mental trauma I can't write that I make it a specific item on my threat list; maybe I will.

But I don't think it's the job of a certifying company to "teach" any specifics.

Risk management and business continuity (the difference is the scope) requires practitioners who THINK, preferably "outside the box." It also requires that practitioners be willing to share their plans with their peers for comment. My philosophy is that no plan should be created in a vacuum; planning in a vacuum guarantees failure when the plan is most needed.

There is another reason why I don't think certifying companies should teach specifics - a threat list opens the door to the temptation to "check the boxes." That's the failure of most software packages; pseudo-practitioners "assume" that everything is covered by the check list or application and, like kids armed with calculators, the "planner" becomes dependent on external resources and lets the brain atrophy.

The poster left The BCI because he felt it should teach business continuity specifics.

That never should have been the reason to buy certification in the first place.

If I wrote it, you may quote it.

Longer articles at

No comments: