BCI CBCI - Certificate of the Business Continuity Institute (CBCI)

In GPG 7.0, Embracing Business Continuity (PP2) is about embedding BC into the organization—moving away from “mandating and enforcing compliance” and instead shaping behaviours, ownership, and understanding so BC becomes part of “how we do things here.” When people genuinely embrace BC, the BCMS is more likely to be implemented in a way that fits the organization’s real operating context, language, and norms. That naturally leads to a BC programme that is bespoke to the organization and its culture (option A) rather than a generic, copied framework.

The other options describe outcomes that may happen in some cases but are not reliable or primary indicators of embracing BC. Strong financial performance (B) is not a direct or guaranteed outcome; BC investments can be cost-neutral or even reduced when smartly targeted. Staff turnover reductions from rewards (C) is speculative and depends on HR policy, not BC culture alone. Reduced need for support from external customers/partners (D) misunderstands continuity: embracing BC typically increases structured engagement with key stakeholders, not removes it.

Strategy determination is a collaborative process where the Business Continuity professional works directly with owners of priority products, services, activities, or processes to develop detailed specifications for solutions that meet continuity requirements. The CBCI 7.0 course highlights this partnership as essential to ensure strategies are practical, aligned with operational realities, and capable of achieving recovery objectives. While designing high-level strategies and managing communication are important, hands-on collaboration with operational owners facilitates realistic, implementable solutions. This approach increases ownership, ensures accuracy, and fosters smoother implementation.

In CBCI / BCI Good Practice Guidelines (GPG) Edition 7.0, Embracing Business Continuity (PP2) is centred on strengthening business continuity culture by building genuine understanding and commitment across the organization—not just “policy compliance.” A practical starting point is learning how the organization thinks and behaves: its purpose, priorities, values, and the way it communicates internally and externally. Mission statements and annual reports typically explain organizational purpose, strategic intent, and leadership messaging; newsletters and corporate social media often reveal behaviours, tone, informal norms, and what the organization chooses to celebrate or emphasise. This helps the BC professional understand the “mindset of an organization” and where the BC culture currently sits, which is necessary before influencing and improving it.

This aligns with the GPG/ISO view of organizational culture as the shared values, attitudes, and behaviours shaping the social and psychological environment in which the organization operates.

Personnel embracing Business Continuity fosters a culture that supports the design and implementation of a BCMS tailored to the organization’s unique culture, risks, and operational realities. The CBCI 7.0 course underscores that when personnel actively engage with continuity practices, the BCMS reflects actual organizational needs, leading to practical, accepted, and effective continuity programs. Commitment does not reduce the necessity for regular updates or validation; instead, it enhances the quality and relevance of those processes. While public confidence may improve indirectly, the key outcome is the fit-for-purpose nature of the BCMS driven by engaged personnel.

The CBCI 7.0 course explains that an Activity Business Impact Analysis (BIA) provides detailed identification of dependencies necessary to deliver prioritized products and services. This includes internal dependencies such as departments and resources, and external dependencies such as suppliers and partners. Mapping these dependencies is crucial to understanding potential vulnerabilities and planning continuity solutions that address both internal process interrelations and supply chain considerations. The Product and Services BIA focuses more on outcomes and impacts, while risk assessments identify threats but do not detail operational dependencies. Initial assessments are broader and less detailed.

During an incident, immediate people-related requirements prioritize life safety, welfare, and accountability. In BC response structures, People/HR (often called People & Culture) typically focuses first on confirming who is affected, ensuring personnel are safe, supporting access to medical/physical care, and establishing reliable communications with staff and (where appropriate) family members. These actions reduce harm and enable leadership to make accurate decisions about escalation and support. This aligns with crisis/incident management good practice where “accounting for people” and welfare support are immediate priorities before broader recovery work is initiated. (ready.gov)

Option C—assigning recovery responsibilities to staff away from the site—is important for recovery enablement, but it is not an immediate care/wellbeing requirement. It belongs more to operational recovery coordination and plan activation once the immediate safety picture is understood. Options A, B, and D are directly tied to immediate welfare: confirm personnel status, contact and support staff/families, and enable access to care. Therefore, C is the correct “NOT immediate requirement” for the People and Culture Management team when the focus is specifically care and wellbeing.

Embedding Business Continuity into induction and setting objectives for personnel clearly indicates a mature Business Continuity culture. The CBCI 7.0 course details that a strong culture is characterized by widespread awareness, commitment, and integration of Business Continuity principles into everyday activities. Including continuity in induction familiarizes new staff with the organization's resilience expectations, while individual objectives reinforce personal accountability. This cultural embedding supports sustainable continuity practices and improves the likelihood of effective responses during disruptions. It reflects a proactive organizational mindset rather than isolated activities or roles.

A response structure must work under pressure, with clear leadership, decision rights, and coordination across incident management, crisis management, and recovery teams. In PP5 (Enabling Solutions), organizations embed agreed solutions by establishing response arrangements and plans that can actually be executed during disruption; that requires putting competent individuals into key leadership roles so decisions are timely, coordinated, and aligned to priorities.

Option B is therefore the correct inclusion in the process: ensure appropriate and competent individuals are assigned to leadership roles. Competence matters because leadership roles require situational assessment, escalation, communications, and resource prioritization—not just job titles.

Option A can be useful for specific dependencies (e.g., supplier coordination) but it is not a core requirement for designing the internal response structure. Option C is overly rigid: the response structure should integrate with existing management and operational structures where practical, rather than forcing wholesale reorganization. Option D (performance management) is not a prerequisite design step for response structures; it may support broader governance, but effective response depends first on clear roles, authority, and capable leadership.

In CBCI 7.0, PP3 – Analysis introduces the BIA as a core technique used to estimate impacts over time and determine recovery priorities and resource requirements. Because BIA must be repeatable and comparable across the organization, it requires strong coordination, clear methodology, and consistent language. The BCI’s PP3 overview notes a key emphasis on making BIA practical and ensuring consistent language and messaging, with clearly defined stakeholder roles and responsibilities.

That coordination responsibility sits with the Business Continuity Professional (or BCMS lead) who prepares the approach, plans the work, manages stakeholders, delivers facilitation and consolidation, and ensures consistent application of definitions (e.g., products/services, prioritised activities, MTPD/RTO) and outputs for decision-making.

An Activity Owner typically provides the subject-matter detail for their activity (dependencies, impacts, minimum resources) but does not usually design or manage the enterprise-wide BIA process. A Risk Assessment Professional may support risk analysis, but BIA is distinct and focuses on impact/priority and continuity requirements. Top management sponsors, sets direction, and approves outcomes, but does not normally run the end-to-end BIA production process.