Professional Practices

Professional Practices for Business Continuity Practitioners

Business Continuity Management (BCM) is a management process that identifies risk, threats and vulnerabilities that could impact an entity's continued operations and provides a framework for building organizational resilience and the capability for an effective response.

The objective of Business Continuity Management is to make the entity more resilient to potential threats and allow the entity to resume or continue operations under adverse or abnormal conditions. This is accomplished by the introduction of appropriate resilience strategies to reduce the likelihood and impact of a threat and the development of plans to respond and recover from threats that cannot be controlled or mitigated.

The Professional Practices are a body of knowledge designed to assist the entity in the development and implementation of a BCM program. Use of the Professional Practice framework can increase the likelihood that no significant gaps will be present in your program as well as increase the likelihood that the various parts of the program will work cohesively in an actual event. These Professional Practices are intended to serve as both a guide for BCM Program development, implementation and maintenance and as a tool for conducting audits of an existing program. Using the Professional Practices to audit a program can identify program gaps or deficiencies so they may be corrected before an event occurs

The Professional Practices have been developed and maintained by experienced Business Continuity professionals to provide a consistent framework for the industry, to assist others who wish to enter this field with the body of knowledge to develop the skills needed and to assist organizations in benchmarking their program against accepted and proven practices.

The sections within these practices are not presented in any particular order of importance, as it may be necessary to undertake or implement sections in parallel during the development of the BCM Program.


To access the DRI Professional Practices, please login to your profile, click on the Resources tab and "Knowledge Garden."
You can download the all 10 professional practices in one PDF that make them easier to read and use as a reference.

DRI 2023 Professional Practice Subject Area Overview

1. Progam Management
  • Establish the need for a business continuity program.
  • Introduce key concepts, such as program management, risk awareness, impact to critical functions/processes, recovery strategies, training and awareness, and exercising/testing.
2. Risk Assessment
  • Identify risks that could impact an entity’s resources, processes or reputation.
  • Assess risks to determine the potential impacts to the entity, enabling the entity to determine the most effective means to reduce them.

3. Business Impact Analysis

  • Identify and prioritize all of the entity’s functions, processes, and dependencies in order to determine the greatest impact upon the entity should the functions not be available. This analysis should be retained and available to assist the entity in understanding incidents and/or the resulting consequences. Quantify the impact to the entity, its services, and the affected parties.
  • Analyze, document, and communicate the findings to highlight all gaps between the entity’s requirements and its current capabilities.

4. Business Continuity Strategies

  • Select strategies to reduce gaps as identified during the risk assessment and business impact analysis.
  • Identify the major functions of the entity, including potential third-party service providers, with the support of the responsible party for the business impact analysis.

5. Incident Preparedness and Response

  • Understand the types of incidents that could threaten life, property, operations, or the environment and their potential impacts.
  • Establish and maintain capabilities to protect life, property, operations, and the environment from potential incidents through the implementation of an incident management system to command, control, and coordinate response, continuity, and recovery activities with internal and external resources.

6. Plan Development and Implementation

  • Document plans to be used during an incident that will enable the entity to continue to function.
  • Define the exercise/testing criteria to validate that the plans will accomplish the desired goal.

7. Awareness and Training Programs

  • Establish and maintain training and awareness programs that result in personnel being able to respond to disruptive incidents in a calm and efficient manner.

8. Business Continuity Plan Exercise/Test, Assessment, and Maintenance

  • Establish a business continuity plan exercise/test, assessment and maintenance program to maintain a state of readiness of the entity.

9. Crisis Communications

  • Create and maintain a crisis communications plan.
  • Ensure that the crisis communications plan will provide for timely, effective communication with internal and external parties.

10. Coordination with External Agencies and Resources

  • Establish policies and procedures to coordinate response activities with applicable public entities and private resources in accordance with Professional Practice Five: Incident Preparedness and Response.