Professional Practices

Professional Practices for Business Continuity Practitioners

Business Continuity Management (BCM) is a management process that identifies risk, threats and vulnerabilities that could impact an entity's continued operations and provides a framework for building organizational resilience and the capability for an effective response.

The objective of Business Continuity Management is to make the entity more resilient to potential threats and allow the entity to resume or continue operations under adverse or abnormal conditions. This is accomplished by the introduction of appropriate resilience strategies to reduce the likelihood and impact of a threat and the development of plans to respond and recover from threats that cannot be controlled or mitigated.

The Professional Practices are a body of knowledge designed to assist the entity in the development and implementation of a BCM program. Use of the Professional Practice framework can increase the likelihood that no significant gaps will be present in your program as well as increase the likelihood that the various parts of the program will work cohesively in an actual event. These Professional Practices are intended to serve as both a guide for BCM Program development, implementation and maintenance and as a tool for conducting audits of an existing program. Using the Professional Practices to audit a program can identify program gaps or deficiencies so they may be corrected before an event occurs

The Professional Practices have been developed and maintained by experienced Business Continuity professionals to provide a consistent framework for the industry, to assist others who wish to enter this field with the body of knowledge to develop the skills needed and to assist organizations in benchmarking their program against accepted and proven practices.

The sections within these practices are not presented in any particular order of importance, as it may be necessary to undertake or implement sections in parallel during the development of the BCM Program.


To access the DRI Professional Practices, please login to your profile, scroll down to Resources and click on the file entitled "File Archive."
You can download the all 10 professional practices in one PDF that make them easier to read and use as a reference.

DRI 2017 Professional Practice Subject Area Overview

1. Program Initiation and Management
  • Establish the need for a business continuity program.
  • Obtain support and funding for the business continuity program.
  • Build the organizational framework to support the business continuity program.
  • Introduce key concepts, such as program management, risk awareness, identification of critical functions/processes, recovery strategies, training and awareness, and exercising/testing.
2. Risk Assessment
  • Identify risks that can adversely affect an entity’s resources or image.
  • Assess risks to determine the potential impacts to the entity, enabling the entity to determine the most effective use of resources to reduce these potential impacts.
3. Business Impact Analysis
  • Identify and prioritize the entity’s functions and processes in order to ascertain which ones will have the greatest impact should they not be available.
  • Assess the resources required to support the business impact analysis process.
  • Analyze the findings to ascertain any gaps between the entity’s requirements and its ability to deliver those requirements.
4. Business Continuity Strategies
  • Select cost-effective strategies to reduce deficiencies as identified during the risk assessment and business impact analysis processes.
5. Incident Response
  • Develop and assist with the implementation of an incident management system that defines organizational roles, lines of authority and succession of authority.
  • Define requirements to develop and implement the entity’s incident response plan.
  • Ensure that incident response is coordinated with outside organizations in a timely and effective manner when appropriate.
6. Plan Development and Implementation
  • Document plans to be used during an incident that will enable the entity to continue to function.
7. Awareness and Training Programs
  • Establish and maintain training and awareness programs that result in personnel being able to respond to incidents in a calm and efficient manner.
8. Business Continuity Plan Exercise, Assessment, and Maintenance
  • Establish an exercise, assessment and maintenance program to maintain a state of readiness.
9. Crisis Communications
  • Provide a framework for developing a crisis communications plan.
  • Ensure that the crisis communications plan will provide for timely, effective communication with internal and external parties.
10. Coordination with External Agencies
  • Establish policies and procedures to coordinate incident response activities with public entities.