Home » Business Continuity » Preparedness

How to Evaluate BC/DR Consultants

Five questions to help weed out the posers from the real deal. Plus: a checklist of topics a BC/DR consultant should know.

By Stacy Collett

Page 3

Consultants should first conduct a threat assessment and then put a plan together. "It's a huge, in-depth process" that needs regular reviewing and updating, Balaouras adds.

3. Are the consultants certified in business continuity planning?
Certification ensures that business continuity consultants are well-versed in all aspects of BC/DR planning. At Siemens, certification is preferred, not required, "but I would recommend it to anyone," Hoppenjans says.

Nationally there are about 4,500 certified business continuity consultants, according to DRI International, a nonprofit business continuity certification group based in Washington, D.C. "Most of the major consulting firms have [certified BC consultants], as well as about 14 percent of independent BC consultants," says Al Berman, executive director.

A survey by BC Management, a business continuity executive search firm in Huntington Beach, Calif., showed that 75 percent of the respondents were certified, while 25 percent were not. Business continuity certification bodies include BCI, DRII, BRCCI, the University of Virginia and Strohl Systems. Specialized certifications are available for emergency management, risk management, audit, security and technology. DRI International offers certification specifically for business continuity consultants and vendors to ensure that practitioners understand professional practices.

Each subject area includes the professional's role within the area and an outline of recommended knowledge within the subject area. The 10 subject areas cover topics such as risk evaluation and control, business impact analysis, emergency response and operations, awareness programs, training, crisis communication and coordinating with external agencies.

Ask if the consultants you'll be working with are certified in business continuity planning.

4. Are they willing and able to prioritize?
You can save a lot of money by evaluating your BC/DR priorities, Thornton says, adding, "If you need systems back up in six hours—you can, but you'll have to throw a lot of money into that. Instead, consultants should be asking, 'Do you need that? What can you wait a couple of days on, or a week on?' and establish priorities."

Perhaps only 20 percent of the total environment—the most vital systems and applications—must recover in minutes or hours. "I can do that more economically than the whole thing," Thornton says. Different strategies can be deployed for lower priorities. "If I've got three days, I can build that system up very quickly—that's a lot less expensive than equipment that is standing there ready—not to mention the added cost of keeping that equipment current and fresh," he adds.

5. Do they offer BC/DR solutions to fit your budget?
Nearly one-quarter of companies surveyed by KPMG have not been able to justify the costs of business continuity plans. Most of these companies are focused in the large enterprise with 500 to 999 employees, according to the study. Consultants should know your business well enough to understand budget constraints and your immediate BC/DR needs.