Stephanie Balaouras

With SunGard's acquisition of Strohl Systems, it would seem that the options for business continuity management software have dwindled. While SunGard will continue to support both Paragon and LDRPS, LDRPS will be its go forward platform. This leaves the main challengers, COOP Systems, eBRP, and OfficeShadow and lesser known vendors such as Business Protection Systems International (BPSI), CPACS, KingsBridge (formerly Binomial), and a few others. COOP Systems has gained a lot of momentum in recent months, in September, IBM Business Continuity and Resiliency Services (BCRS) selected COOP Systems as its strategic partner for BCM software.

But there are new options emerging from governance, risk, and compliance (GRC) vendors. For example, Archer Technologies has added a business continuity management module to its GRC SmartSuite Framework. I recently saw a demo of the offering and I found it to be intuitive and comprehensive. It's also closely aligned with the British Standard for Business Continuity Management, BS 25999. I also recently met with MetricStream, they have also added a BCM module to their GRC platform. Provided that you've already purchased the core GRC platform from one of these vendors, buying the BCM module is significantly less expensive that buying or subscribing to a tier 1 stand-alone BCM offering. Tier 1 offerings start at US$100K and average sales prices can be in the hundreds of thousands of dollars. The add-on modules to these GRC platforms will start between $30K-$50K.

I also recently met with Protiviti Consulting, a firm that specializes in risk consulting services. Protiviti offers PACEmaker which stands for Planning and Continuity Executed. The service is built on the backbone of myCOOP from COOP Systems and is hosted by COOP Systems. Protiviti offers the service as part of BCM consulting and advisory services.

All three of these GRC focused vendors claim that their existing customers demanded they offer BC related services and software. Overall, the entrance of these vendors is a positive trend. First, competition is always good for end-users. Second, if the vendors’ claims are true, it means that more companies are taking BCM seriously. And finally, I believe there is a benefit to more closely aligning BCM with enterprise risk management. My colleague, Chris McClean, and I recently wrote about the benefits of more closely aligning BC, IT disaster recovery and IT security to improve overall business resiliency. This is just a first step towards improving resiliency. The next step is to more closely align these domains with enterprise risk management.

There are some considerations that companies should be aware of with these new BCM offerings. First, the MetricStream offering is a premise-based deployment, it’s not hosted. In my experience in the BCM space, companies prefer a hosted service. You don’t want a BC plan for your BC plans; you want to be able to get to them from any desktop or laptop with a browser and Internet access. Second, the Archer and MetricStream offerings have some emergency communication capabilities, but they don't compare to the capabilities and reliability of hosted enterprise-class emergency communication services from providers such as 3N, Dell MessageOne, MIR3, SendWordNow, or Varolii. These emergency communication vendors can integrate their services with the BCM software from all the major players (SunGard LDPRS and Paragon, COOP Systems, eBRP, Office Shadow etc.). But then again, I don’t think it would take much for Archer Technologies or MetricStream to integrate with these vendors.

I'm interested in your feedback. Do you think it makes sense to implement a BCM application as a standalone product or as a module within a broader GRC suite? Are the benefits of tying BC to risk management and compliance efforts substantial enough to warrant a collaborative approach?