Business continuity and disaster recovery certifications are seeing a healthy uptrend as new cloud-based BC/DR tools proliferate the market. While business continuity and disaster recovery have always been important to organizations, they're becoming more critical, and IT certifications are following suit. Here are the best business BCP/DRP certs for 2016.
Business continuity (BC) and disaster recovery (DR) are the yin and yang of the IT world. Where BC is about keeping systems running and data available despite interruption, DR aims to bring systems back to normal operation following a natural or man-made disaster of some kind.
Business continuity planning (BCP) and disaster recovery planning (DRP) remain important elements in IT governance and compliance, especially for corporations and organizations that must meet various mandates regarding privacy, confidentiality and availability of their systems and the data they house. With the increasing proliferation and use of cloud-based backup services -- including a broad range of BC and DR offerings in the cloud -- BCP and DRP have become considerably more tractable and occasionally less costly over the past five years.
This probably explains why we're in something of a heyday for BCP and DRP certifications, as the rest of that IT niche explodes with investment and activity across the board. Given that the costs and complexities of designing, implementing and maintaining the technology platforms for BCP and DRP have gotten somewhat simpler and less burdensome, many more organizations are starting to venture into this area of IT. Though it's arguable that they should have been involved all along, lowering bars to entry always increases overall participation.
Top 5 certs at the option of the website tomsitpro.com include the CBCP from DRI International, the CBCI from BCI (a UK-based organization), the C/DRE from Mile 2, the CBCM from Certified Information Security and the EDRP from EC-Council
1. CBCP: DRI International's Certified Business Continuity Professional
Interestingly enough, DRI International describes itself as "a global leader in BCM (business continuity management) education and certification," and offers credentials for both business continuity and disaster recovery. The organization was founded in 1988, and seeks to promote a base of "common knowledge" (cert-speak for concepts, terminology, best practices, processes and procedures for some body of work or expertise) for the continuity management profession, to certify qualified individuals in business continuity, and to promote those certified individuals' credibility and professionalism. DRI offers certification tracks in business continuity management (including advanced topics), auditing, public sector, healthcare, and risk management.
Since its beginnings, DRI has certified more than 13,000 professionals with representation in more than 100 different countries, over half of which are taught in native languages. We chose the DRI Certified Business Continuity Professional (CBCP) credential as the "poster child" for the organization, not only because it is the most popular and best recognized of its various certs (13 in all, as documented on the certification page), but also because it is preceded by an associate-level credential (ABCP), augmented by specialist certs (CFCP for various functional continuity disciplines, and CBCV for vendors) and followed by a master-level cert (MBCP).
The CBCP is an excellent credential for practicing or aspiring business continuity practitioners, but because it includes a "verifiable experience" component, candidates will have to meet some reasonable facsimile of on-the-job BCP experience to qualify for this credential. Nevertheless, it's a great cert to help establish (and maintain) one's credibility in the BCP arena.
Recertification is required annually. Candidates must pay an annual maintenance fee and earn a minimum of 80 continuing education activity points (CEAPs) every two years to maintain this credential. Candidates should check the Maintaining Certification Overview page for details on eligible activities.
2. CBCI: Business Continuity Institute's Certification Of The BCI
It's hard not to see the Business Continuity Institute (BCI) as a competitor to DRI, and it's plain that these two organizations share some friendly rivalry. But where DRI is based and most active in the USA and North America, BCI is based in the UK and most active in Europe, Asia, Africa and the Middle East.
BCI currently supports over 8,000 members in 100 countries around the world, and works with over 3,000 organizations in public and private sectors, plus the so-called "third sector" (that part of an economy or society that's comprised of non-governmental and non-profit organizations or associations, such as charities, volunteer and community groups, cooperatives, NGOs and so forth). Founded in 1994, BCI is also somewhat younger than DRI.
The primary certification from BCI is the Certificate of the Business Continuity Institute, also known as CBCI. A single exam is required, which is delivered at the end of the recommended training course. Training is available in person or online, and exams that are not administered as a part of a classroom course may be taken online. Candidates should review the exam registration page for complete technical details before attempting the exam.
BCI offers follow-on levels of membership in the organization at associate (AMBCI, Associate Member of BCI), member (MBCI, full Member of BCI), Associate Fellow (AFBCI) and Fellow (FBCI) levels. The Institute also sponsors a BCI Diploma in Business Continuity, a full-fledged baccalaureate in business continuity based on the organization's codified body of knowledge, supported by a complete curriculum of general background and specialist college courses. It's available on-campus at Bucks New University or online as a distance learning degree.
For those pursuing a BC certification outside North America, particularly in Europe or countries belonging to the British Commonwealth, the CBCI is a pretty compelling credential. Likewise, those who wish to focus on BC at the undergraduate level would be well-advised to investigate the organization's Diploma in BCI. Though somewhat expensive, the credential is well-recognized and highly regarded.
The CBCI credential is valid for three years. As long as the credential holder has moved to a more advanced level of BCI membership, no exams are required. However, if a credential holder has not advanced to a higher membership level, they must take the then current CBCI exam to maintain the credential. In addition, credential holders are required to pay an annual membership fee.
3. C/DRE: Mile 2's Certified Disaster Recovery Engineer
This company has established both staying power (with more than seven years of ongoing activity in training and certification) and credibility. According to Mile 2's Cyber Security Certification Roadmap, the company offers credentials in areas such as virtual machines, application and source code, wireless security, forensics, incident handling, pen testing hacking and IS manage-ment leadership as well as disaster recovery. Credentials cater to a wide range of skillsets from the fundamental levels to specialized and more advanced credentials.
The Certified Disaster Recovery Engineer (C/DRE) credential is Mile2's pinnacle DR cert, which takes the Mile 2 Certified Security Sentinel (C/SS ) in Disaster Recovery as a prerequisite. The associated C/DRE training course is approved by the NICCS and has been certified by the National Security Agency as meeting the CNSSI-4016: National Information Assurance Training Standards for Risk Analysis Security.
With a focus on the defense establishment, especially for information or cyber security coverage, Mile 2 is well-positioned to offer training and certification for individuals who work in the defense industry in particular, or for local, state or federal government agencies or contracting companies in general.
4. CBCM: Certified Business Continuity Manager
The Certified Business Continuity Manager or CBCM credential comes from an organization named Certified Information Security (CIS). Based in Orange Park, FL, the organization has been active since 1999. It offers credentials based on ISO Standards 31000 (Risk Analysis), 27001 (Information Security) and 22301 (Business Continuity Management), and also teaches the ISACA CISM and CISA courses, along with a variety of fraud control (auditing, forensics and fraud investigation) topics.
The CBCM is Certified Information Security's pinnacle or expert-level BCM certification and builds on the Certified Business Continuity Administrator (CBCA). Candidates must possess five years of documented, relevant business continuity experience. It covers all of the competence requirements documents in ISO 22301, which go well beyond the confines of IT-related subjects into such things as evacuation plans, public warnings and communication, recovery services and suppliers, and more. It requires reasonably complete understanding of the entire discipline of BCM.
The CBCM is especially suitable for those IT professionals charged with designing or managing BCM efforts within a single organization, or who may work as BCM consultants or trainers for multiple organizations. Individuals on track for upper IT management or C-level positions with IT oversight responsibility are likely to find the CBCM a valuable credential to help them stay on track for such roles.
To maintain the credential, certification holders must pay an annual maintenance fee (currently $85 USD) and earn a minimum of 120 continuing professional education (CPE) credits over a three-year certification cycle. At least 20 CPEs must be reported annually.
5. EDRP: EC-Council’s Disaster Recovery Professional
As with the Certified Business Continuity Manager (CBCM) certification, the EC-Council Disaster Recovery Professional (EDRP) certification comes from an organization with deep and well-recognized roots in the information security community. Home to such certs as the Certified Ethical Hacker (CEH), various forensic and penetration testing credentials, and more, the EC-Council also offers certifications aimed at security managers and executives, software developers, network architects and disaster recovery professionals. The EDRP is gaining traction with companies and organizations seeking to validate skills and knowledge for those who plan, organize and oversee testing of their disaster response, recovery support, and business resumption practices and procedures.
The EDRP is as much about identifying vulnerabilities and managing failure risks for organizations as it is about planning, designing, testing and, when necessary, implementing responses to interruptions of access or service or responses to disasters. Topics covered include preparation of a disaster recovery plan, assessment of risk factors in an organization, policy and procedure development, understanding the relationships and roles among various groups and individuals who implement such plans, and managing the recovery process as it unfolds on the ground.
Although we mention the EDRP last on this list, that doesn't mean it ranks last in perceived value or name recognition. If anything, the EDRP is probably the best known of the bunch. It is entirely worth pursuing for IT professionals responsible for or involved in any organization's disaster recovery or business continuity planning, testing and implementation.