Business continuity (BC) and disaster recovery (DR) are the yin and yang of the IT world. BC keeps systems running and data available despite interruptions or faults. DR brings systems back to normal operation after a disaster has occurred.
Business continuity planning (BCP) and disaster recovery planning (DRP) remain important elements in IT governance and compliance. This is especially true for corporations and organizations that must meet various mandates regarding privacy, confidentiality, and availability of systems and data. With increasing proliferation and use of cloud-based backup services – including a broad range of BC and DR offerings – BCP and DRP have become more tractable and sometimes even less costly over the past five years.
This probably explains why we’re in something of a heyday for BCP and DRP certifications, as that IT niche explodes with investment and activity. Given that costs and complexities of designing, implementing, and maintaining technology platforms for BCP and DRP have gotten somewhat simpler and less burdensome, many more organizations are venturing into this area of IT.
We performed an informal online job board survey to identify the number of job postings for which employers require relevant certifications. This snapshot in time gives you an idea of what employers are looking for in the real-world job market and indicates ample opportunities for those interested in business continuity and disaster recovery.
Our top five certifications are the CBCP from DRI International, the CBCI from BCI (a U.K.-based organization), the C/DRE from Mile2, the CBCM from Certified Information Security and the EDRP from EC-Council. To pick those leaders, we looked at the state of BC and DR certification, examined various market and salary surveys, and performed an informal job board survey that reveals the number of job posts across the U.S. in which our featured certifications were mentioned on a given day.
Note: The ISO 22301 Certified Business Continuity Manager (CBCM) and the Certified Disaster Recovery Engineer (C/DRE) certifications are also featured in this article. They are absent from this table because unrelated certifications use the same initials and/or the certification name is generic. Searching for “Certified Business Continuity Manager” resulted in almost 700 hits, and a search for “Certified Disaster Recovery Engineer” resulted in about 500 hits. Many of those results don’t apply to the CBCM or C/DRE certification.
According to SimplyHired, disaster recovery managers earn an average of almost $76,000 annually. On the low end, reported salaries averaged about $45,000 annually, while top earners came in just over $127,000.
It’s hard not to see the Business Continuity Institute (BCI) as a competitor to DRI, and it’s plain that these two organizations share some friendly rivalry. Where DRI is headquartered in New York and active in more than 50 countries across North America, Latin America, Asia, Australia, the Middle East and North Africa, BCI is based in the U.K. and most active in Europe, Asia, Africa and the Middle East.
BCI supports more than 9,100 members in 125 countries around the world, and it works with more than 3,000 organizations in public and private sectors, plus the so-called third sector – that part of an economy or society that’s composed of nongovernmental and nonprofit organizations or associations, such as charities, volunteer and community groups, cooperatives, and NGOs. Founded in 1994, BCI is younger than DRI.
The primary certification from BCI is the Certificate of the Business Continuity Institute, also known as CBCI. A single exam is required, which is delivered at the end of the recommended training course. Training is available in person or online, and exams that are not administered as a part of a classroom course may be taken online. Candidates should review the exam registration page for complete technical details before attempting the exam.
BCI offers follow-on levels of membership in the organization at associate (AMBCI, Associate Member of BCI), member (MBCI, full Member of BCI), Associate Fellow (AFBCI) and Fellow (FBCI) levels. Application and renewal fees vary by geography depending on whether or not a member is located in a country with high, upper middle, lower middle or low income. Interested candidates should check the BCI fee table for current membership and renewal rates. The institute also sponsors a Business Continuity Management (BCI) Diploma, a 30-week academic certificate program in business continuity based on the BCI’s codified body of knowledge, supported by general background and specialist college courses.
For those pursuing a BC certification outside North America, particularly in Europe or countries belonging to the British Commonwealth, the CBCI is a compelling credential. Likewise, those who wish to focus on BC at the undergraduate level would be well advised to investigate the organization’s BCI Diploma. Though somewhat expensive, the credential is well recognized and highly regarded.
The CBCI credential is valid for three years. As long as a credential holder has moved to a more advanced level of BCI membership, no exams are required. However, if a credential holder has not advanced to a higher membership level, they must take the current CBCI exam to maintain that credential. In addition, credential holders are required to pay an annual membership fee.
|Certification name||Certification of the BCI (CBCI)|
|Prerequisites and required courses||Recommended training includes instructor-led classroom or instructor-led online CBCI training. Prices vary by geography and training provider, but candidates can expect to pay approximately $2,750 (three-day course) to $3,600 (five-day course). Course length is 32 hours. Exam may be taken at end of course or scheduled for later time. Classroom courses may not be available in all geographies.
Candidates may also complete the eight-hour Introduction to Business Continuity course (£1,050, approximately $1,360).
|Number of exams||One exam (120 multiple-choice questions, two hours). Exam may be taken at the completion of any training course or completed online.|
|Cost per exam||£350 including VAT (approximately $450)|
|Self-study materials||In addition to formal training, BCI offers numerous resources, including the Good Practice Guidelines 2018 (available from the BCI bookstore; free for members; U.S. download version is £30 including VAT, approximately $40), BC24 Online Incident Simulation Game, a knowledge bank, webinars and mock exams.|
The ISO 22301 Certified Business Continuity Manager, or CBCM, credential comes from an organization named Certified Information Security (CIS). Based in Orange Park, Florida, the organization has been active since 1999. It offers credentials based on ISO Standards 31000 (Risk Analysis), 27001 (Information Security) and 22301 (Business Continuity Management). This organization also teaches ISACA CISM, CISA and CRISC courses, as well as training courses for (ISC)2 CISSP and a variety of fraud control topics (auditing, forensics and fraud investigation).
The CBCM is Certified Information Security’s expert-level BCM certification. Candidates must have five years of documented, relevant BC experience. It covers all the competence requirements documented in ISO 22301, which go well beyond the confines of IT subjects into such things as evacuation plans, public warnings and communication, and recovery services and suppliers. It requires a reasonably complete understanding of the entire discipline of BCM.
The CBCM is especially suitable for those IT professionals charged with designing or managing BCM efforts within a single organization, or who may work as BCM consultants or trainers for multiple organizations. Individuals on track for upper IT management or C-level positions with IT oversight responsibility are likely to find the CBCM a valuable credential to help them stay on track for such roles.
To maintain the credential, certification holders must pay an annual maintenance fee (currently $80) and earn a minimum of 120 continuing professional education (CPE) credits during a three-year certification cycle. At least 20 CPEs must be reported annually.
|Certification name||ISO 22301 Certified Business Continuity Manager (CBCM)|
|Prerequisites and required courses||CIS membership ($20 application fee plus $80 membership fee; annual membership renewal of $80 required each January)
Completion of three training courses:
Five or more years of verifiable experience plus completion of three candidate endorsement forms
Annual renewal required
|Number of exams||Three: RM 101, BCMS 101 and BCMS 102 (all exams administered online)|
|Cost per exam||$100 (total $300)|
|Self-study materials||Practice exams available for $75 each|
DRI International describes itself as “a global leader in BCM (business continuity management) education and certification,” and it offers credentials for BC and DR. The organization, founded in 1988, seeks to promote a base of “common knowledge” (cert-speak for concepts, terminology, best practices, processes and procedures for some body of work or expertise) for the continuity management profession. It also certifies qualified individuals in BC and promotes those individuals’ credibility and professionalism. DRI offers certification tracks in BCM (including advanced topics), auditing, public sector, healthcare continuity and risk management.
DRI has certified more than 15,000 professionals with representation in more than 100 countries, more than half of which are taught in native languages. We chose the DRI Certified Business Continuity Professional (CBCP) credential as the “poster child” for the organization, not only because it is the most popular and best recognized of its various certifications (13 in all), but also because it is preceded by an associate-level credential (ABCP), augmented by specialist certs (CFCP for various functional continuity disciplines, and CBCV for vendors) and followed by a master-level cert (MBCP).
The CBCP is an excellent credential for current or aspiring BC practitioners, but because it includes a “verifiable experience” component, candidates must have some reasonable facsimile of on-the-job BCP experience to qualify for this credential.
Recertification is required annually. Candidates must pay an annual maintenance fee and earn a minimum of 80 continuing education activity points (CEAPs) every two years to maintain this credential. Candidates should check the certification page for details on eligible activities.
|Certification name||Certified Business Continuity Professional (CBCP)|
|Prerequisites and required courses||Required: Minimum two years of verifiable experience in at least five of the subject areas of the Professional Practices for Business Continuity Management. Subject areas include the following:
All experience must be within 10 years of date of application.
Five subject matter essays (minimum of 250 words) required; two of the five essays must be from the Business Impact Analysis, Developing Business Continuity Strategies, Developing and Implementing Business Continuity Plans, or Maintaining and Exercising Business Continuity Plans subject areas.
A minimum of two references required for each subject area.
|Number of exams||One exam (75 percent required to pass)|
|Cost per exam||Qualifying exam fee: $750
Application fee: $400
Annual renewal fee: $200
|Self-study materials||In-person and online self-paced training available from DRI. In-person training runs $2,750 for a 4.5-day course. Self-paced training is $295 per module. Modules cover all of the Professional Practice areas.
CBCP & CPSCP Exams Study Guide & Practice Questions 2015/16 Edition, CreateSpace Independent Publishing Platform; approximately $65 from Amazon
Certified Business Continuity Professional: CBCP Exam, available from FinanceCerts.com for $99 download
With more than seven years of ongoing activity in training and certification, Mile2 has established both staying power and credibility. According to its Cyber Security Certification Roadmap, the company offers credentials in areas such as virtualization, application and source code, auditing, healthcare, wireless security, forensics, incident handling, pen-testing hacking, cloud security, and IS management leadership as well as disaster recovery and cyber warfare. Credentials cater to a wide range of skill sets, from fundamental levels to more advanced and specialized credentials.
The Certified Disaster Recovery Engineer (C/DRE) credential is Mile2’s pinnacle DR certification. The associated C/DRE training course is approved by the National Initiative for Cybersecurity Careers and Studies, and it has been certified by the National Security Agency as meeting the CNSSI-4016: National Information Assurance Training Standards for Risk Analysis Security. It also maps to the NIST/Homeland Security NICCS Cybersecurity Workforce Framework and is on the approved FBI Cybersecurity Certification Requirement (Tier 1-3) list.
With a focus on the defense establishment, especially for information or cybersecurity coverage, Mile2 is well positioned to offer training and certification for individuals who work in the defense industry in particular, or for local, state, or federal government agencies or contracting companies in general. That said, the C/DRE is not on the list of DoD Approved 8570 Baseline Certifications.
|Certification name||Certified Disaster Recovery Engineer (C/DRE)|
|Prerequisites and required courses||A minimum of one year of information systems or IS management experience is required.
Recommended training: C/DRE course ($2,500)
|Number of exams||One|
|Cost per exam||$400 (100 multiple-choice questions, two hours to complete)|
|Self-study materials||Mile2 maintains a list of learning resources, including practice exam questions, study guides ($50), courseware kits ($500), online training video subscriptions ($550 per annual subscription), e-books and prep guides at the Mile2 Store.|
The EC-Council Disaster Recovery Professional (EDRP) certification comes from an organization with deep and well-recognized roots in the information security community. Home to such certifications as the Certified Ethical Hacker (CEH), various forensic and penetration testing credentials, the EC-Council also offers certifications aimed at security managers and executives, software developers, network architects, and disaster recovery professionals. The EDRP is gaining traction with companies and organizations seeking to validate skills and knowledge for those who plan, organize, and oversee testing of their disaster response, recovery support, and business resumption practices and procedures.
The EDRP is as much about identifying vulnerabilities and managing risks for organizations as it is about planning, designing, testing and, when necessary, implementing responses to interruptions of access or service or responses to disasters. Topics covered include preparing a disaster recovery plan, assessing risk factors, developing policy and procedure, understanding the relationships and roles among various groups and individuals who implement such plans, and managing the recovery process.
Although we mention the EDRP last on our list, that doesn’t mean it ranks last in perceived value or name recognition. If anything, the EDRP is probably the best-known of the bunch. It is entirely worth pursuing for IT professionals responsible for or involved in any organization’s DR or BC planning, testing and implementation.
|Certification name||EC-Council Disaster Recovery Professional (EDRP)|
|Prerequisites and required courses||Complete Disaster Recovery and Business Continuity courseware ($650).
Persons under the age of 18 must have parental consent and supporting letter from a nationally accredited institution of higher learning to take the course or sit for the exam.
|Number of exams||One: No. 312-76|
|Cost per exam||$350 (50 questions, two hours, 70 percent required to pass). Exam administered by Prometric.|
|Self-study materials||Course outline available from EC-Council|
Given the popularity and indisputable importance of BC and DR in any organization’s operations and governance, it should come as no surprise that these five credentials (and the rather more substantial programs to which all of them belong) do not encompass the entire field of available credentials. When considering alternatives to these five, you’ll want to vet the sponsoring organization’s reputation and longevity first.
Among many others, certifications from the Business Resilience Certification Consortium International (BRCCI, formerly known as Sentryx) are worth looking into for those who don’t find something in our previous listings that attracts their interest and investment. The Certified Business Resilience Manager (CBRM) and Certified Business Resilience IT Professional (CBRITP) are most pertinent to this article. Like many other programs covered here, these certifications are elements in a broader certification program that also includes the BRCCI Certified Business Resilience Auditor (CBRA) and the Master’s Achievement in Business Resilience (MABR) credentials.
For certification candidates in Southeast Asia (mainly Singapore, Indonesia and Malaysia), the Business Continuity Management (BCM) Institute offers several BCP/DRP certifications, such as the Business Continuity Certified Specialist (BCCS), the Disaster Recovery Certified Specialist (DRCS) and several others through the expert level.