1. Get the Job
  2. Get Ahead
  3. Office Life
  4. Work-Life Balance
  5. Home Office
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Build Your Career Get Ahead

Best Business Continuity and Disaster Recovery Certifications in 2018

Best Business Continuity and Disaster Recovery Certifications in 2018
Credit: Shutterstock/AndreyPopov

Business continuity (BC) and disaster recovery (DR) are the yin and yang of the IT world. BC keeps systems running and data available despite interruptions or faults; DR brings systems back to normal operation after a disaster has occurred.

Business continuity planning (BCP) and disaster recovery planning (DRP) remain important elements in IT governance and compliance. This is especially true for corporations and organizations that must meet various mandates regarding privacy, confidentiality and availability of systems and data. With increasing proliferation and use of cloud-based backup services — including a broad range of BC and DR offerings — BCP and DRP have become more tractable, and sometimes even less costly over the past five years.

This probably explains why we're in something of a heyday for BCP and DRP certifications, as that IT niche explodes with investment and activity. Given that costs and complexities of designing, implementing and maintaining technology platforms for BCP and DRP have gotten somewhat simpler and less burdensome, many more organizations are starting to venture into this area of IT.

We performed an informal online job board survey to identify the number of job postings for which employers require relevant certifications. This snapshot in time gives you an idea of what employers are looking for in the real-world job market and indicates ample opportunities for those interested in business continuity and disaster recovery.

Our top five certifications include the CBCP from DRI International, the CBCI from BCI (a UK-based organization), the C/DRE from Mile2, the CBCM from Certified Information Security and the EDRP from EC-Council. To pick those leaders, we looked at the state of BC and DR certification, examined various market and salary surveys, and performed an informal job board survey that reveals the number of job posts across the U.S. in which our featured certifications were mentioned on a given day.




LinkedIn Jobs





















Note: The ISO 22301 Certified Business Continuity Manager (CBCM) and the Certified Disaster Recovery Engineer (C/DRE) certifications are also featured in this article. They are absent in this table because unrelated certifications use the same acronym and/or the certification name is generic. Searching for "Certified Business Continuity Manager" resulted in more than 2,100 hits, and searching for "Certified Disaster Recovery Engineer" resulted in about 1,300 hits. Many of those results don't apply to the CBCM or C/DRE certification.

According to Simply Hired, disaster recovery managers earn an average of about $89,000 annually. However, salaries vary considerably depending on which job-related site you check. On the low end of the spectrum, earnings were reported in the mid-50s, while some sites reported earnings more than $140,000 on the high end.

It's hard not to see the Business Continuity Institute (BCI) as a competitor to DRI, and it's plain that these two organizations share some friendly rivalry. Where DRI is headquartered in New York and active in more than 50 countries across North America, Latin America, Asia, Australia, the Middle East and North Africa, BCI is based in the U.K. and most active in Europe, Asia, Africa and the Middle East.

BCI supports more than 8,500 members in 100 countries around the world, and it works with more than 3,000 organizations in public and private sectors, plus the so-called "third sector" — that part of an economy or society that's composed of non-governmental and non-profit organizations or associations, such as charities, volunteer and community groups, cooperatives, NGOs and so forth. Founded in 1994, BCI is younger than DRI.

The primary certification from BCI is the Certificate of the Business Continuity Institute, also known as CBCI. A single exam is required, which is delivered at the end of the recommended training course. Training is available in person or online, and exams that are not administered as a part of a classroom course may be taken online. Candidates should review the exam registration page for complete technical details before attempting the exam.

BCI offers follow-on levels of membership in the organization at associate (AMBCI, Associate Member of BCI), member (MBCI, full Member of BCI), Associate Fellow (AFBCI) and Fellow (FBCI) levels. The Institute also sponsors a Business Continuity Management (BCI) Diploma, a 30-week academic certificate program in business continuity based on the organization's codified body of knowledge, supported by general background and specialist college courses

For those pursuing a BC certification outside North America, particularly in Europe or countries belonging to the British Commonwealth, the CBCI is a compelling credential. Likewise, those who wish to focus on BC at the undergraduate level would be well-advised to investigate the organization's BCI Diploma. Though somewhat expensive, the credential is well-recognized and highly regarded.

The CBCI credential is valid for three years. As long as a credential holder has moved to a more advanced level of BCI membership, no exams are required. However, if a credential holder has not advanced to a higher membership level, they must take the then-current CBCI exam to maintain that credential. In addition, credential holders are required to pay an annual membership fee.

Certification Name

Certification of the BCI (CBCI)

Prerequisites & Required Courses

Recommended training incudes:
Instructor-led classroom or instructor-led online CBCI training; prices vary by geography and training provider but candidates can expect to pay approximately $2,750 to $3,295; course length is 32 hours; exam may be taken at end of course or scheduled for later time; classroom courses may not be available in all geographies.
Candidates may also complete eight-hour Introduction to Business Continuity eLearning course (approximately $750).

Number of Exams

One (120 multiple choice questions, two hours)
Exam may be taken at the completion of any training course or completed online.

Cost per Exam

£396.00 incl. VAT (approximately $500)



Self-Study Materials

In addition to formal training, BCI offers numerous resources including the Good Practice Guidelines 2018 (available from the BCI bookstore; free for members; USA download version is £40.00 incl. VAT (approximately $53), BC24 Online Incident Simulation Game, a knowledge bank, webinars, mock exams and more.

The ISO 22301 Certified Business Continuity Manager, or CBCM, credential comes from an organization named Certified Information Security (CIS). Based in Orange Park, Florida, the organization has been active since 1999. It offers credentials based on ISO Standards 31000 (Risk Analysis), 27001 (Information Security) and 22301 (Business Continuity Management). This organization also teaches ISACA CISM and CISA courses, along with a variety of fraud control topics (auditing, forensics and fraud investigation).

The CBCM is Certified Information Security's expert-level BCM certification, and it builds on the Certified Business Continuity Administrator (CBCA). Candidates must possess five years of documented, relevant business continuity experience.

It covers all the competence requirements documented in ISO 22301, which go well beyond the confines of IT-related subjects into such things as evacuation plans, public warnings and communication, and recovery services and suppliers. It requires a reasonably complete understanding of the entire discipline of BCM.

The CBCM is especially suitable for those IT professionals charged with designing or managing BCM efforts within a single organization, or who may work as BCM consultants or trainers for multiple organizations. Individuals on track for upper IT management or C-level positions with IT oversight responsibility are likely to find the CBCM a valuable credential to help them stay on track for such roles.

To maintain the credential, certification holders must pay an annual maintenance fee (currently $85) and earn a minimum of 120 continuing professional education (CPE) credits during a three-year certification cycle. At least 20 CPEs must be reported annually.

Certification Name

ISO 22301 Certified Business Continuity Manager (CBCM)

Prerequisites & Required Courses

CIS membership ($20 application fee plus $80 membership fee; annual membership renewal of $80 required each January). Certified Business Continuity Administrator cert required.
Completion of the following three training courses: CIS Policy Workshop: ISO 31000 Enterprise Risk Management ($399.95), CIS Policy Workshop: ISO 22301 Business Continuity Management ($299.95) and Best Practices to Develop, Deploy & Certify BCM ($299.95)
Five or more years of verifiable experience in at least two of the ISO 22301 Business Continuity Management System (BCMS) Common Body of Knowledge domains
Completion of three candidate endorsement forms. Annual renewal required.

Number of Exams

Three: RM 101, BCMS 101 and BCMS 102 (all exams administered online; 65 questions, 70 minutes, 75 percent score to pass)

Cost per Exam

$100 (total $300)



Self-Study Materials

Practice exams available for $75 each

DRI International describes itself as "a global leader in BCM (business continuity management) education and certification," and it offers credentials for business continuity and disaster recovery. The organization, founded in 1988, seeks to promote a base of "common knowledge" (cert-speak for concepts, terminology, best practices, processes and procedures for some body of work or expertise) for the continuity management profession. It also certifies qualified individuals in business continuity and promotes those certified individuals' credibility and professionalism. DRI offers certification tracks in business continuity management (including advanced topics), auditing, public sector, healthcare continuity and risk management.

DRI has certified more than 15,000 professionals with representation in more than 100 countries, more than half of which are taught in native languages. We chose the DRI Certified Business Continuity Professional (CBCP) credential as the "poster child" for the organization, not only because it is the most popular and best recognized of its various certifications (13 in all), but also because it is preceded by an associate-level credential (ABCP), augmented by specialist certs (CFCP for various functional continuity disciplines, and CBCV for vendors) and followed by a master-level cert (MBCP).

The CBCP is an excellent credential for current or aspiring business continuity practitioners, but because it includes a "verifiable experience" component, candidates must possess some reasonable facsimile of on-the-job BCP experience to qualify for this credential.

Recertification is required annually. Candidates must pay an annual maintenance fee and earn a minimum of 80 continuing education activity points (CEAPs) every two years to maintain this credential. Candidates should check the certification page for details on eligible activities.

Certification Name

Certified Business Continuity Professional (CBCP)

Prerequisites & Required Courses

Required: Minimum two years of verifiable experience in at least five of the subject areas of the Professional Practices for Business Continuity Planners.
Subject areas include:

  • Program Initiation and Management
  • Risk Evaluation and Control
  • Business Impact Analysis
  • Business Continuity Strategies
  • Emergency Response and Operations
  • Plan Implementation and Documentation
  • Awareness and Training Programs
  • Business Continuity Plan Exercise, Audit and Maintenance
  • Crises Communications
  • Coordination with External Agencies

All experience must be within 10 years of date of application.

Application required.

Five subject matter essays required; two of the five essays must be from the Business Impact Analysis, Developing Business Continuity Strategies, Developing and Implementing Business Continuity Plans, or Maintaining and Exercising Business Continuity Plans subject areas.

A minimum of two references required for each subject area.

Number of Exams

One (75 percent required to pass)

Cost per Exam

Exam fee: $695 or $250 (see below)
Application fee: $400
Annual renewal fee: $175



Self-Study Materials

In-person and online self-paced training available from DRI. In-person training runs $2,650 for a 4.5-day course. Self-paced training is $295 per module. Modules cover all of the Professional Practice areas. There are nine modules total. Exam fee is $250 when you pay for official DRI training.

CBCP & CPSCP Exams Study Guide & Practice Questions 2015/16 Edition, CreateSpace Independent Publishing Platform; approximately $130 from Amazon
Certified Business Continuity Professional: CBCP Exam, available from FinanceCerts.com for $99 download

Mile2 has established both staying power (with more than seven years of ongoing activity in training and certification) and credibility. According to Mile2's Cyber Security Certification Roadmap, the company offers credentials in areas such as virtualization, application and source code, auditing, healthcare, wireless security, forensics, incident handling, pen testing hacking and IS management leadership as well as disaster recovery. Credentials cater to a wide range of skillsets, from fundamental levels to specialized and more advanced credentials.

The Certified Disaster Recovery Engineer (C/DRE) credential is Mile2's pinnacle DR certification. The associated C/DRE training course is approved by the NICCS and has been certified by the National Security Agency as meeting the CNSSI-4016: National Information Assurance Training Standards for Risk Analysis Security. It's also on the approved FBI Cyber Security Certification Requirement list.

With a focus on the defense establishment, especially for information or cyber security coverage, Mile2 is well-positioned to offer training and certification for individuals who work in the defense industry in particular, or for local, state or federal government agencies or contracting companies in general. That said, the C/DRE is not on the list of DoD Approved 8570 Baseline Certifications.

Certification Name

Certified Disaster Recovery Engineer (C/DRE)

Prerequisites & Required Courses

A minimum of 1 year of information systems or IS management experience is required. Recommended training: C/DRE course ($2,500)

Number of Exams


Cost per Exam

$400 (100 multiple-choice questions, two hours to complete)



Self-Study Materials

Mile2 maintains a list of learning resources including practice exam questions, study guides ($50), courseware kits ($500), online training video subscriptions ($550 per annual subscription) along with e-books, prep guides and more from the Mile2 Store.

The EC-Council Disaster Recovery Professional (EDRP) certification comes from an organization with deep and well-recognized roots in the information security community. Home to such certifications as the Certified Ethical Hacker (CEH), various forensic and penetration testing credentials, the EC-Council also offers certifications aimed at security managers and executives, software developers, network architects and disaster recovery professionals. The EDRP is gaining traction with companies and organizations seeking to validate skills and knowledge for those who plan, organize and oversee testing of their disaster response, recovery support and business resumption practices and procedures.

The EDRP is as much about identifying vulnerabilities and managing risks for organizations as it is about planning, designing, testing and, when necessary, implementing responses to interruptions of access or service or responses to disasters. Topics covered include preparing a disaster recovery plan, assessing risk factors in an organization, developing policy and procedure, understanding the relationships and roles among various groups and individuals who implement such plans, and managing the recovery process.

Although we mention the EDRP last on our list, that doesn't mean it ranks last in perceived value or name recognition. If anything, the EDRP is probably the best-known of the bunch. It is entirely worth pursuing for IT professionals responsible for or involved in any organization's disaster recovery or business continuity planning, testing and implementation.

Certification Name

EC-Council Disaster Recovery Professional (EDRP)

Prerequisites & Required Courses

Complete Disaster Recovery and Business Continuity courseware ($650). 
Persons under the age of 18 must have parental consent and supporting letter from a nationally accredited institution of higher learning to take the course or sit for the exam.

Number of Exams

One, No. 312-76

Cost per Exam

$350 (50 questions, two hours, 70 percent required to pass). Exam administered by Prometric.



Self-Study Materials

Course outline available from EC-Council

Given the popularity and indisputable importance of business continuity and disaster recovery in any organization's operations and governance, it should come as no surprise that these five credentials (and the rather more substantial programs to which all of them belong) do not encompass the entire field of available credentials. For alternatives to these five you'll want to vet the sponsoring organization's reputation and longevity first.

Among many others, certifications from the Business Resilience Certification Consortium International (BRCCI, formerly known as Sentryx) are worth looking into for those who don't find something in our previous listings that enlists their interest and investment. The Certified Business Resilience Manager (CBRM) and Certified Business Resilience IT Professional (CBRITP) are most pertinent to this article. Like many other programs covered here, these certifications are elements in a broader certification program that also includes the BRCCI Certified Business Resilience Auditor (CBRA) and the Masters Achievement in Business Resilience (MABR) credentials.

For certification candidates in Southeast Asia (mainly Singapore, Indonesia and Malaysia), the Business Continuity Management (BCM) Institute offers several BCP/DRP certifications, such as the Business Continuity Certified Specialist (BCCS), the Disaster Recovery Certified Specialist (DRCS) and several others through the expert level.