Who We Are — Rethinking Business Continuity from First Principles

Most business continuity programs don’t fail because of a lack of effort.

They fail because they’re built around the wrong job.

The Role I Thought I Had

In 2015, I stepped into a Business Continuity Manager role at DaVita Rx.

On my first day, I was introduced to the organization like this:

It was well-intentioned. But it was also wrong.

Not because disruptions aren’t important—but because eliminating them isn’t realistic in any complex organization, especially in healthcare.

At the time, I saw my role differently.

I believed I was there to find problems.

To identify risks. To document gaps. To surface exposures the business might not fully see.

It aligned with how business continuity was traditionally practiced.

It just didn’t align with what the business actually needed.

The Business Already Knew

The business didn’t need a problem finder.

They were already living the problems.

They knew where processes broke down. They understood where delays occurred. They could point to the dependencies that made them vulnerable.

They didn’t need someone to extract that information and formalize it into a report.

What they lacked was something far more valuable:

• A clear understanding of how those risks connected across operations

• A consistent approach to responding when disruption occurred

• A structure that supported real-time decision-making

That realization changed everything.

The Industry Gap

This experience wasn’t unique.

It reflects a broader issue across business continuity programs.

Too often, they function as:

• Risk identification engines

• Documentation exercises

• Compliance-driven initiatives

They produce artifacts—plans, assessments, reports.

But they rarely improve how the business actually operates during disruption.

Because the work exists outside the business, rather than within it.

A Necessary Shift

That experience forced a fundamental shift in perspective.

The role of business continuity isn’t to find problems.

It’s to help the business navigate them.

That requires moving from:

• Identifying risk → Structuring response

• Capturing information → Enabling decisions

• Building plans → Supporting operations

Continuity cannot be something the business participates in periodically.

It must reflect how the business functions every day—enhancing clarity, consistency, and resilience within existing operations.

Why We Built Riffle

This shift didn’t lead to a better template or a more efficient assessment process.

It led to a different question:

What would business continuity look like if it were designed around how work actually happens?

Not how it’s documented.Not how it’s audited.But how it operates in reality.

Riffle was built from that premise.

Not as a layer on top of the business—but as something integrated within it.

At its core is a simple belief:

Where This Is Going

Business continuity doesn’t need more artifacts.

It needs stronger alignment with the way organizations actually operate.

In the next article, we’ll explore where many programs break down next—engagement—and why continuity efforts fail when they’re not embedded within the business itself.