Business continuity planning is inherently cross-functional with a necessity to address risks to an organization’s product and service offerings, as well as the resources necessary to meet obligations. As organizations increasingly rely on a global network of suppliers and service providers, business continuity practitioners have the responsibility to understand and analyze these relationships and lead strategy identification efforts to protect their organization when faced with a third-party disruption.
Developing and implementing business continuity strategies and risk treatment options related to third parties can be a difficult endeavor because strategies may seemingly contradict an organization’s strategic efforts to leverage single-source suppliers, make supply chains “lean”, and reduce stored inventory levels. However, business continuity practitioners must provide top management with the information needed to balance strategic initiatives with the need to reduce single points of failure and protect an organization should a resource become unavailable.
This perspective discusses the tools available to identify and document third-party resources and methods by which risks can be presented to top management for review and action. Continue reading
In our experience, one of the most difficult roles to fulfill in any business continuity program is the team leader responsible for a cross-functional response and recovery team (often called a crisis management team, a department business recovery team, or an IT disaster recovery team). This is because the team leader faces three significant challenges:
- These teams are cross-functional, which means every person brings their expertise, as well as their opinions and personal agendas for response and recovery; Continue reading
Business continuity means working to decrease the likelihood of a disruptive incident and preparing your organization to continue the delivery of its most essential products and services if a disruption were to occur.
In other words, in the event of a disruptive incident, business continuity helps ensure that everyone – from response personnel through the general employee population – can answer these three questions: Continue reading
Faults & Fixes: Bad Plans
Developing strong business continuity plans characterized as actionable, relevant, and simple to execute can be a very difficult task for many organizations. In other articles, Avalution examined the different types of business continuity plans, what information should be included, and how organizations can focus on the basics to develop effective plans. One trend that our consultants see across industries is that as business continuity programs mature, planning approaches inevitably change, often (and unfortunately) becoming more complicated and burdensome over time. As plans become overburdened with complex requirements, simplicity, quality, and effectiveness suffer.
This perspective examines the six typical symptoms of “bad plans” and their common root causes, and provides suggestions on how organizations can develop plans described as actionable, relevant, and simple. Continue reading
Part of Avalution’s Conforming to ISO 22301 Series
This perspective is the eighth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.
Today we’re going to take a look at ISO 22301’s requirements regarding corrective actions.
Business continuity planning software can add significant value if it complements a strong program that has management support, competent personnel, and the information necessary to establish requirements, identify strategies, and document plans. While software will not “do business continuity planning for an organization”, it can provide an already-built and structured approach that automates what could otherwise be a manual internal process, freeing practitioners to focus on program maturation. That said, not all software is right for every organization, so it is important to ensure any selected software is a right fit BEFORE trying to implement it. Many organizations approach software selection anticipating that the software vendor will show them what they need or tell them what features best fit their program; however, without first understanding the program’s current state, needs, and capabilities, odds increase that organizations will select software that does not align to the current state program and could thus require significant additional customization or result in ineffective use.
This article discusses common business continuity software myths and selection issues and provides recommendations on factors to consider before deciding to pursue, select, and implement a business continuity planning software solution, so that you can get the most value from whatever option you select. Continue reading
Part of Avalution’s Conforming to ISO 22301 Series
This perspective is the seventh in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process. Continue reading
Although plan documentation isn’t the only business continuity planning outcome, and absolutely should not be the sole focus during a program assessment, it’s certainly an important one. Plans are one of the first things customers and auditors ask to review because these documents should summarize the response and recovery approach used by the business following the onset of a disruptive incident, as well as a summary of the resources needed to deliver products and services. If asked to evaluate a plan, what’s the best approach, and what elements and content should you expect to see? The purpose of this perspective is to outline a simple, straightforward plan assessment approach. Continue reading
Recently, a question was raised by a client regarding whether it would be better to create a method to manage technical information in support of the IT disaster recovery planning effort, acquire and implement a commercial Configuration Management Database (CMDB) solution, or customize its existing business continuity software solution. The short answer is, “it depends”. This perspective discusses this commonly asked question, which by the way, is very important given the need to understand the relationship between IT infrastructure, applications, data, and business continuity requirements. Continue reading
Congratulations! You’ve started your business continuity planning effort—sometimes, that’s the hardest part. Now, you’re working diligently on your organization’s business continuity program, but it’s not delivering the results you had hoped. You’re performing a business impact analysis (BIA) and risk assessment, documenting plans, and socializing the next steps for your program, but it’s not progressing like you would expect or maybe it doesn’t have the capability your organization needs. So, what can you do?
This perspective outlines the common challenges organizations face when implementing a business continuity program that meets response and recovery expectations, and offers solutions that business continuity managers can pursue to address these challenges. Continue reading