As business continuity professionals, it’s easy to be overwhelmed by the myriad roadblocks that exist on the road to building resiliency – lack of funding, lack of people, lack of management support, etc. In some organizations, it seems like everyone just wants the business continuity person to go away!
At Avalution, we’re always studying these challenges and working to find ways to prevent and overcome them. Many of those techniques are documented elsewhere in this blog. However, one foundational consideration is missing – an appropriate mindset in approaching the challenges facing you and your organization. Specifically, there are three areas where business continuity planners are often defeated before they even get started: expectations, excuses, and confidence. Continue reading
Increasing Coordination Between the Business and IT in Preparedness Activities
One of the most common questions we receive at Avalution is, “How can my organization increase coordination between different groups performing preparedness activities, specifically ‘the business’ and IT?” We have seen many organizations’ business and IT teams struggle to come to an agreement on common requirements, such as application recovery time objectives (RTOs) and data loss tolerances (RPOs). The business tends to complain that IT does not listen to their recovery requirements, while IT tends to complain that the business is far too aggressive and unrealistic on recovery requirements. This article provides recommendations on how the business and IT can work more seamlessly toward the “right” level of preparedness for your organization. Continue reading
Today we announced the release of a new white paper, Implementing ISO 22301: The Business Continuity Management System Standard, co-authored by Brian Zawada, Avalution’s Director of Consulting and the Chairman and Head of U.S. Delegation to ISO Technical Committee 223 (the group charged with developing ISO 22301), and Greg Marbais, a Consultant at Avalution. Continue reading
Most organizations that have experienced a crisis would likely agree that advance planning is critical to enabling an effective response. When a disaster impacts several sites simultaneously, it makes coordination even more chaotic, so the importance of a defined structure increases. Organizations with multiple facilities or sites, especially those within “at-risk” regions, should take proactive steps to prepare their organization for events that require a widespread and coordinated response. Specifically, these preparedness steps include enabling coordination, communication, and adherence to organizational policies in advance of a disaster to ensure all sites implement appropriate response procedures. This article summarizes best practices that help enable sites to work together and execute common, approved response strategies to minimize impact and reduce confusion. Continue reading
Similar to other management systems standards, ISO 22301 is based on the ‘Plan-Do-Check-Act’ model that seeks to improve – in a continual manner – the effectiveness of the organization’s performance through proficient planning, implementation, supervision, review and maintenance.
As such, it is only proper that we discuss the relationship of ISO 22301 with other management systems standards. The following summary offers a high-level comparison between ISO 22301 and another widely-adopted management systems standard, British Standard (BS) 25999-2 (2007). Continue reading
Guest Post by Barry Cardoza, CBCP
Original Publish Date: September 2012 (before ISO 22313 was published)
For those who had hoped (as I had) that the final version of the International Organization for Standardization’s ISO 22301 would be the comprehensive and very detailed replacement for BS 25999 parts 1 and 2, giving clear instructions regarding how to actually create the elements of a Business Continuity Program, it is definitely not that. In reality, it is replacing BS 25999-2, which will no longer be published after November of 2012, and it does provide very valuable guidance for an organization as it relates to the elements of a best practice-oriented business continuity management system; it’s just “different” in its purpose and scope than what many business continuity professionals might have expected. Continue reading
Standards…ugh! Even though the business continuity profession appears to be paying some attention to the topics of standards development and organizational certification, you may be tempted to skip over these articles and ignore the opportunity to review new or revised standards when released (especially if you feel organizational certification isn’t right for your organization). However, many reasons exist as to why all organizations (and BC practitioners) should not only pay attention to standards, but also seek opportunities to incorporate applicable elements of them into their programs to improve performance and enhance credibility. Continue reading
Have you ever recommended additional redundancy for a process, department, or facility, only to be told that your organization couldn’t afford it or have the project repeatedly delayed until next year? I have. It’s pretty common in our profession.
Casey Haskins and Peter Sims recently wrote an article that you should consider a must read (and so should your senior leadership team responsible for continuity). It may just provide the viewpoint needed to help your organization be more resilient. Continue reading
For an organization experiencing a crisis, the ever-persistent nature of our 24/7 global society means that impacts extend well beyond the location of the crisis. Organizations that successfully manage and respond to disruptive events do so because they are able to balance the operational activities associated with the disruptive event while concurrently managing the expectations of stakeholders and the general public. Organizations are able to accomplish the task of managing stakeholder and public expectations through effective, accurate, and timely communications. Continue reading
Many organizations struggle to define the best method to meet business expectations regarding information technology (IT) recovery. ISO 27031 provides guidance to business continuity and IT disaster recovery professionals on how to plan for IT continuity and recovery as part of a more comprehensive business continuity management system (BCMS). The standard helps IT personnel identify the requirements for Information and Communication Technology (ICT) and implement strategies to reduce the risk of disruption, as well as recognize, respond to and recover from a disruption to ICT. Continue reading