Risky Business (Part 2): Too Lean, Too Late

Risky Business - Supply ChainMany organizations today aim to make operations as lean as possible. But, in doing so, are these organizations unknowingly increasing the risk of operational downtime and excess cost? Due to streamlining operations and eliminating redundant activities or suppliers, one misstep or disruption (either internally or externally), can result in time-consuming and costly operational delays, or much worse, impact market positioning or even threaten the survival of the organization.

This perspective is part two of a supply chain risk management-focused series called “Risky Business”. In part one, Managing Third-Party and Supplier Risk, we discussed the importance of protecting your organization from risks associated with a dependence on suppliers (and service providers), as well as how to analyze potential impacts and prioritize these risks.

In this perspective we’ll discuss the specific business continuity strategies and risk treatment options available to mitigate the risk associated with supplier dependencies to an acceptable level. Continue reading

Treating the Causes of Bad BIAs

Faults & Fixes SeriesFaults & Fixes: Bad BIAs

Nearly all business continuity practitioners understand the importance of conducting a business impact analysis (BIA) in order to lay the foundation for a viable business continuity program. Organizations who perform and continually improve effective BIA processes gather essential business information for the activities that support organizational product and service delivery, such as process-related information, justification for business continuity requirements, recovery objectives, and resource requirements necessary to achieve recovery objectives and performance targets following the onset of a disruptive incident. This information drives the selection of organizational business continuity strategies, serves as an input to business continuity plans, and provides insight into potential organizational risks. Continue reading

Rethinking Business Continuity Metrics

Rethinking_MetricsOne of the most challenging management system activities that business continuity professionals need to execute (outside of coordinating actual recovery following a disruptive incident) is developing meaningful business continuity program metrics. ISO 22301 does not tell practitioners how to craft meaningful metrics, only that we need to have and share them with management for feedback.

Many business continuity professionals experience challenges with their programs: Continue reading

What You Need to Know: Cloud Computing and Business Continuity

The_CloudCloud computing is potentially the most important technology development of this decade, so business continuity professionals should rightly be asking: “What does it really mean and how does it affect me?” This perspective is designed to address common questions about cloud computing.

What is the Cloud?
Bottom-line – it is a marketing term. Like all great marketing terms, it can be used to mean anything, and thus, it actually means very little. For our purposes, I’d like to suggest the following explanations for “the cloud”, which have proven broadly true in practical experience: Continue reading

Don’t Waste Your Time or Money on Business Continuity Planning

Waste_Time_on_BCNo one enjoys wasting resources in any form – effort, time, or money. However, organizations that implement business continuity planning in a haphazard attempt to meet a customer requirement, pass an audit, or simply don’t take the time up front to ensure that the proper resources and approach are in place, are setting themselves up to do just that.

This article explores the common business continuity-related mistakes and pitfalls that lead to wasting time, money, and effort, and provides solutions focused on performing business continuity planning as an integrated aspect of your organization that will mature and improve risk mitigation and response/recoverability efforts, as well as deliver long-term value. Continue reading

Treating the Causes of Bad Management Reviews

Faults & Fixes: Bad Management Reviews

Senior management engagement is critical to business continuity success, so it’s becoming more and more common for organizations to involve management when designing and implementing business continuity programs.  However, after the initial implementation project wraps up, it is much less common for organizations to regularly engage management on program direction, capability, and maturation, via what the management system concept calls a “management review”.  While the concept of management reviews is relatively new to the business continuity profession, when fully implemented and combined with appropriate messaging, management reviews are the best way to get management to participate actively and stay engaged, as well as close program gaps and improve performance.  Continue reading

Failing Back Home Can Trip You Up

In the last month alone, I’ve worked with two companies that had IT disruptions but didn’t use their IT disaster recovery (DR) plans because they weren’t sure if they could fail back home (aka return to normal). In both cases, these concerns were a surprise to the executive management team.

It’s a theme I’ve heard many times before – the IT disaster recovery solution was built without considering how the organization would return to the primary data center from the disaster recovery location. This perspective highlights some key issues to consider regarding the use of the IT disaster recovery strategy. Continue reading

We Just Did a BIA and Risk Assessment… Now What?

How to Perform an Effective Business Continuity Gap Analysis

Following a business impact analysis (BIA) and risk assessment, best practices indicate that an organization should identify business continuity strategies that allow the organization to treat risks and recover business activities in accordance with management-approved requirements. This seems like a simple task on paper; however, in practice, many organizations struggle to do this, and instead jump straight to documenting business continuity plans. In doing so, these plans fail to include the resources and strategies already in place, or the organization fails to acknowledge and address coverage gaps. This leads to a lost opportunity to identify new risk treatments or recovery strategies, ultimately resulting in plans with no real capability to respond and recoverContinue reading

I’ve Been Assigned Executive Responsibility for Business Continuity – Now What?

15 Key Questions Executives Should Ask to Better Understand the Program’s Current-State and Next Steps

So, you’ve just been assigned responsibility of your organization’s business continuity program.

I’m sure many thoughts are running through your head right now, ranging from “What is business continuity?” to “What do I need to do first?” (among others). However, you’re in the right place to find answers to these questions, and many more. Continue reading