Effective Business Continuity: Program vs Plan

TJMany organizations think that effective business continuity planning is synonymous with great plan documentation.

It’s not.

Yes, plan documentation is extremely important. BUT… many organizations fail to recognize that effective business continuity plans – and truly prepared and resilient organizations – are the result of a larger business continuity planning lifecycle that begins with requirements setting and ends with practice (and of course, the process recycles on a continuous basis).

Bottom line – plans are just one key ingredient in the development of an effective business continuity program.

This perspective provides an outline for what Avalution promotes as effective business continuity planning. Please explore the links provided within this document for more in-depth explanations of each step of the planning process. Continue reading

Risky Business (Part 3): A Supply Chain Continuity Case Study

Risky Business - Supply ChainMuda. It’s the Japanese word for waste and the enemy in modern supply chain management and manufacturing. Since the 1980s, lean thinking has revolutionized the way businesses operate by seeking to eliminate muda and free capital held in wasteful assets—that is, assets that do not add value to the overall process (e.g. excess inventory or underutilized equipment). Lean thinking is important and helps businesses to improve their processes and their bottom lines. It does however beg one key question that risk managers and business continuity professionals must ask: “how lean is too lean?” Wantonly cutting out all perceived muda to save money can actually have the opposite effect down the road. Organizations with global supply chains inherit significant risk due to the potential impact associated with a supply chain disruption.  In some cases, a disruption could threaten an organization’s ability to continue business or require large amounts of capital to recover. Organizations must fully examine their processes and supply chains to identify risk and make informed decisions on how lean is too lean.

This perspective—the third in the Risky Business Series—leverages a case study of the recent west coast dock worker strike to demonstrate the inherit risk of a supply chain that is too lean due to a virtual monopoly. This article also revisits evaluation and mitigation strategies from the first two Risky Business perspectives that organizations can use to reduce risk to an acceptable level. Continue reading

Leading Response and Recovery Teams (Part 3)

LeadershipThis perspective is the third in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruptive event.  These two foundational team leader behaviors will help response and recovery team leaders elicit the best possible performance of the team (as well as themselves).

In Part 1 and Part 2 of this series, we addressed the role of the team leader, which is to create a team vision and purpose, as well as the team leader’s responsibility to manage the chaos associated with a disruptive event.  In this perspective, Part 3, we review the team leader’s role in ensuring the team remains adaptable in a changing environment and how the team leader can work to pull these key factors together. Continue reading

Business Continuity Strategy Design: An Overview of BCI Professional Practice 4

BCI_GPGs_SeriesThis article provides an overview of Professional Practice 4 (PP4) – Design, which is the professional practice that “identifies and selects appropriate strategies and tactics to determine how continuity and recovery from disruption will be achieved”. Strategy design activities are essential to translate outputs gathered during the analysis phase into actionable strategies that the organization can implement and refine over time to improve the ability to respond and recover from a disruption. Continue reading

Standard Operating Procedures: Program Documentation That Helps Drive Repeatable Results

SOPDesigning a governance structure and describing its intended performance in the form of program documentation is the first step to ensure your business continuity program produces repeatable results that align to stakeholder expectations.

According to the Business Continuity Institute’s Good Practice Guidelines’ first professional practice, governance provides the foundation for a repeatable and scalable business continuity program.

But what exactly is “governance”? Governance is typically the combination of documented policies and procedures, supported by senior/executive-level management, that define the scope, objectives, approaches, and outcomes associated with a business continuity program. Continue reading

The Critical Role Analysis Plays in Your Business Continuity Program: An Overview of BCI Professional Practice 3

BCI_GPGs_SeriesThis article provides an overview of GPG Professional Practice 3 (PP3) – Analysis, which is the professional practice that “reviews and assesses an organization in terms of what its objectives are, how it functions, and the constraints of the environment in which it operates”.

PP3 OVERVIEW

PP3 introduces and addresses the business impact analysis (BIA) as a primary means of analysis, leading to appropriate business continuity requirements.  PP3 identifies the following beneficial outcomes from the BIA: Continue reading

National Preparedness Month 2015

NPM15_logo_v5FinalSeptember marks the beginning of National Preparedness Month (NPM) sponsored by FEMA’s Ready Campaign.

The 2015 theme is: “Don’t Wait. Communicate. Make Your Emergency Plan Today.”

The goal of National Preparedness Month is to encourage individuals, businesses, and communities to plan and prepare in advance so they can safely respond and communicate in the event of a disaster. Continue reading

Introducing ISO 22317 – The Business Impact Analysis Standard

ISO 22317WHAT IS ISO 22317?

The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, has released its latest document: ISO 22317 – Societal Security – Business Continuity Management Systems – Business Impact Analysis, the first and only international standard solely addressing the business impact analysis (BIA).

ISO 22317 was officially published on September 17, 2015.

There are a few important points to understand before reading ISO 22317: Continue reading

The Importance of Embedding Business Continuity: An Overview of BCI Professional Practice 2

BCI_GPGs_SeriesThis article reviews GPG Professional Practice 2 (PP2): Embedding Business Continuity and explains why embedding business continuity into your organization is important for driving success, describes best practices for embedding business continuity into day-to-day activities, and provides a brief case study highlighting the benefits of this practice.

PP2 OVERVIEW

PP2 outlines a number of techniques on how to embed business continuity into the organization. Specifically, the BCI separates PP2 into the following topics: Continue reading

Leading Response and Recovery Teams (Part 2)

LeadershipTeam leaders play a critical role in improving business continuity for their organizations but seldom receive the appropriate training to help them understand the differences between day-to-day leadership and crisis leadership following the onset of a disruptive incident.

This perspective is the second in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruption.  These two foundational team leader behaviors will help elicit the best possible performance of the team (as well as themselves). Continue reading