Ownership – Where Do Our Responsibilities Begin and End as Business Continuity Professionals?

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity ProfessionalsAs published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.

One of the latest threats to organizations is something termed “ransomware”.  Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money.  You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar.  If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more.  And, after you do, I have a question for you to consider:

If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?

This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading

An Introduction to IT Disaster Recovery Planning

Risks to critical business operations due to systems outages have been, and will always be, a concern for most organizations. As a result, IT disaster recovery planning is critical to help reduce the likelihood of a system disruption, or reduce downtime if (when) a disruption does occur. So, if you’re looking for an introduction to IT disaster recovery planning, you’re in the right place!

This perspective presents how IT disaster recovery planning fits into the overall organizational Business Continuity Program; discusses common goals in developing Business Continuity and Disaster Recovery plans; and explores unique activities that must be considered when developing an IT Disaster Recovery Plan. Continue reading

Another Example of Why Business Continuity Planning Matters…

Cleveland skyline and the Cuyahoga River, OhioThe Republican National Convention (RNC) is taking place in my hometown, Cleveland, OH, in just a few short weeks. I can feel the energy and excitement everywhere I go. Of course, that energy has been amplified by the fact that the Cavs just brought home the first major sports title in 52 years, but, regardless, the city is buzzing.

Even though most people are excited to see this scale of an event take place in Cleveland – and, let’s be honest, finally have the opportunity to show everyone why the nickname ‘mistake by the lake’ no longer applies – the entire city and nearly all organizations that operate here will be disrupted. Continue reading

More Than Just Recovery Time Objectives

Catalyst-Business-Continuity-Software-Dependency-MappingUsing the Business Impact Analysis to Understand Relationships Between Resources and the Business

BACKGROUND
The business impact analysis (BIA) establishes the foundation of an organization’s business continuity program by establishing business continuity requirements. As a result, a significant part of Avalution’s work involves helping organizations design and execute the BIA process. Furthermore, a well-executed BIA can deliver so much more than just a list of recovery time objectives (RTOs) and recovery point objectives (RPOs)! Continue reading

Business Continuity Implementation: An Overview of BCI Professional Practice 5

BCI_GPGs_SeriesThis perspective provides an overview of the Business Continuity Institute’s Professional Practice 5 (PP5) – Implementation, which is the professional practice that “executes the agreed strategies and tactics through the process of developing the Business Continuity Plan (BCP)”. As part of the business continuity planning lifecycle, Implementation activities continue following strategy selection in PP4, with the goal of documenting business continuity plans that aid the organization in recovery at the strategic, tactical, and operational levels. Continue reading

Continuity Insights Management Conference 2016

CIMC 2016

The 2016 Continuity Insights Management Conference is taking place April 18-20, 2016 at Gaylord Opryland Resort & Convention Center in Nashville, TN. We’re looking forward to another wonderful show!

We have a lot planned during CIMC 2016, and we hope you’ll join us:

Please take a look below for more details on each. We look forward to seeing you soon!

Continue reading

Business Continuity Plans: Resource Loss-based vs Scenario-based

Resource LossFor some reason, bad ideas often attempt to make a comeback – typically, after enough time has passed and the very reason they were discarded or abandoned in the first place is forgotten.

Bad ideas certainly are not exclusive to popular culture; in fact, articles and case studies litter the internet documenting both public and private organizations attempting to resurrect failed models and strategies in hopes that new capabilities or use cases will finally make a particular idea just as good in practice as it was in theory or on paper.

In the wake of several high-profile, unpredictable, catastrophic incidents (“Black Swan Events”) in 2012, Avalution received a number of requests to develop highly-specific, scenario-based plans from our clients. Planning for Every Scenario is “For the Birds” explains that Black Swan Events cannot be predicted, and advises that organizations that implement flexible strategies, applicable in almost any type of scenario to manage response and recovery, enjoy the highest levels of success when faced with a disruptive incident.

However, the demand for scenario-based plans seems to be back.

We understand why organizations may think scenario-based plans are a good idea; however, their appropriateness, utility, and long-term value is limited – much like line dances, vampire romance movies, and mullets.

Instead, in this perspective we’re going to use a case study to make the argument for a resource loss-based plan development approach. Continue reading

Disaster Recovery Journal Spring World 2016

DRJ Spring World 2016

Disaster Recovery Journal Spring World 2016 is taking place March 13-16, 2016 at Disney’s Coronado Spring Resort in Orlando, FL. We’re looking forward to another amazing show with numerous educational sessions and awesome people!

We have a lot planned during DRJ Spring World, and we hope you’ll join us:

Please take a look below for more details. We look forward to seeing you soon! Continue reading

Effective Business Continuity: Program vs Plan

TJMany organizations think that effective business continuity planning is synonymous with great plan documentation.

It’s not.

Yes, plan documentation is extremely important. BUT… many organizations fail to recognize that effective business continuity plans – and truly prepared and resilient organizations – are the result of a larger business continuity planning lifecycle that begins with requirements setting and ends with practice (and of course, the process recycles on a continuous basis).

Bottom line – plans are just one key ingredient in the development of an effective business continuity program.

This perspective provides an outline for what Avalution promotes as effective business continuity planning. Please explore the links provided within this document for more in-depth explanations of each step of the planning process. Continue reading

Risky Business (Part 3): A Supply Chain Continuity Case Study

Risky Business - Supply ChainMuda. It’s the Japanese word for waste and the enemy in modern supply chain management and manufacturing. Since the 1980s, lean thinking has revolutionized the way businesses operate by seeking to eliminate muda and free capital held in wasteful assets—that is, assets that do not add value to the overall process (e.g. excess inventory or underutilized equipment). Lean thinking is important and helps businesses to improve their processes and their bottom lines. It does however beg one key question that risk managers and business continuity professionals must ask: “how lean is too lean?” Wantonly cutting out all perceived muda to save money can actually have the opposite effect down the road. Organizations with global supply chains inherit significant risk due to the potential impact associated with a supply chain disruption.  In some cases, a disruption could threaten an organization’s ability to continue business or require large amounts of capital to recover. Organizations must fully examine their processes and supply chains to identify risk and make informed decisions on how lean is too lean.

This perspective—the third in the Risky Business Series—leverages a case study of the recent west coast dock worker strike to demonstrate the inherit risk of a supply chain that is too lean due to a virtual monopoly. This article also revisits evaluation and mitigation strategies from the first two Risky Business perspectives that organizations can use to reduce risk to an acceptable level. Continue reading