When my business partner Brian and I started Avalution in a Starbucks 11 years ago, we didn’t spend much time agonizing over what we wanted this firm to be about. It was a quick conversation – and it didn’t really focus on business continuity! We envisioned a firm of great problem solvers. We were both most comfortable with business continuity, so we considered that a great place to start. Throughout the years, we’ve had many quick conversations to determine the path forward for Avalution. Continue reading
The organizations we work with are increasingly coordinating, and in some cases integrating, the management of their Business Continuity Management (BCM) program with the management of Information Security (InfoSec). This perspective looks at how they are approaching coordination/integration. Let’s explore the various forms of integration possibilities between BCM and InfoSec.. Continue reading
Cloud computing is potentially the most important technology development of this decade, so business continuity professionals should rightly be asking: “What does it really mean and how does it affect me?” This perspective is designed to address common questions about cloud computing.
What is the Cloud?
Bottom-line – it is a marketing term. Like all great marketing terms, it can be used to mean anything, and thus, it actually means very little. For our purposes, I’d like to suggest the following explanations for “the cloud”, which have proven broadly true in practical experience: Continue reading
In the last month alone, I’ve worked with two companies that had IT disruptions but didn’t use their IT disaster recovery (DR) plans because they weren’t sure if they could fail back home (aka return to normal). In both cases, these concerns were a surprise to the executive management team.
It’s a theme I’ve heard many times before – the IT disaster recovery solution was built without considering how the organization would return to the primary data center from the disaster recovery location. This perspective highlights some key issues to consider regarding the use of the IT disaster recovery strategy. Continue reading
Building a business continuity program (or anything worthwhile for that matter) takes time and dedication. It also requires compromises – constantly balancing what is practical and what is possible to protect the business. BUT – it’s important to remember that politics, committees, and making everyone happy isn’t the goal of business continuity.
If you’re lost, playing the same game over and over and ending up at the same result, maybe it’s time to start from a blank page so you can focus on what matters most. Continue reading
As business continuity professionals, it’s easy to be overwhelmed by the myriad roadblocks that exist on the road to building resiliency – lack of funding, lack of people, lack of management support, etc. In some organizations, it seems like everyone just wants the business continuity person to go away!
At Avalution, we’re always studying these challenges and working to find ways to prevent and overcome them. Many of those techniques are documented elsewhere in this blog. However, one foundational consideration is missing – an appropriate mindset in approaching the challenges facing you and your organization. Specifically, there are three areas where business continuity planners are often defeated before they even get started: expectations, excuses, and confidence. Continue reading
Have you ever recommended additional redundancy for a process, department, or facility, only to be told that your organization couldn’t afford it or have the project repeatedly delayed until next year? I have. It’s pretty common in our profession.
Casey Haskins and Peter Sims recently wrote an article that you should consider a must read (and so should your senior leadership team responsible for continuity). It may just provide the viewpoint needed to help your organization be more resilient. Continue reading
If you have less than 500 employees, odds are you don’t have someone working full-time on business continuity. And, unless regulations require you to perform planning in some manner, your organization may not have a business continuity plan at all! Continue reading
Many business continuity professionals have expressed concern and uncertainty regarding the future of business continuity and how it will ‘fit’ with newer concepts like GRC (Governance, Risk and Compliance) and ERM (Enterprise Risk Management). In truth, these different ways of managing risk and optimizing business performance could significantly affect how business continuity programs are run. But, in the end, the importance lies in managing obligations and risk in the most efficient and cost-effective manner possible so the organization can thrive and meet stakeholder expectations. This article dissects the current state of GRC and what business continuity professionals need to know and do about it. Continue reading
Everyone seems to be talking about “the cloud” these days. Unfortunately, that is a REALLY broad term! So, let’s take a closer look at what “the cloud” really means, and then examine some key questions that continuity professionals should ask both their organization and cloud provider when the topic of cloud-based applications and recovery comes up. Continue reading