Executives love metrics and dashboards. Always time-constrained, they ask for metrics that can be reviewed at a glance to understand performance quickly and determine if an investment is paying off. Not unlike other disciplines, business continuity practitioners commonly find themselves developing metrics to communicate readiness and justify investment, as well as seeking feedback to prioritize continual improvement and remediation activities. But to be most effective, they must be Quality metrics. But, what do we mean by “Quality” metrics? In this perspective, we’ll not only describe attributes of Quality metrics, but we hope to make the case that business continuity professionals should be reporting on much more than the planning activities that they perform or manage – they must also compare the end results of the planning processes (strategies and solutions) to management’s approved recovery objectives. Continue reading
Last month, we published a perspective (Business Continuity for Small Businesses – We Can Do Better!) on how most small and medium-sized organizations escape the complexity of larger organizations and thus have the opportunity to implement streamlined business continuity planning processes, which should include: Continue reading
As business continuity standards continue to develop and mature, most are shifting (or already have shifted) to a Management System methodology and structure. And, since this methodology is relatively new to the business continuity profession, many practitioners have one question: “How do I transition my existing business continuity program to align with a management systems methodology?” Luckily, for many high quality business continuity programs, the transition is not as difficult as one may expect. Once a business continuity professional understands the purpose of management systems and underlying Plan-Do-Check-Act (PDCA) model, it will quickly become apparent that the benefits outweigh the concerns.
This article provides an introduction to the differences and similarities between a Business Continuity Program (BCP) and a Business Continuity Management System (BCMS) and offers insight regarding how to successfully make the transition. Continue reading
“I am waiting for the ‘dust to settle’ on the development of the standards and for one to be chosen by the industry as the front-runner.”
“We are not interested in complying and being audited against another regulation.”
Unfortunately, it’s these types of opinions that are causing many organizations to miss the value that standards can provide. Continue reading
As Published in the July/August Issue of Continuity Insights Magazine
This September, the U.S. Department of Homeland Security (DHS) will sponsor the fourth annual National Preparedness Month (NPM). During the month of September, DHS works to encourage Americans to prepare to be “Ready” for emergencies in their homes, businesses and communities. DHS will have assistance from the public and private sector organizations who pledge their support by registering as a NPM Coalition Member. Continue reading
During the webinar, our team introduced internal audit professionals to accepted business continuity practices, as well as emerging (and successful) trends that are occurring in today’s business environment. We also discussed common criticisms that can interfere with internal audit’s Continue reading
New and emerging business continuity standards highlight that personnel should be “competent” in performing their business continuity responsibilities. This may seem like an obvious statement but it can be an area in which organizations often forget to focus. Business continuity practitioners and their sponsors that read BS 25999-2 (which summarizes this requirement in Sections 4.2.5 and 4.3.1) often ask two questions specific to the concept of competency:
- What exactly does “competent” mean?
- Who does this requirement apply to in our organization?
With the growing popularity of BS 25999, many business continuity professionals are wondering how their planning software will support a certification effort. This is a reasonable question, because many organizations have developed their programs using the default processes built within their software. Thus, those default processes, if built correctly by the vender, should lead to easy certification. However, due to the nature of the standard, no software can deliver full, out of the box compliance in a way that ensures the business continuity program can be certified; no matter what the software vendor may advertise. Continue reading
When designing or transforming business continuity programs, our consultants are often asked, “Who should participate on our organization’s business continuity steering committee?” While the answer may seem simple and straightforward for some, too often steering committees contain the wrong combination of participants, the wrong “level” of individuals and/or a focus on the wrong objectives. Without appropriate steering committee participation and thus the appropriate leadership, business continuity programs are far less likely to be aligned with business strategy and therefore less likely to be successful. Continue reading