I’ve Been Assigned Executive Responsibility for Business Continuity – Now What?

15 Key Questions Executives Should Ask to Better Understand the Program’s Current-State and Next Steps

So, you’ve just been assigned responsibility of your organization’s business continuity program.

I’m sure many thoughts are running through your head right now, ranging from “What is business continuity?” to “What do I need to do first?” (among others). However, you’re in the right place to find answers to these questions, and many more. Continue reading

What is Business Continuity?

Business continuity means working to decrease the likelihood of a disruptive incident and preparing your organization to continue the delivery of its most essential products and services if a disruption were to occur.

In other words, in the event of a disruptive incident, business continuity helps ensure that everyone – from response personnel through the general employee population – can answer these three questions: Continue reading

The Simplest Business Continuity Plan Assessment Approach Ever

Although plan documentation isn’t the only business continuity planning outcome, and absolutely should not be the sole focus during a program assessment, it’s certainly an important one.  Plans are one of the first things customers and auditors ask to review because these documents should summarize the response and recovery approach used by the business following the onset of a disruptive incident, as well as a summary of the resources needed to deliver products and services.  If asked to evaluate a plan, what’s the best approach, and what elements and content should you expect to see?  The purpose of this perspective is to outline a simple, straightforward plan assessment approach. Continue reading

Challenges in Implementing a Successful Business Continuity Program

Congratulations! You’ve started your business continuity planning effort—sometimes, that’s the hardest part. Now, you’re working diligently on your organization’s business continuity program, but it’s not delivering the results you had hoped. You’re performing a business impact analysis (BIA) and risk assessment, documenting plans, and socializing the next steps for your program, but it’s not progressing like you would expect or maybe it doesn’t have the capability your organization needs. So, what can you do?

This perspective outlines the common challenges organizations face when implementing a business continuity program that meets response and recovery expectations, and offers solutions that business continuity managers can pursue to address these challenges. Continue reading

Establishing the Business Case for the Business Impact Analysis

Nearly all business continuity professionals understand the importance of the business impact analysis (BIA) as the primary means for laying the foundation of a business continuity program. However, many professionals struggle to receive executive buy-in, as well as the necessary resources and support for the process. This article dispels common myths in attempt to help remove barriers to obtaining support and contributes to the creation of the business case for performing the BIA in any organization. Continue reading

Why Plan? A Closer Look at Business Continuity

Business continuity is an often talked about risk management practice, especially with what appears to be an ever increasing number of serious disasters, including Superstorm Sandy, the California wildfires, and the Japanese Tsunami – and that’s only natural disasters! Disruptive incidents can stem from major events such as these, but they can also originate from events that are far less visible and widespread, including sprinkler malfunctions, power outages, supply shortages, and an IT disruption.

This perspective discusses why organizations make the decision – or should make the decision – to invest in business continuity planning. Continue reading

Business Continuity Plans 101

In previous articles, Avalution has espoused the value of using a management systems approach to business continuity and articulated the notion that business continuity is more than just a collection of plan documentation. This approach is reflected in many different standards, including ISO 22301.

Even though business continuity plans represent just one component of a larger business continuity planning effort, they are what guide the organization through all phases of response and recovery following the onset of a disruptive incident – from the initial response and assessment to the eventual return to normal operations. Effective planning is meant to ensure that response and recovery efforts align to the expectations of all interested parties and provide a repeatable approach to minimize downtime.

This perspective explores the different types of business continuity plans that Avalution finds to be the most effective for organizations and examines their purpose within a wider business continuity strategy. Continue reading

Business Continuity & IT Disaster Recovery – Should You Start From a Blank Page?

Building a business continuity program (or anything worthwhile for that matter) takes time and dedication.  It also requires compromises – constantly balancing what is practical and what is possible to protect the business.  BUT – it’s important to remember that politics, committees, and making everyone happy isn’t the goal of business continuity.

If you’re lost, playing the same game over and over and ending up at the same result, maybe it’s time to start from a blank page so you can focus on what matters most. Continue reading

The Relationship Between the Business Impact Analysis and Risk Assessment

Avalution’s Approach to Establish Business Continuity Requirements

The business impact analysis (BIA) and risk assessment are foundational elements of every effective business continuity program; however, in our experience, many business continuity planning participants experience a lot of confusion regarding the definitions, relationship, and expected outcomes between the two processes.  This confusion often results in outcomes that fail to drive preparedness.

Avalution acknowledges that there are many different ways to design and execute BIA and risk assessment processes, depending on the objectives for each.  We also know that many experienced business continuity professionals have strong opinions on this topic, which may not fully align with our view. This article simply aims to provide Avalution’s perspective on how to best design and execute the BIA and risk assessment processes to achieve results that align with how management views business continuity risk. Continue reading

Bridging the Business Continuity and IT Disaster Recovery Gap

Increasing Coordination Between the Business and IT in Preparedness Activities

One of the most common questions we receive at Avalution is, “How can my organization increase coordination between different groups performing preparedness activities, specifically ‘the business’ and IT?”  We have seen many organizations’ business and IT teams struggle to come to an agreement on common requirements, such as application recovery time objectives (RTOs) and data loss tolerances (RPOs).  The business tends to complain that IT does not listen to their recovery requirements, while IT tends to complain that the business is far too aggressive and unrealistic on recovery requirements.  This article provides recommendations on how the business and IT can work more seamlessly toward the “right” level of preparedness for your organization. Continue reading