Broadly speaking, there are two approaches to structuring a business continuity program.
A centralized structure involves leading and executing the business continuity planning process within a single team and engaging the business as needed.
A decentralized structure involves leveraging a small number of centralized resources that offer consultative assistance and performance measurement while resources dispersed throughout the business execute the actual planning process.
Both approaches have pros and cons, so it’s critical that organizations select the appropriate approach that adheres to their organization’s overall strategy, structure, culture, and priorities. In this perspective, I’ll provide an overview of each type of structure, the attributes associated with them, and additional information to help you select the most effective method of implementing a business continuity program within your organization. Continue reading
For twelve years, Avalution has been laser focused on business continuity. We’ve become the leading provider of business continuity software and consulting in the US. We work with 13% of the Fortune 100, including the largest organizations in seven different industries.
We’ve become well known for delivering business continuity services that are connected to the strategy of the business, pragmatic, and reliably delivered.
Today, we are expanding into Information Security Management. Continue reading
In the wake of recent Cloud Service Provider (CSP) outages, what is your organization responsible for when it comes to complex IT architecture?
Many organizations today rely on complex IT infrastructure to support their operations, leveraging solutions ranging from internal hosting to cloud hosting to dependence on third-party systems. IT service delivery is getting more intricate, in large part due to the need to leverage different IT tools and services from a variety of providers. Cloud-based solutions, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS), promise simplicity for the end user. However, IT service delivery and management usually becomes much more difficult due to the complexities around architecture and integrations. Therefore, IT disaster recovery planning becomes more difficult, as it must account for these complexities and coordinate with various third parties to ensure adequate coverage. Bottom-line – simply defining who is responsible for what when it comes to disaster recovery planning can be difficult. Continue reading
Many business continuity professionals can attest to the tension that often occurs between the business and IT when it comes to recovery capabilities. For example, Company X recently implemented a business continuity program, including determining recovery time objectives (RTOs) for key business processes. Like all well-established business continuity programs, the business impact analysis (BIA) considered the loss of technology and helped the company develop recommended recovery time (and recovery point) objectives for technology resources. The business documented and presented these RTOs to management following the initial BIA, but never followed up with IT to ensure that the capabilities could be met.
Meanwhile, IT leveraged its own application/system list and related recovery information to prioritize applications for recovery and drive the implementation of a disaster recovery solution that was cost-effective and aligned with IT’s conclusions of business requirements for recovery (created from data outside the BIA). Both the business and IT feel confident in their work; yet, neither have communicated with the other. Given that the groups have not undergone a joint exercise (or actual disruption), neither group is aware of the underlying gap: Recovery priorities and strategies are misaligned between the business and IT.
This perspective analyzes the symptoms and root causes of the business continuity and IT disaster recovery gap and proposes solutions to close it. Continue reading
In the interest of full disclosure, this blog was written from the perspective of someone who is absolutely considered a “Millennial.” With that in mind, though, none of what is presented below is intended to be about entitlement, and it is certainly not written with the intention of giving my generation a free pass or saying that we’re somehow better than any generation that has come before us or will come after us. This perspective is simply intended to help bridge the gap and offer some potential methods to best leverage the unique skills Millennials do bring to the table. Continue reading
An isolated approach to business continuity (and risk management in general) is holding many organizations back.
Business Continuity is one of many disciplines that helps organizations to become more resilient – that is, to increase an organization’s capacity to adapt to evolving circumstances and survive (or even thrive) during periods of disruption or change. Other related disciplines – such as Information Security, IT Disaster Recovery, Emergency Management, Enterprise Risk Management, and Physical Security –ultimately have the same strategic purpose. The goals and objectives of the individual disciplines may be more focused, but if we, as practitioners of these disciplines, force ourselves to look outside the artificial walls we sometimes build around our responsibilities, we should find that we are striving for something bigger than we can deliver on our own. Continue reading
Everyone has heard the popular saying “Practice Makes Perfect”. But, is this true?
I am of the belief this statement is close to the truth.
“Perfect Practice Makes Perfect” Many have heard these words from Vince Lombardi, but I always heard them, multiple times mind you, from my father. As a typical teenager, I didn’t really comprehend the message, or realize that it applies to more than just sports. The message my father and Vince were trying to convey is simple, “What you put in, you will get out.” Continue reading
Michael Porter once famously said “the essence of strategy is choosing what not to do”. While I am sure that Mr. Porter was not thinking of business continuity when making this statement, it is absolutely applicable to the implementation of a successful business continuity program. As the best way to drive business continuity program success is to properly scope the program by aligning it to the organization’s overall business strategy. This perspective aims to provide clarification on what exactly strategy connected business continuity means, as well as why it is important to all organizations considering the implementation of a successful, focused business continuity program. Additionally, we will explore conversation topics designed to “crystalize” the organization’s business strategy in a way that helps inform the scope and objectives of the business continuity program.
The Importance of Business Continuity and Leveraging Resource Loss Based Planning
On Sunday, January 8, 2017, the temperature in Cleveland, OH dropped significantly, which caused a water pipe to burst in the hallway of our building, right outside the entry to our Cleveland office.
No one was in the building at the time, and the water poured out for about 45 minutes before it was shut off. The water pooled primarily in our office space resulting in damage to floors, walls, and some equipment. When all was said and done, the total amount of water removed from our office space alone, was approximately 15,000 gallons. The rest of the water literally went down the elevator and main stairway – flooding three of the floors below. Continue reading
When my business partner Brian and I started Avalution in a Starbucks 11 years ago, we didn’t spend much time agonizing over what we wanted this firm to be about. It was a quick conversation – and it didn’t really focus on business continuity! We envisioned a firm of great problem solvers. We were both most comfortable with business continuity, so we considered that a great place to start. Throughout the years, we’ve had many quick conversations to determine the path forward for Avalution. Continue reading