There seems to be a common thread of late in industries that are regulated in regards to business continuity and disaster recovery planning. That common thread is complacency. I have had the opportunity to work with several clients that are regulated, and they have done an excellent job in developing BC / DR plans that not only meet their industries regulatory expectations and they have also developed plans that would indeed work should the need arise. I know many of you that read this blog have either developed such a plan or have worked with those that have.
BC / DR plans are typically put in place to ensure recoverability in order to protect the organizations shareholders – at least that’s the intent. Regulators charged with overseeing BC / DR expectations and ensuring plans are in place give little consideration to the components or elements that they themselves have “suggested” or “mandated”. Thus the reason for complacency! Many organizations have put significant time, effort, and real dollars into ensuring that not only the regulatory expectations are met, but that the plan is executable and viable as well. I’m all about protecting the client or customer, but I can certainly see the point of those being instructed to put BC / DR plans in place – doing just enough to get by.
The regulatory world, if they are truly concerned about BC / DR being done and being done the right way, in an effort to protect the consumer, needs to step it up and audit to the level of their expectations. They must ensure accountability. It is one thing to suggest or mandate BC / DR expectations, but it’s another thing to measure the planning effort to those expectations. Until that happens, the various regulated industries (healthcare, government, finance and utility sectors) will continue to be complacent about their planning efforts and when the time comes – their plans (if they have one) won’t work — thus defeating the purpose for regulatory oversight and the protection of each and every one of us.
Courtesy of Continuity Central — On Thursday June 3, the chairmen of the Senate and House Homeland Security Committees urged the Department of Homeland Security to step up its implementation of PS-Prep, the voluntary program to help private sector companies develop preparedness, response, and business continuity plans.