How many of you got into your profession quite accidentally? If you are considered the person responsible for disaster recovery, emergency planning or business continuity – you probably did, and the task you’ve been given falls under the “Other tasks as assigned” category on your job description.
The good and/or bad news depending on your situation is that you are not alone. Depending on which survey you read the majority of businesses in the United States do not have a business continuity plan, much less a full or part-time “planner.” Using a fully trained business continuity planner is rare according to the article. A recent Deloitte survey apparently indicated that 27% of companies had no full-time or less than one full-time equivalent employee dedicated to business continuity — it fell under someone else’s responsibilities as “Other duties as assigned.” If this is you, get ready for a steep learning curve.
You are now responsible for preparing your organization for dealing with a business disruption caused by natural, technological or human-caused events. Unfortunately this task is not an experiment. In a lot of cases you don’t get a second chance. Whatever you put in place must work when the time comes. Understanding that there is a right way and a wrong way to approach business continuity management is critical to your success.
The first lesson is that business continuity planning is a process – not a project. It has a beginning without an end. The second lesson is that it has specific components. The new buzzword is Business Continuity Management. Its elements are Crisis Management, Disaster Recovery and Business Continuity. Each element requires a plan. Crisis Management deals with responding to an event. Disaster Recovery is the traditional technology recovery and Business Continuity address the resumption of critical business functions and processes. There is a ton of information on these specific topics available to the new planner. My suggestion is to do your homework – it will save you a lot of time and effort and ultimately ensure that you develop a viable plan for your organization.
Along with the concept of Business Continuity Management, a set of suggested “best practices” have been identified by industry-independent and industry-specific, as well as regulatory and quasi-regulatory agencies. At a high level the list of generally accepted standards includes:
- Process Management – managing the process from beginning to end
- Risk Assessment – knowledge of rules and regulations, specific hazards and risks
- Impact to the Business – effect of a major disruption on critical functions or the core business
- Recovery Strategies – matching the business need to the resumption solution
- Management Procedures – defining response, resumption, recovery and restoration
- Training & Awareness – ensuring response, resumption, recovery and restoration
- Testing & Exercising – verifying continuity strategies, ensuring the return on investment
- Auditing & Maintenance – ensuring the viability of the plan
Whether your plan is mature, or you are just beginning the process keeping the concept of Business Continuity Management and the suggested best practices in mind will ensure your plans viability