Business Resiliency
A Necessity for Long-Term Survival (and Growth)
Today, Business Resiliency isn't an option it's a survival necessity. Brand loyalty isn't what it used to be and businesses are forced to be more responsive to customer needs. Adverse publicity can lead to business catastrophe. If a business is forced to close for a week, customers may never come back. The financial repercussions can be enormous if a business cannot respond to a disruption quickly. In today's competitive environment, the ability to recover quickly from a disruption of day-to-day operations may be a matter of life or death for a business.
What are your goals?
Before investing in BCP software, your organization should identify its goals. Are you simply angling to pass your regulatory audits? Are you just trying to create one specific plan for one specific type of incident? Or are you truly trying to achieve Business Resiliency to empower your entire organization to respond to any disruption? If you want to take your organization beyond business-as-usual to raise its resiliency capability exponentially, you must be able to see your organization's complete picture.
When business is disrupted, decisions must be made quickly and good decision-making requires information.
Successful Business Resiliency programs systematically collect, organize, analyze, connect, visualize and report the information needed to make good decisions in a crisis.
On Top of The World
To achieve Business Resiliency, your organization's BCM program should revolve around an active, real-time information management system. Traditional BCM methodologies rely on documents that are updated on a periodic basis and scenario-based plans (like "Loss of Facility" or "Loss of IT") that are implemented only when the named risk occurs. Traditional methods may meet your auditors' or regulators' requirements, but they also leave major gaps in your organization's ability to respond to actual disruptions.
Business Continuity has begun to focus on Business Resiliency for a several reasons. The speed of business is now faster than ever. Supply Chains and markets are now global even for small to medium size businesses. The sources of risks are spread more widely across time zones, geographies, and across multiple suppliers.
Traditional Business Continuity methods assume that a plan will be invoked to meet a specific scenario. But businesses today face an infinite number of scenarios that traditional methodologies simply cannot address. Similarly, the complexity of business structures and cross-functionality in most organizations far exceeds the limited scope of the traditional BCM framework.
Traditionally, processes were reviewed from the perspective of recovery time and priority. That made sense within the limited capabilities of word-processing based planning. But today, technology (web-based systems, relational databases) allows for a more complete picture of a business process and its criticality to the organization.
Traditional BCP has structured itself around:
- Denial of access to facilities
- Denial of access to technology
- Lack of appropriate skills among available staff
- Lack of raw materials (supplier can't deliver).
Unfortunately, Mother Nature and reality seldom cooperate, leaving gaps between what was planned for and what really occurred and leaving the following questions unanswered:
- What do you do when only parts of a facility are unavailable, but you've only planned for loss of the entire facility? Can the plan be "dialed back"?
- What happens when only a single major IT application is down? Does the "Denial of Access" plan account for that possibility?
- What happens when neither the people nor the facility are available (as during the SARS epidemic, or after hurricane Katrina)?
- What happens when the supplier and supplies are available but the means of transportation are impacted?
Successful Business Resiliency must focus instead on assets: business processes and their dependencies within the organization. With a clear understanding of the assets on which a business process depends, it is possible to plan for and respond to any disruption, not just specific scenarios.
Passing an Audit Doesn't Prepare You for Anything
A checkmark on an audit does not make your Business Continuity program viable. In fact, it may even create a false sense of security. An audit expression is a myopic response that ignores the true goal of BCM: the ability to respond to any kind of disruption anytime. Weathering an audit without any negative findings may feel like success but it is unlikely to be an accurate barometer of the organization's true resiliency.
Putting it All Together to Attain Resiliency
It's not enough to pass audit reviews. It's not enough to have written scenario-based plans. It's not enough to think your organization is prepared when it doesn't have the knowledge or the tools to enable resiliency or the capability to respond effectively and efficiently to any disruption of day-to-day operations.
You need a tool to help understand the risks your organization faces including threats to business processes and supply chains. You need a tool to collect, organize and analyze the assets (people, facilities, process and IT functions) on which your critical business processes depend. You need a tool to build plans that provide the knowledge and means to respond to any disruption (not just a specific set of scenarios). You need a tool that provides information that will enable Incident responders to make critical decisions. You need a tool to enable Incident responders to collaborate and communicate.
The eBRP Suite is the only web-based, totally integrated toolset that makes true business resiliency possible.