The challenge of Business Continuity Planning is to plan for the unknown event that might disrupt an organization’s ability to service their critical customers, or may impact their brand or reputation. Odds are that Mother Nature and serendipity will collide to ensure that the disruption is far different from any scenario used in planning for continuity.
A viable Business Continuity Management (BCM) program utilizes a planning ecosystem with a focus on responding effectively to any disruption. Crafting a response to an incident relies on the answer to three key questions – What do we KNOW? What do we NEED to know? What do we need to DO?
1. What do we KNOW?
Historical experience shows that most disruptive incidents occur outside of normal business hours when there is low probability of early detection & containment (mitigation / suppression). Rarely does the real magnitude of an impact manifest itself at the onset, nor is the duration (length) of the disruption predictable at the time of the incident.
The initial impact assessment may uncover only the most apparent assets that might be impacted. It may be obvious that a particular building must be evacuated, but that initial assessment will not immediately reveal other, less obvious, downstream impacts of that disruption.
2. What do we NEED to know?
The cause of a business disruption might render some assets – facilities, people, technology sub – systems, business processes or key suppliers – inoperable, unavailable or crippled.
Knowledge of the cause(s) of disrupted assets and the resulting impacts (on customers, brand, finances, the environment, regulations, etc.) is critical to the Incident Managers’ decision making processes.
Knowledge of process split – production, high-availability technology infrastructure, work-from-home options, alternate suppliers etc. and current operational capabilities is required for crafting viable response strategies. Visibility into time-of-the-day process criticality and resource availability helps those Managers prioritize the resumption efforts.
3. What do we need to DO?
Restoring impacted assets or their functionality should be the Incident Managers’primary focus. Plans created as part of the BCM program should facilitate effective recovery of the specific impacted assets. Plans, once activated, must provide visibility into the recovery status of those assets thru ‘milestone’ tracking with as frequent updates as possible.
Tracking and allocating available resources, meeting resource-over-time requirements, monitoring financials, resolving escalated issues and periodic status reporting to stakeholders are all critical to implementation of a viable, measurable response.
