Search Our Blogs
Incident Management: The Importance of Causality Chain
“Business Continuity Planning: Is it an Art or a Science?” That discussion rages on, with as much intensity as the chicken-or-the-egg controversy. But there is no doubt when it comes to Incident Management – there must be an underlying science for the response to be predictable and effective. One key element of that science is the “Causality Chain”, knowledge which can lead to a predictive response (the selection of appropriate strategies, tactics, actions, or plan to invoke) in any disruptive incident.
An understanding of the Causality Chain should start with an understanding of the organization model. An organization, in its simplest form, can be represented as a collection of interdependent assets – People, Facilities, Processes, Technology and Supply-Chains – all engaged in delivering products and/or services. This is true in any industry; products and services are an outcome in manufacturing, retail, finance, energy, communications, information, services and everything else – including non-profits and government.
Within this organizational model it is possible to catalog the organization’s critical assets and their interdependencies. Modeling of the organization can lead to visualization of upstream & downstream dependencies, operational gaps, the single-points-of-failure as well as the most important outgrowth: the Causality Chain.
If a Facility is Impacted:
The immediate impact is on the People who work in the facility. But there may be other implications.
- An inaccessible site could impact People – disrupting their workarea for normal operations
- If the site houses a datacentre, IT Services (technology) could be disrupted
- A manufacturing, distribution or retail site outage may directly impact Product delivery
If Personnel are impacted:
The loss of key personnel may have a direct and immediate impact.
- Work-site inaccessibility could impact Business Processes
- Health & safetly issues could adversly impact Business Processes
If Technology is impacted:
Most organizations rely on Information Technology as a critical operating component.
- Interruption of technology services could disrupt or impact Business Processes
If Supplies/Suppliers are impacted:
Every organization relies on Supply Chains – even if they don’t acknowledge it.
- Disruption of supply chains from external vendors may impact Business Processes
- Disruption of supplies may directly impact Products or Services
If Business Processes are impacted:
The continuity of Processes is critical to continuous delivery of products and services.
- Anything that disrupts Business Processes (or ‘functions’) will ultimately impact the delivery of products & services to customers.
- One disrupted Business Process may impact many other Business Processes – because of downstream dependencies.
If Delivery of Product & Services is impacted:
Organizations exist to produce and deliver Products and Services.
- Disruption of the delivery of products & services will impact Customers
- Failure to deliver Products & Services may impact the organization’s brand, reputation and cash flow
- Disrupted delivery of Products & Services may have regulatory and compliance impacts
If Customers are impacted:
A Customer may be impacted by their own disruption or change – bankruptcy, acquisition, downsizing, market upheavals and many others. This may change their ability or desire to continue absorbing the same level of products and services.
- Customers impacted by a disruptive event may react in a manner that directly impacts timing, and quantity of the delivery of Products & Services – with subsequent impacts on Business Processes, Facilities and Personnel
Understanding the cascade effect of an impacted asset is critical to an effective response. Identifying the possible downstream impacts on the organization can help Incident Managers better allocate the limited resources available for Business Continuity and restoration/recovery efforts at the time of a disruption.
But the interdependency of specific assets needs to be catalogued in advance. Unless dependency mapping is part of the Business Continuity planning process, the Causality Chain will be something Incident Managers are forced to react to, rather than control.