Incident Management: The Importance of Causality Chain

“Business Continuity Planning: Is it an Art or a Science?” That discussion rages on, with as much intensity as the chicken-or-the-egg controversy.  But there is no doubt when it comes to Incident Management – there must be an underlying science for the response to be predictable and effective. One key element of that science is the “Causality Chain”, knowledge which can lead to a predictive response (the selection of appropriate strategies, tactics, actions, or plan to invoke) in any disruptive incident.

An understanding of the Causality Chain should start with an understanding of the organization model.  An organization, in its simplest form, can be represented as a collection of interdependent assets – People, Facilities, Processes, Technology and Supply-Chains – all engaged in delivering products and/or services. This is true in any industry; products and services are an outcome in manufacturing, retail, finance, energy, communications, information, services and everything else – including non-profits and government.

Within this organizational model it is possible to catalog the organization’s critical assets and their interdependencies.  Modeling of the organization can lead to visualization of upstream & downstream dependencies, operational gaps, the single-points-of-failure as well as the most important outgrowth: the Causality Chain.

If a Facility is Impacted:

The immediate impact is on the People who work in the facility.  But there may be other implications.

  • An inaccessible site could impact People – disrupting their workarea for normal operations
  • If the site houses a datacentre, IT Services (technology) could be disrupted
  • A manufacturing, distribution or retail site outage may directly impact Product delivery

If Personnel are impacted:

The loss of key personnel may have a direct and immediate impact.

  • Work-site inaccessibility could impact Business Processes
  • Health & safetly issues could adversly impact Business Processes

If Technology is impacted:

Most organizations rely on Information Technology as a critical operating component.

  • Interruption of technology services could disrupt or impact Business Processes

If Supplies/Suppliers are impacted:

Every organization relies on Supply Chains – even if they don’t acknowledge it.

  • Disruption of supply chains from external vendors may impact Business Processes
  • Disruption of supplies may directly impact Products or Services

If Business Processes are impacted:

The continuity of Processes is critical to continuous delivery of products and services.

  • Anything that disrupts Business Processes (or ‘functions’) will ultimately impact the delivery of products & services to customers.
  • One disrupted Business Process may impact many other Business Processes – because of downstream dependencies.

If Delivery of Product & Services is impacted:

Organizations exist to produce and deliver Products and Services.

  • Disruption of the delivery of products & services will impact Customers
  • Failure to deliver Products & Services may impact the organization’s brand, reputation and cash flow
  • Disrupted delivery of Products & Services may have regulatory and compliance impacts

If Customers are impacted:

A Customer may be impacted by their own disruption or change – bankruptcy, acquisition, downsizing, market upheavals and many others.  This may change their ability or desire to continue absorbing the same level of products and services.

  • Customers impacted by a disruptive event may react in a manner that directly impacts timing, and quantity of the delivery of Products & Services – with subsequent impacts on Business Processes, Facilities and Personnel

Conclusion

Understanding the cascade effect of an impacted asset is critical to an effective response. Identifying the possible downstream impacts on the organization can help Incident Managers better allocate the limited resources available for Business Continuity and restoration/recovery efforts at the time of a disruption.

But the interdependency of specific assets needs to be catalogued in advance.  Unless dependency mapping is part of the Business Continuity planning process, the Causality Chain will be something Incident Managers are forced to react to, rather than control.

SHARE:
Ramesh Warrier

Ramesh Warrier

eBRP Founder and Chief Designer of eBRP Suite, Ramesh is a proponent of constant change, a visionary who believes that the practice of Business Continuity can deliver improved operational efficiency. Ramesh, B.Tech in Electrical Engineering, has nearly 30 years experience in Business & Technology roles. His thoughts are expressed in blogs, white-papers, frequent webcasts and speaking engagements at industry conferences.

Related Posts

Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…