The Myth of Departmental Continuity Plans

Since the early days of Business Continuity Planning, many organizations have chosen to focus efforts on “Worst Case” and “Hole-in-the-ground” scenario planning, and Departmental Continuity Plans.  The value of Departmental Continuity Plans is a myth. Planning for an artificial, organizational construct ‘the Department’ shifts emphasis from the real reason BCM exists: to resume delivery of the organization’s critical Products & Services.

The effort expended to create a Departmental Business Continuity Plan often has two negative outcomes:

1)      To accommodate every function, Departmental Continuity Plans are ‘vanilla’ -neither robust, nor detailed enough to focus on the resumption of the most critical functions or Processes.

2)      Planning for resumption of non-essential functions reduces the available time for highly critical functions or processes which require greater thought and effort.

After a disruption, will you really need to restore functionality of your whole department? Will you need all the department’s Business Processes (functions), people, and resources restored simultaneously?  The answer to both questions is: No.  Your BIA results should have told you which Business Processes are most critical to restoring delivery of critical Products & Services.

For instance, which of the Finance department’s Business Processes assures the delivery of P&S to its key customers?  Perhaps Payroll (Employees are its Customers) or Treasury (management of funds – for which every critical Process may be a Customer) or Accounts Payable (suppliers and external customers are both their Customers).  What about General Accounting, Financial Reporting, Planning & Budgeting and Accounts Receivable?  They are important to the organization, but might not be essential in the delivery of Products & Services to your key customers/stakeholders.

A “Process’, by definition, can also span multiple departments and organizational boundaries.  As such, planning for Departmental recovery – by its inward focus – is unlikely to meet the needs of restoring complex critical Processes.

But what if your Auditors demand to see your Departmental Continuity Plan?  You can provide one – without actually spending much time to create it.  Start by creating a folder containing document with all the common stuff (Mission Statement, Testing Requirements, etc.).  Add to that the detailed plans you create for the resumption of critical Business Processes.  Then create a 1 or 2 page ‘plan’ for each of the other Processes deemed-non-essential (mostly lists of resources and alternate site strategy information).  Now the collection of documents in the folder is the Departmental Continuity Plan for your auditors.  Unlike that typical ‘vanilla’ Department Continuity Plan, the collection of Plans will cover everything – without sacrificing the proper emphasis on continuity of the most critical Business Processes.

Departmental Continuity Plans may be an audit requirement or a management mandate – but that requirement shouldn’t result in a dumbed-down Plan.  By starting with Planning for the continuity of the most critical Business Processes (and adding smaller plans for less-critical Processes), you can meet audit requirements without losing sight of the true intent of BCM: planning to support continuity of delivery of your organization’s critical Products & Services.

The Departmental Continuity Plan myth just got busted.  Check out the next Myth Buster article – the Myth of Planning for Resources over Time.

SHARE:
eBRP Thoughts

eBRP Thoughts

eBRP Thoughts, eBRP’s Blog voice, represents 50 + years of cumulative BCM knowledge gained through experience in corporate BCM program management, consulting & program implementations. We've worked hand-in-hand with governments and private enterprises to develop viable BCM programs. eBRP is an active participant on LinkedIn and Twitter. The opinions expressed in our eBRP.net blog are ours and are intended to engage resiliency planners in conversations about the BCM industry, its standards and its future.

Related Posts

Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…