Contact Us

Continuity Insights Management Conference

10 Critical Indicators of a Sound Business Continuity Program

Continuity Insights

ComplianceCrisis CommunicationCyberDisaster RecoveryMethodology / MetricsMore ContinuityProfessional DevelopmentSubject Matter Experts

Is your business continuity program in good health? Does it include what many experts consider the most critical element of any business continuity program? These 10 indicators will help you make sure that your program is on track regardless of your industry or company size.

By Michael Herrera, CEO, MHA Consulting

After almost 20 years, I’ve had a hand in developing hundreds of business continuity programs for companies around the globe—wading through hundreds of thousands of data points, facilitating too many strategy discussions to count, and convincing an untold number of executives of the merits of BC. Continuity strategies aside, I’ve learned that the overall health of an organization’s BC program is most critical to its success. Why? Because the business continuity lifecycle depends on the presence of certain factors to function like a well-oiled machine. The 10 indicators listed below are present in all successful BC programs; they apply regardless of industry or company size.

1. The program has management support.

Lack of knowledge and support of business continuity among senior management is one of the most common obstacles to successful implementation. Without it, direction for the program will flounder, employee interest and cooperation will plummet, and financial resources will be nonexistent—all of which are key to making the program work. You know you have management support if an executive steering committee has been appointed and meets regularly, and it provides strategic input or direction to ensure that the program aligns with the mission and/or strategy of the company.

2. The program has a budget.

All the elements of a working, executable program—implementing strategies, writing plans, conducting exercises—cost money. Some organizations claim to have a BC program and even have the associated documents and plans, but have no formal budget to speak of. Programs like these are essentially vaporware, because the company simply hasn’t invested the funds necessary to pull off the recovery plans should it ever need to. The BC budget doesn’t have to be extravagant as long as it’s enough to move the program forward year after year.

3. The program is based on a current Business Impact Analysis.

At the heart of every business recovery strategy is the Business Impact Analysis (BIA). You can’t create meaningful strategies without first knowing what’s important to protect. A BIA delivers that information and more. It takes time to conduct a formal BIA that will determine the criticality of your business operations, but the results will drive the rest of the program forward. If you can answer “yes” to the following questions, you can check off this box:

  • Can management identify critical business units and processes?
  • Is the BIA kept up to date?
  • Are BIA results scrutinized to ensure that critical units and/or processes are aligned with the company’s mission and strategy?

4. The program includes a sound crisis management plan.

To paraphrase a common saying, the best offense is a good defense. Your crisis management team must be “always on” and your plan at the ready if you hope to be proactive in managing disruptive events. The quality of your crisis management plan is defined by whether or not those individuals at the highest levels of the company know how to assemble, respond, and strategically guide the company should a disruption ever arise.

5. The program includes a sound crisis communications process.

The organizations I’ve seen emerge unscathed from unplanned disruptions do so in large part thanks to their crisis communications plans. These plans ensure that team members have a sound grasp on how to keep communication flowing. Information is critical during a disruption. Not only does it keep employees moving, it also enhances trust and credibility among external parties during a difficult time that could make or break your reputation. Both internal and external parties must be considered.

6. The program has clear, executable, and appropriate business recovery plans.

Plans should address the continuity of key business units and processes as well as the technology that they depend upon. (There’s no need for recovery plans for every business unit.) The plans should be written with the right level of detail, so that a professional in that area could carry out the tasks and actions without confusion. The best recovery strategies in the world won’t be enough if the parties involved don’t know how to carry them out.

 

7. The program includes effective strategies and solutions that align with business needs.

This is the key indicator of a sound business continuity program. It’s critical that, once you’ve identified what’s important to your business, you design and implement recovery strategies and solutions that ensure you can meet the required recovery times, not only for processes but for systems and applications as well. You also need to invest resources in those solutions, which can’t be implemented otherwise. Eliminating these steps is like building a car with no engine.

8. The program incorporates high-level recovery exercises.

You play like you practice. If you only practice at the lowest level (i.e., doing desktop walkthroughs as opposed to actually using your alternate strategies and solutions) you won’t be able to play at the highest level. It’s imperative that the organization is rigorous in practicing recovery strategies to prove it can recover from a real-life situation.

9. The program actively promotes training and awareness.

From the lowest levels of your organization to the highest levels, does everyone know what to do in case of emergency? All organizations should provide BC training to ensure employees at all levels are aware of their primary and backup responsibilities in the event of a disruption. If people don’t know what to do or who to call, your recovery plans will be stopped in their tracks.

10. The program takes into account critical third-party suppliers.

If you’re banking on all of your critical third-party suppliers being as diligent about BC as you are, you will most likely be sorely disappointed. Many organizations depend on one or more third parties to carry out business operations, so your own ability to recover hinges on a) whether you can identify your most critical third parties, and b) whether those parties can recover from a disaster themselves.

If your program meets all of the above criteria, you’re clearly doing things right. If not, consider it an opportunity to improve. The benefits of a healthy BC program contribute to the health of your organization overall, so it’s well worth the effort.

Michael Herrera is the CEO of the business continuity consulting firm MHA Consulting and the founder of BCMMetrics, a cloud-based tool designed to assess business continuity compliance and residual risk.

LinkedInFlipboardPinterestRedditSMSWhatsApp

CI New York Conference “Millennial Spotlight” Session – Leveraging the Me Culture to Your Advantage

BCM Service Provider/Critical Supplier/Supply Chain Management Assessment

Continuity Insights

Similar Articles

Cyber Attack Trends: 2020 Mid-Year Report Reveals How Criminals Have Targeted All Sectors

Check Point® Software Technologies has released its Cyber Attack Trends: 2020 Mid-Year Report, which shows how criminal, political and nation-state threat actors have exploited the COVID-19 pandemic and related themes …

Surviving a Business Continuity Audit

Comprehensive business continuity audits will traditionally inspect virtually every aspect of a program by evaluating risk-based planning, observing BCP/DR tests, and assessing the entirety of the BIA. Can your business …

The Do’s and Don’ts of Crisis Communication

A communication plan is absolutely critical in a crisis environment. During a crisis or disaster, the decisions you make, the actions you take and the words you say will determine …

Leave a Comment

Address

Group C Media, Inc.
The Galleria, 2 Bridge Avenue, Suite 231
Red Bank, NJ 07701

Contact

800.524.0337

info@groupc.com

Newsletter

Read the latest news and information for business continuity professionals. Get information on new products and services from manufacturers and service providers to the industry. Learn More.

© 2024 Continuity Insights

About Contact Privacy Policy Terms of Use Advisory Board Advertise
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly