3 Steps to Incident READINESS

Business Continuity methodologies have been around for decades.  Business processes, technology, culture, markets, media and communication have all changed – yet BCM is still virtually the same. It shouldn’t surprise anyone that ‘Selling BCM to the C-Suite” is a problem of epidemic proportions. Executives see little – if any – value in current BCM methods and plans.  Auditors have progressed beyond accepting BIA compilations and door-stopper BCPs as evidence of BCM compliance.  They have a new yardstick: ‘stress-testing’ your ability to respond to disruptions & resume operations against all odds. They are questioning your organization’s ability to continue to deliver critical products & services following any interruption.

That’s the new raison d’être of BCM programs.  And as an industry, we’ve been failing to meet that objective. You can no longer simply compile lists of critical resources, build Call Trees and call it a Plan.  Auditors and new standards are looking for proof of incident readiness.

What is Incident Readiness? – A program with tested, viable response plans, capable of responding effectively to any disruption – with the proven ability to restore critical assets to ensure continuity of operations.

The 3 components of an Incident Ready program are:

  • Planning: Is the entire, typical BCM life cycle – Risk Assessment, BIA, Strategy development, Plan development, testing/exercising and maintenance – for sustainability of the program. It should have an emphasis on identifying critical assets, and the tasks that are needed to restore those assets (not simply locations or departments).
  • Incident Response: Is a systematic process to identify the impacts of a disruption and the resulting causality chain.  It must also incorporate the decision support framework necessary to craft an effective response.
  • Incident Management: Tracks the business objectives, timelines, resources, SLAs, assets, logistics against the relevant aspects of the incident response to ensure both its effectiveness and efficiency. (A well-established standard for Incident Management is the NIMS-ICS framework.)

Only a BCM program, in which program objectives incorporate all three of these components – Planning, Incident Response, and Incident Management – can lead to Incident Readiness.  The program need not adhere to linear ‘best practices.  By focusing on critical assets (instead of planning for the entire enterprise), planning and response for critical components can be completed and validated independently.  You can get off of the BIA carousel.  You can avoid Risk Assessment ‘analysis paralysis’, and create plans with clear, concise objectives (not broad, vague one-size-fits-all tomes).

With a goal of Incident Readiness, all components can coexist; there’s no need to complete one component for the entire enterprise before moving on. If you’ve always known there had to be a better way – or if you are simply curious – read part 2 (of this three-part series) focusing on how to achieve Incident Readiness, a value that traditional BCM methods cannot.do.

SHARE:
Ramesh Warrier

Ramesh Warrier

eBRP Founder and Chief Designer of eBRP Suite, Ramesh is a proponent of constant change, a visionary who believes that the practice of Business Continuity can deliver improved operational efficiency. Ramesh, B.Tech in Electrical Engineering, has nearly 30 years experience in Business & Technology roles. His thoughts are expressed in blogs, white-papers, frequent webcasts and speaking engagements at industry conferences.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…