The BCM program in many progressive enterprises focuses on Incident Readiness. Integrating critical aspects of Planning, Incident Response and Incident Management, an Incident Readiness program aims to assure an organization is truly prepared to respond to any disruption of its day-to-day operations. Incident Readiness may not be the right prescription for every BCM program; for some, BCM programs may simply be traditional ‘3-ring binder’ Plans and table-top tests. But for most, Incident Readiness may be the key to a successful BCM future. In our two earlier blogs we defined Incident Readiness, and examined the requirements to implement it. Finally, let’s look at the benefits: the tangible advantages of an Incident Ready BCM program:
- Focus: The larger the organization the harder it is to determine where to start. When senior Executives give direction, their directives are often so broad (“Assure we can stay in business”½) or the parameters so punitive (“We can’t be down for more than an hour”½) that BCM planners struggle to figure out where to start. A focus on critical products and services, and the assets that support them, sets a simpler course. Trying to protect the enterprise is a daunting task. An asset-based, step-by-step approach defines reachable goals.
- Speed: Plan writing can be difficult. Focusing on critical assets, rather than how to restore everything, makes the Plan development process simpler and faster. What assets do you rely on and options do you have if you lose them? Simplifying the plan development process decreases the time from Plan to Test. Testing results in improved Plans. Tested, asset-based Plans assure an effective Response to any Incident, not just a few hand-picked ‘scenarios’.
- Results: How do you eat an elephant? One bite at a time. Trying to analyze risks and impacts across the entire enterprise – and build plans from a one-size-fits-all template – never seems to get anywhere. Starting with a prioritized list of critical Products & Services, and attacking them one-at-a-time will allow you to devour that elephant. Once you start down the path to Incident Readiness, you’ll begin to understand how long each phase takes. You can develop a long-term project plan. You can predict how much will be accomplished this quarter, or this year. You will be able to continuously check off milestones – and gain a real sense of accomplishment.
- Proof: Simply planning for Incident Response is as far as most organizations ever get. Whether or not those Plans will work is debatable; whether they will work when a real disruption occurs requires 5, 10 or even 50 plan implementations simultaneously. Building the ‘infrastructure’ for Incident Management enables your BCM program to move one step further and demonstrate your organization’s ability to respond to a larger disruption. Having Incident Management infrastructure in place will enable you to conduct bigger tests – using simulations that test multiple, related business/IT processes – and involve your Incident Management Team. You’ll learn much more- and you’ll be able to prove that you have the ability to respond effectively to enterprise disruptions.
- Value: Last, but certainly not least, an Incident Readiness program will demonstrate to Senior Management that your BCM program really is providing protection of organizational assets. Many BCM programs struggle to get ‘Executive buy-in”. When your Incident Readiness program demonstrates proof of ability to recover effectively – you produce value that Executive can understand. Value justifies budgets. Value justifies time and resources. And that’s what ‘Executive buy-in’ provides.
Caviar, so we understand, is an ultimate gourmet food – but a taste that must be cultivated. Similarly, an Incident Ready program needs commitment to be delivered and appreciated.