The world grows more complex every day. New technologies, global competition, instant communications; every new opportunity presents new risks. Yet countless BCM planners follow “Loss of” scenarios for their Plans.
I know from experience that many BCM professionals understand those “loss of” planning templates may not be good enough, yet continue to use those old familiar methods for lack of a viable alternative.
Scenario Plan Limitations
“Loss of” plans (Loss of Building, Loss of IT, etc.) may actually hold the key to better planning. Those Plans focus on assets: facilities, technology and people. They make sense, but fall short; perhaps because they focus on assets that are too big, too broad – and unlikely to happen. Is your data center likely to collapse? Is your building likely to burn down, or be destroyed by a hurricane or earthquake? Are all your critical people likely to be unable to work simultaneously? The answer to all those questions is: No.
Major catastrophes are highly unusual. What is much more likely is some subset: a server or database issue takes out a critical IT Application, a water leak impacts part of a building, a storm or transportation disruption prevents some people from getting to the office. Will that “Loss of Building” plan work if a burst pipe floods part of the ground floor? Will the “Loss of IT” Plan be effective if only a single application is inaccessible? Maybe – but probably not.
The alternative is simple. Your should have told you which business processes are most critical to the delivery of core products and services. You also should also know which applications, facilities, vendors, people and other business processes are critical to their day-to-day operations (If not, read our earlier collecting dependencies blog If Not a BIA, What? Pt.2)
Armed with an understanding of critical assets (facilities, people, technology, vendors and business processes) the BCP for a Business Process can focus on strategies, rather than ‘scenarios’.
Strategies & Alternatives
Within the Plan, every identified dependent ‘asset ‘or critical resource needs strategies (how or where to acquire, move, borrow or replace the resource if the normal means are suddenly disrupted). Taken individually, alternatives for each resource can be identified, for example:
- Where else can the Process be conducted?
- An undamaged part of the building (replacing a less critical Process)
- Somewhere the Process is already conducted
- A temporary Alternate Site
- From home
- Who else can do the work?
- Employees in another location
- Employees who have formerly performed the work
- Temps, contractors or a contract service
- What can be substituted for normal Technology access?
- A manual workaround Process
- Accumulate data for later input
- Go where the network is not impacted
- How can lost Data be replaced?
- Repeat manual processes
- From original sources
- What if a Vendor fails to deliver?
- Acquire from inventory or alternate supplier
- Workaround
- What if a Contractor fails to deliver?
- Substitute another contractor or temps
- Do the work in-house (temporarily)
- What if critical Equipment becomes unavailable?
- Outsource to someone else’s equipment
- Borrow, rent, lease, purchase)
- Go where the equipment is available
- What if output from another Process is not available?
- Work around it – or hold and wait (while doing damage control)
- Acquire it from somewhere or somebody else
- What if this Process provides cannot operate?
- Alert dependent Processes
- Provide assistance (including an ETA and updates)
- Divert them to an alternate source
Conclusion
Alternative strategies can be turned into actionable tasks. For example:
If moving to an Alternate Location is an alternative to the unavailability of current workspace, the matching tasks should include where to go, who should go, what equipment they’ll need on arrival, and how downstream dependents will be notified. It doesn’t matter which alternative location is chosen – the same steps should be followed.
The cause of a future disruption won’t matter, because the Plan is equipped to deal with impact to any of the Process’ critical assets.
Think of asset-based ‘strategies’ as supplying the ‘who, what, when, where and how” of the response. Having planned alternatives for what is needed to continue the Process, the Plan becomes a decision-tree – enabling the Recovery Team to react to any impact by choosing the proper asset-based tasks to respond to the specific disruption or loss of assets.
