Let’s suppose that – to protect your family – you decide to build an ark in your garage. (An ark is a large wooden ship, like the one Noah used to save pairs of animals during the biblical “Great Flood”) Where would you start? Would you purchase lumber and simply start sawing and hammering? Would you download a set of $99 Build-an-Ark Plans from the Internet?
Or would you sit down and make a list of needs. Like how many people it must accommodate; how much room will be needed for supplies (and pets); how it will be propelled (if at all) and whether you’ll need a bigger garage.
If you don’t understand your objectives, embarking on a project or a program can be a major waste of time, energy and resources.
Which is just as true for Business Continuity Management as it is for building that ark. You could write Plans, or conduct a BIA – but you won’t be able to measure whether those activities have produced anything of value until you measure them against your BCM Program Objectives.
That’s not to say creating a Plan can’t be a program objective; it could – for a small business. For every other organization objectives beyond written plans are of greater importance. Objectives may differ from company to company. What is important is that the BCM staff, Plan owners and Recovery Teams all understand those objectives. BCM Program Objectives might include:
- Support of the Organization’s Mission. That mission might be assuring the delivery of critical Products and Services; but not always. Apple, for example, might emphasize protection of its brand (since it is paramount to its products). IBM, as another example, might be more concerned about its patents. It is important that the true organizational mission be clearly understood to assure BCM is protecting the right assets.
- Response to Audits, Compliance or Regulators. Whether internal or external, a review of recovery capabilities, plans and testing activities can help set the direction and scope of ongoing BCM. The bandage approach (acting only in response to negative reviews) is not a very effective long-term strategy.
- Customer Demand. Whether it is part of a critical supply chain or a supplier to a highly regulated industry (like banking or energy), an organization may need to set its BCM objectives to meet the requirements of its customers. In business-to-business operations, meeting critical customer’s needs may be more important than simply assuring delivery of products or services.
- Doing the Right Thing. Protecting the interests of investors, customers, suppliers, employees and neighbors under the banner of corporate citizenship, is a laudable objective. Such motivation can simultaneously incorporate the other three (above).
A successful BCM program must have a foundation composed of organizational objectives. Otherwise progress (and success) is unmeasurable. Regardless of which objectives form that foundation, the planning which goes on creating that successful BCM program should focus on the threats the organization faces. Determining those threats in today’s business environment is a topic for the next blog in this series.
