Global Enterprise Solutions

If you’ve only held one Business Continuity job, you may not be aware that one size does not fit all.  Things can be accomplished much more quickly in smaller organizations.  The larger the organization, the more complex it, and its BCM needs, are likely to be.  Speed, culture and complexity are not the only things that separate large, global enterprises from SMB’s.

Incident Readiness

In a small business, disruptions may rarely happen.  With each increase in organizational size, the likelihood of disruptive incidents increases proportionally.  In many large global enterprises disruptions of one type or another (weather, geologic, technical, man-made) happen often – sometimes daily.  Such enterprises can’t just be prepared to take action – they need to purposely build, exercise and improve their Incident Readiness.  Plans and an IM Team are insufficient.  Incident Readiness takes effort and practice.

Approval Workflow

With potentially hundreds of Plans, the BCM team in a large enterprise can’t possibley review every plan for viability – let alone for regulatory compliance.  The process of Plan review and approval must be elevated to management within business lines or functional areas.  To be successful, that process must be automated to every extent possible.  BCM Team members don’t have the cycles to prompt, remind and follow up with Plan owners – nor shuffle the volume of documents a global enterprise BCM program generates.

User Access

Those hundreds of Plans, BIA’s and Risk Assessments – plus additional Responder Teams for exercising and incident response- means that there may be thousands of individuals who need access to their BCM information.

It is imperative that Users (both Plan ‘owners’ and Responder Teams) have quick and easy access to their Plans.  Printed copies are fine – but a disruptive incident can happen at any time (not just during work hours), so online or digital availability is essential.

The BCM Team doesn’t have the cycles to manage access permissions for hundreds (perhaps thousands) of Business Continuity program participants, so automated, self-administered access to Plan documents is essential.

Dependency Mapping

No Business Process operates independently.  There are dependencies among Processes, Facilities, Technology (Systems and Applications), Suppliers (Contractors and Vendors) and People in every organization.  The ability to map dependencies among these assets creates a clearer picture of risks and vulnerabilities – and the results make it possible to plan for any eventuality.  For large, global enterprises an understanding of dependent relationships is essential for making an informed response to any business disruption.

Incident Management

Because disruptive incidents – large and small – happen frequently in large enterprises, Incident Management Teams (IMTs) get plenty of practice.  It’s easy to slip into the “we do this all the time, we don’t need to plan for it” attitude.  Practice is important.  But having the right tools at the fingertips of the IMT adds layers of intelligence and automation that make decision-making easier and more accurate:

  • Impact Assessment: Whether the disruption is to a facility, a technology component, a supplier or any other asset, understanding the downstream implications of the immediate impact will enable better decisions and wiser choices of action.
  • Plan Activation: By linking Response Plans (both DR and BC) to the assets they are designed to recover, (rather than to Departments, Data Centers, Facilities or Lines of Business), the IMT can base their activation decision on the results of their Impact Assessment.
  • Communication:  Notification is critical.  But notification is largely a one-way vehicle.  To assure Incident Readiness, large enterprises must create the capability for two-way communication and collaboration

Issue Escalation & Resolution:  No Plan is perfect.  No Plan can anticipate every hurdle that chance and Mother Nature may put in its path.  When things go awry, it is imperative that Response Teams be able to raise issues and ask for help in resolving them.
Monitoring:  In large enterprises it may not be unusual for 10, 20, even 100 Plans to be activated simultaneously. Keeping track of a Plan’s progress when there are multiple Plans in play is not a simple task.  Without the ability to monitor status, the IMT is virtually operating in the dark.
Handoffs: When one Plan is dependent on actions of another the successor Team needs to know when they can proceed.  Whether funneled through the IMT, or communicated directly, hand-offs are critical to a timely recovery.

Compliance

At every step along the Incident Readiness process, large enterprises must maintain awareness of legal and regulatory requirements.  Automation of compliance tracking relieves the paperwork burden – and makes meeting reporting requirements in both program and post-incident audits easier.

If you are responsible for BCM in a large, global enterprise you owe it to yourself and your program to find out how eBRP Suite’s Global Enterprise Solution can help you meet your goal.

SHARE:
eBRP Thoughts

eBRP Thoughts

eBRP Thoughts, eBRP’s Blog voice, represents 50 + years of cumulative BCM knowledge gained through experience in corporate BCM program management, consulting & program implementations. We've worked hand-in-hand with governments and private enterprises to develop viable BCM programs. eBRP is an active participant on LinkedIn and Twitter. The opinions expressed in our eBRP.net blog are ours and are intended to engage resiliency planners in conversations about the BCM industry, its standards and its future.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…