If you’ve only held one Business Continuity job, you may not be aware that one size does not fit all. Things can be accomplished much more quickly in smaller organizations. The larger the organization, the more complex it, and its BCM needs, are likely to be. Speed, culture and complexity are not the only things that separate large, global enterprises from SMB’s.
Incident Readiness
In a small business, disruptions may rarely happen. With each increase in organizational size, the likelihood of disruptive incidents increases proportionally. In many large global enterprises disruptions of one type or another (weather, geologic, technical, man-made) happen often – sometimes daily. Such enterprises can’t just be prepared to take action – they need to purposely build, exercise and improve their Incident Readiness. Plans and an IM Team are insufficient. Incident Readiness takes effort and practice.
Approval Workflow
With potentially hundreds of Plans, the BCM team in a large enterprise can’t possibley review every plan for viability – let alone for regulatory compliance. The process of Plan review and approval must be elevated to management within business lines or functional areas. To be successful, that process must be automated to every extent possible. BCM Team members don’t have the cycles to prompt, remind and follow up with Plan owners – nor shuffle the volume of documents a global enterprise BCM program generates.
User Access
Those hundreds of Plans, BIA’s and Risk Assessments – plus additional Responder Teams for exercising and incident response- means that there may be thousands of individuals who need access to their BCM information.
It is imperative that Users (both Plan ‘owners’ and Responder Teams) have quick and easy access to their Plans. Printed copies are fine – but a disruptive incident can happen at any time (not just during work hours), so online or digital availability is essential.
The BCM Team doesn’t have the cycles to manage access permissions for hundreds (perhaps thousands) of Business Continuity program participants, so automated, self-administered access to Plan documents is essential.
Dependency Mapping
No Business Process operates independently. There are dependencies among Processes, Facilities, Technology (Systems and Applications), Suppliers (Contractors and Vendors) and People in every organization. The ability to map dependencies among these assets creates a clearer picture of risks and vulnerabilities – and the results make it possible to plan for any eventuality. For large, global enterprises an understanding of dependent relationships is essential for making an informed response to any business disruption.
Incident Management
Because disruptive incidents – large and small – happen frequently in large enterprises, Incident Management Teams (IMTs) get plenty of practice. It’s easy to slip into the “we do this all the time, we don’t need to plan for it” attitude. Practice is important. But having the right tools at the fingertips of the IMT adds layers of intelligence and automation that make decision-making easier and more accurate:
- Impact Assessment: Whether the disruption is to a facility, a technology component, a supplier or any other asset, understanding the downstream implications of the immediate impact will enable better decisions and wiser choices of action.
- Plan Activation: By linking Response Plans (both DR and BC) to the assets they are designed to recover, (rather than to Departments, Data Centers, Facilities or Lines of Business), the IMT can base their activation decision on the results of their Impact Assessment.
- Communication: Notification is critical. But notification is largely a one-way vehicle. To assure Incident Readiness, large enterprises must create the capability for two-way communication and collaboration
Issue Escalation & Resolution: No Plan is perfect. No Plan can anticipate every hurdle that chance and Mother Nature may put in its path. When things go awry, it is imperative that Response Teams be able to raise issues and ask for help in resolving them.
Monitoring: In large enterprises it may not be unusual for 10, 20, even 100 Plans to be activated simultaneously. Keeping track of a Plan’s progress when there are multiple Plans in play is not a simple task. Without the ability to monitor status, the IMT is virtually operating in the dark.
Handoffs: When one Plan is dependent on actions of another the successor Team needs to know when they can proceed. Whether funneled through the IMT, or communicated directly, hand-offs are critical to a timely recovery.
Compliance
At every step along the Incident Readiness process, large enterprises must maintain awareness of legal and regulatory requirements. Automation of compliance tracking relieves the paperwork burden – and makes meeting reporting requirements in both program and post-incident audits easier.
If you are responsible for BCM in a large, global enterprise you owe it to yourself and your program to find out how eBRP Suite’s Global Enterprise Solution can help you meet your goal.
