(This is Part 2 of a multi-part blog examining the “4Ps” of Incident Management Framework)
Before creating Business Continuity plans, an important Planning process must occur. This Planning process helps identify criticalities (ranking or tiers – including dependencies) and impacts on Reputation, Customers and Regulatory requirements. Planning results should also unearth gaps, vulnerabilities and single points of failure in current operations.
Accordingly, Planning should help determine RTO’s for critical technology and business processes, and should also include ‘what if?’ analyses to identify domino effects (or causality chains) of potential disruptions to those critical functions.
Effective Planning goes beyond the traditional BIA to encompass upstream and downstream dependencies, geospatial information (mapping), the implications of time zones, currencies and other supply chain, and regulatory, considerations.
Ultimately, the Planning process must lead to more than Plans. Planning should supply Senior Executives and Incident Managers with the information needed to support decision-making in response to any operational disruption.
The next blog will address the 2nd “P” of Incident Management Framework: Plan Development