“Preppers” (those anticipating the end of the world who stockpile guns, food, camouflage gear, bottled water and the like in expectation of Armageddon), have it easy. They simply buy and hoard as much as they can manage. They think they know what will happen – they just don’t know when – so they amass as much as they can afford.
Business Continuity Planners face a more complex dilemma: they don’t know what will happen, when it will happen, how severe it will be, or how long it will last.
Conventional thinking (I stop short of calling it ‘wisdom’) drives some of those Planners to ask their organizations to specify what they’ll need in the event of some business disruption – and how much more they’ll need over time (assuming that unknown ‘event’ lasts more than a day or two).
It seems to me that such requests – and the resulting date – are questionable, if not invalid. How can I say that? I’ve had nearly 20 years of experience in the Business Continuity industry (as everything from a participant to a planner to a consultant). And I’ve seen lengthy surveys that ask for exactly that – and result in highly suspect data.
Corrupting the BIA
Suppose you’re a Department Manager. You’ve been asked to complete a BIA survey. You encounter the following question:
“In the event of a disruption to your facility/department/function/process, please complete the following chart for each required resource:”
Resource | Day 1 | Day 3 | In 1 week | In 2 weeks | In 1 month |
Phone | |||||
Computer | |||||
Desk | |||||
Printer | |||||
(other) |
How do you answer? For Day one, you estimate the minimum number of people you’ll need (and the resources they’ll need to function) if things go south. You don’t know for certain – but at least you can make an educated guess. The rest is pure speculation.
How can anyone fill in the chart factually? After all, the BIA is collecting preliminary information. No one has yet begun to think about Recovery strategies, or Alternate sites. How is someone supposed to fill in those boxes when they don’t have a Recovery Strategy?
Basing Planning on Conjecture
The same table might appear in a Business Continuity Plan Template. By this time (hopefully) one or more Recovery Strategies have been determined. So you might assume the Plan owner could complete the table factually.
Let’s take a hypothetical Plan involving a Critical Business Process working out of a single location. Strategy: Move to an alternate site (another facility some acceptable distance away). So how does that Plan Owner fill in the Table? They can make a factual judgment of the number of people they’ll need on Day one – and the Resources they’ll require. After Day 1? It depends½ On whether it is a local or regional disruption; will he have people who can’t travel? If it’s a local disaster, will she have people who won’t travel? Or whether it’s an IT or Network problem; will he need the same number of people if the Application or Network has an RTO of 72 hours – or 2 weeks? Or if the problem impacts Customers directly; will the need for her Process still be as great? The list of ‘what-ifs’ is endless. And all of them impact the numbers in the Table.
So what does those poor Plan Owners do? They guess.
Compound Errors
Whether the data comes from BIA’s or Plans, somebody’s responsible for totaling up all the Resource requirements in those Table, and converting them to a single table (probably by Location). Without a relational database, or a BCM software tool, that’s a lengthy job. But one way or another, the results get tabulated.
The Facilities people are given the workspaces and furniture they’ll need to have available when locations are used as Alternate Sites. IT gets its lists of required PC’s, phones, printers and other technical equipment. And all of it is complete balderdash! It’s a classic case of ‘garbage in, garbage out’. Ask everyone who completes a BIA, or fills out a Plan Template to speculate about what they’ll need at some uncertain date in the future, under unknown circumstances. The result is nothing but guesswork.
If that collection of guesswork forms the basis of planning for Recovery, the effort is wasted. The house of cards built with speculative data is bound to fall the first time it is needed. It’s this simple: You cannot build Plans on data that was derived by guessing. And when those guesses came from 10, 50, even 200 respondents or more, the unreliability of the data shouldn’t even be in question. Run from it. Fast.
If you use ‘assets over time’, stop. It’s an exercise in futility. It is very seductive (it looks like such a pretty tool!), but like the Venus flytrap, it is deadly. So what CAN you do?
Rely on facts: What Resources do you rely on today? What’s the minimum amount of those resources you’d require on Day 1 of any disruption (pick the worst case if you like)? Those two questions supply both ends of the requirement. Resources after Day 1 can be worked out on the fly (when the parameters of the situation are known). You’ve got a place to start, and the worst possible case. You can deal with that – at least it’s factual!
You might also consider the 6 Steps advocated by my colleague in his Method to the Madness blog.