Plans should not be the only goal of Business Continuity Management (BCM) programs. The true end-state of BCM should be to assure that your organization can successfully manage its response to any disruption, the goal of Incident Management.
An Incident Management focus has 4 components:
Planning – More than just BIAs and Risk Assessment, planning is the process of gathering, analysis and presentation of data crucial to Incident Managers’ and senior executives’ Decision Support. These include: assessment of current capabilities, vulnerabilities, gaps, single points of failure, process and IT services critical resources, RTO’s and RPO requirements.
Plan Development – Plans must be developed to meet objectives and foster collaboration, not to fill checklists or comply with ‘standards’. Plans have to be actionable and executable. One of the critical components of actionable plans is its ability to ensure smooth and efficient execution of the strategy to achieve business objectives (industry refers to these plans as ‘playbook’)
Preparedness – Plans are necessary, but alone they do not inspire senior executives’ confidence in your organization’s ability to respond effectively to an incident. They will gain confidence if Plans are exercised frequently, tested in different scenarios, they consistently meet recovery objectives and that there is quantifiable continuous improvement.
Program Management: Streamlining and automation of repetitive tasks allows more time for better execution of the other 3 Ps. Automate all repetitive tasks such as data refresh and plan review notification. Schedule tasks such as Exercises & tests, user training, program metrics vs KPI, users access management, audit & compliance reporting, Provide decision support for management via interactive Dashboards
The following series of blogs explores the goals, components and values of each of the 4 Ps in detail.
