This is the 1st in a series of articles examining the “myths” of today’s Business Continuity Management industry.
In a standard, methodology-driven BCM program, much of the industry follows the RA-BIA-Strategy-Plan Development cookie-cutter path, assuming that of all of these will lead to a viable and sustainable Business Continuity Planning program. Industry ‘experts’ cling to this methodology mainly because the cookie-cutter approach is easy to follow. But, does the outcome reflect the needs of the organization?
Recovery Time Objective (RTO), as a key driver of a BCM Program, must be examined. In the early days, RTO was a useful indicator of recoverability. BCM today has evolved from IT Disaster Recovery of the 70’s – when the focus was on restoration of mainframes. Once you understood how long it would physically take to recover the mainframe, it was simple to set a Recovery Time Objective – based on that capability. When Recovery Planning expanded to include Business Locations, then Departments and Business Processes, what is known as BCM, the RTO target remained a core driver of BCM Program. The industry still considers it ‘sacrosanct’ – but it doesn’t necessarily indicate anything useful. What are the myths of RTO?
- RTO is based upon who in the organization is asked. C-level Execs, Line Managers and IT all have divergent ideas about what RTO indicates.
- True RTO also depends on the calendar. Is it a Saturday, the middle of Year-end, or the slow summer-period? There’s no real standard for RTO – because its meaning varies by time of occurrence.
- Social media allows bad news to spread rapidly. Your competitors and detractors will jump on news of your disruption in minutes. In the Asiana Boeing 777 crash in July 2013, a Google employee witnessed and tweeted about the crash before the rest of the world even knew it happened. This proves that no one controls the news cycle anymore. Does anyone truly have the luxury of an RTO that has been defined in their BIA cycle?
- In reality, the criticality of a business process is determined by critical customers and stakeholders. They define how critical a process might be, in terms of impact on reputation, brand and finance (lost revenue). Essentially, RTO is just a legacy measurement determined through the ‘standard’ BIA cycle.
In today’s BCM process, RTO doesn’t really offer anything of value. It’s an artificial statistic that has little relevance to Business Process resumption. It’s more important to understand which Processes are candidates for rapid recovery at the time of an incident because of their impact on critical products and services. RTO may still be useful for IT Services Recovery. But true Business Process criticality (the need to recover product and service capability rapidly) might be much shorter than any BIA-derived RTO.
The RTO myth just got busted. Check out our next Myth Buster article’The Myth of Moving to the Cloud’.
