Every organization faces risks – and some of those risks may result in disruptions or other ‘incidents’. For all Business Continuity programs, an effective response to an incident requires many things. Our recent blog series “Incident Horizon” breaks those requirements into five phases: Planning, Preparedness, Initial Response, Planned Response and Extended Response. Understanding the purpose and objectives of each phase is critical to development of a Business Continuity Management program capable of responding to any disruption – not just a predetermined set of risk ‘scenarios’ Among others, the series addresses issues such as:
- How to ensure that plans are viable for an effective response, and why exercises and other simulations are essential to find plan gaps and vulnerabilities and keep them up-to-date in our ever-changing world
- Determining the “period of performance” over which Plans are expected to be executed. Should you plan up to the RTO, or for days, weeks – or even months?
- Planning for an immediate response (based on the impact of the disruption) to assure adequate alerting, notification, fail-over and 1ststeps – not simply evacuation and calling 911.
- Assuring that real time alerting and global situational awareness are actively pursued to enable response to any disruption – or potential disruption – happens in as timely a fashion as possible.
- Making sure that Incident Managers have access to essential intelligence that enables them to make timely and accurate decisions – including impacts, dependencies and current capabilities
- Assuring that predetermined teams understand their roles after a detailed impact assessment– and what will be expected of those teams over the first few days following a disruption.
- Understanding that Business Continuity Management must address all of these requirements to assure an effective response to any potential disruption – known or unknown.
Business Continuity Planning is much, much more than just writing Plans. It doesn’t matter whether the ‘focus’ of your BCM program is Risk Management, Resilience, compliance or anything else. If you have not properly planned, prepared and practiced your response to business disruptions, you may lose precious time and make ill-advised decisions when faced with a critical situation. Just like packing the right clothes for a long trip, understanding what you will need in the event of a disruption is the first step in making sure you’ve got the information and resources you need when it happens.
Check out our “Incident Horizon” series. We guarantee you’ll find some ideas that will help improve your Business Continuity Management Program.
