(NOTE: This is Part 1 of the 6th in a series of articles discussing the future of Business Continuity Management. The series starts here.)
If we’ve done all of our Planning properly – acknowledged our risks and vulnerabilities and identified the gaps in our current capabilities, we may have begun to comprehend how we should respond to a disruption. But we still need to know how to prioritize that response.
After all, we can’t simply jump in and initiate every Plan we’ve developed. If a fire starts in our home we all have an idea of what to do; and we understand the order in which we should act: get out, call 911, then try to fight the flames (if we can). We need to have similar prioritization of the response to a business disruption.
Within BCM standard practices, the BIA is the de facto method used to determine process (or function) resumption priorities. We can spend endless cycles trying to determine what is most important – and whether that judgement should be based on RTO, customer impact, operational impact, or on some cumulative rating based on all of the above. It’s easy to get caught up in BIA analysis-paralysis.
Instead, Plans to respond should be our focus:
Technology Prioritization
In the IT world, infrastructure drives both Recovery strategy and prioritization. It’s fairly straight forward: you must recover the infrastructure (networks, databases, etc.) on which systems and applications rely before you can recover the systems or applications themselves. It doesn’t matter if your IT is virtualized, uses high-availability architecture, resides in the Cloud, or is a traditional hardware-based data center with a hot site alternative. It’s relatively simple to understand the order (prioritization) in which tasks must be accomplished to recover critical systems and applications.
Stay tuned next week when we will look into Business Process Prioritization and Cyclical & Seasonal Variables effects.
