10 Best Practices for Business Continuity Management

on March 2, 2015 Resilience - Growth & Strength and Tags: , , , with 0 comments
10 Best Practices for Business Continuity Management
Facebooktwitterlinkedinrss

Here are 10 best practices outlined to help you make the right Business Continuity Management, Compliance and Risk Mitigation Decisions.

1. Get Management’s Full Commitment

Management buy-in is crucial for Business Continuity Planning (BCP) because it is an investment in something you hope you’ll never use. To encourage buy-in, go beyond presenting just the potential damage to the company from disaster unpreparedness. Include RIO benefits of implementing the plan. These may include using the backup infrastructure for other purposes such as identifying obsolete or unneeded applications during the prioritization process and/or having more flexible employees who are better trained in more activities vital to the organization, thus reducing recruiting and job transition costs.

2. Acknowledge Your Needs and Vulnerabilities

Business Continuity should be a priority for the entire organization: management, IT, operations, logistics, real estate, legal, risk management, HR, sales and marketing. Every department is involved in an integrated plan, giving everyone a stake in that plan’s success. When disaster strikes, everyone starts from the same plan & procedure.

3. Think About Data and Systems

Think about how you connect to your system of critical data sources, counter parties and service providers. You will need to plan how to access the data systems that are not on your private cloud so that operations can begin soon after server & system recovery operations are complete.

4. Prioritize

Simplify recovery by taking a tiered approach. Prioritize the processes and applications that must come online first, and design your plan so that the supporting infrastructure for these processes and applications become available first.

5. Compliance Check

Ensure the recovery infrastructure will be consistent with all legal, regulatory and compliance requirements. This is especially critical for firms that face mounting and evolving requirements (e.g. finance, healthcare).

6. Be on a Mission to Inform

As your plan emerges, distribute it widely and make it available in multiple formats. Develop a system (e.g. regular meetings, email updates) to ensure that executives and managers are familiar with the plan, know how to access it, and understand their roles in triggering the plan and responding to a crisis.

7. Train

A variety of resources exist today that can provide additional information on BCP. These include articles, books, conferences, and local and global trade organizations.

8. Test and Test Again

Design and run a variety of announced and surprise test scenarios. For example, you can announce that a bomb has been detonated, designate a number of people who are on vacation and “hurt” in the explosion, and then have everyone else implement the plan.

9. Maintain the Plan

People, business requirements, business facilities, partners, vendors, and regulations all change over time, resulting in the need to update the BCP. You should design and maintain a rigorous reassessment schedule and update the plan accordingly.

10. Plan B for Personnel

Make sure you have a second and third backup person trained for each critical response and recovery function (including yours) in the event that a primary individual is unavailable (i.e. on vacation, affected by the crisis). These functions include making the decision to trigger the plan, leading the internal communication effort, contacting key customers, and responding to the media.

—bill

Bill Douglas is an accomplished Strategic Advisor, helping companies grow and become stronger. He can be reached at bill@resilienceguy.com http://www.resilienceguy.com

Share this: Facebooktwitterredditlinkedinmail

Add comment