You have a great business continuity plan. You analyzed your network, you eliminated all the single points of failure, all your departments defined RTOs for all their systems, you have continuous cloud backup, and you have a warm site waiting just in case your data center gets a cootie infestation. Good work!
How mature is your organization when it comes to business continuity & organizational resilience? Does your Business Continuity Management (BCM) program crawl, walk or run? From self-governed to synergistic, we have identified 6 levels of BCM maturity that most companies fall into. What is your organization’s level? Here is our breakdown:
Every organization or business, regardless of revenue or staff size, needs to understand what is truly critical to keep operations going, and how long the business can function without certain elements, components or dependencies. This includes considering how long the business can survive both financial losses and reputational losses due to negative public perception. Obviously, not having a disaster recovery plan is a recipe for disaster, but just having a plan is not enough. Make sure that your disaster plan avoids certain pitfalls that may complicate disaster recovery and make it more of a disaster.
Consider this list of what not to do including:
- Make everything a priority
- Have only one way to access the plan
- Impose a gage order. Don't communicate.
- Don't bother having an extended recovery plan. Just wing it.
- Over complicate & over process the process
- Micro-manage the disaster recovery team
- Let the disaster recovery plan collect dust on the shelf
The business continuity (BC) planning process can be a daunting challenge. Project planning can play an important role in keeping the process on track & help in your success in protecting your organization from unplanned events that can disrupt operations. The goal is to identify the right information & determine a process to keep it current and accurate. Key elements of a business continuity plan include:
Target, the IRS, Hillary Clinton, Sony, healthcare systems… the list goes on with new stories of cyber security breaches and hacking. A cyber-attack can lead to financial and reputational losses from which it can be difficult to recover. A cybersecurity breach can negatively impact your business continuity and force the organization into disaster recovery mode. Sometimes simple preventive measures can help mitigate risk, before disaster strikes. Here are 6 hacks you can try to help your organization avoid getting hacked.
- Stop insider attacks
- “Gone phishing”
- Password security
- Defend against intrusions at the device level
- Avoid band-aid security fixes
- Mandatory cybersecurity education
You may have noticed we launched a new look and feel at Virtual Corporation, that we think better matches our philosophy and even lets us have a little fun. I thought I would explain our thought process on our new imagery and organizational resilience planning overall.
Building engagement is a challenge for almost every organization when it comes to business continuity planning. Sometimes it seems like it would be easier to do the whole plan alone, but we all know that in order to be effective, the organizational resilience plan needs to have input from all parts of the organization.
There are 3 approaches that risk managers and continuity managers consider when trying to build engagement. They are fear, framework, reinforce and support. There are benefits to all, but which approach has the most lasting and productive impact for building enterprise engagement of your business continuity planning process? Here are my thoughts on these 3 approaches. You can decide which works best for your program.
- Approach 1: Fear
- Appraoch 2: Framework
- Approach 3: Reinforce & Support
Whether you are starting a program ‘from scratch’ or seeking to re-energize a program that may have lost some of its original focus, there are a few common pitfalls you should be aware of and seek to avoid. The goal is to create a successful business continuity management program that is objective, consistent & repeatable.
Your piece of the ‘resilience program’ may include one, several, or all of the following disciplines: IT disaster recovery, business continuity, emergency management, crisis management, site or operations risk management, and possibly other related activities.
Let’s face it. Organizational resilience, business continuity & disaster recovery program management requires buy-in from the entire organization, from the top down, across all departments & across external service partners & providers. Everyone needs to understand how they fit into organizational operations during normal day-to-day operations & also during a disruptive event. Without buy-in, even the best laid resilience plan won’t work.
Ok. So now how do you get buy-in? I suggest these five for building executive buy-in of your organizational resilience management program:
- Step 1: Define Organizational Resilience specific to your industry/organization
- Step 2: Determine a baseline
- Step 3: Play by the rules! (Know your regulations)
- Step 4: Conduct a business impact analysis
- Step 5: Money talks! Quantify the financial impact
Are you getting optimal outcomes for your organizational resilience & business continuity plans? Do you even have a way to measure this? Don't worry, we have a short infographic that can show you the 5 things you need to consider when managing a disaster recovery & organizational resilience program.
This infographic demonstrates these 5 critical components: