8 Corporate Incompetencies of Business Continuity Planning
There are 8 Corporate Competencies that we have identified as essential to an optimal business continuity program (BCP). The first 7 address the key behaviors of the BC program. The 8th Corporate Competency, Program Content, addresses how your organization implements the 4 central disciplines of business continuity:
- Incident Management - Emergency & Crisis Management
- Security Management - Physical & Cyber Security
- Technology Recovery - IT Disaster Recovery + other critical asset recovery
- Business Continuity (BC) or Continuity of Operations
Each Corporate Competency categorizes a critical business/operational characteristic of an organization’s ability to create a sustainable business continuity program.
Let’s have a little fun & discuss them as 8 Corporate Incompetencies.
1. Have no support from leadership
No BC program can be optimal without leadership buy-in. There needs to be a commitment & understanding demonstrated by executive management with regard to the implementation of an appropriately scaled, enterprise-wide business continuity program. In addition, the “business case” for implementing sustainable business continuity needs to be articulated to & understood by executive management.
2. Keep employees in the dark
Employee awareness & adoption of an enterprise business continuity management (BCM) program are essential to its success. There needs to be a wide breadth & depth of business continuity conceptual awareness throughout all levels of the organization. This includes having an ongoing, quality training & awareness program, which demonstrates relatable disruptive events & how each team member can contribute to resilience & recovery.
3. Keep it freeform
Although some flexibility should be built-in, the BCM program requires structure. Consider the scale & appropriateness of the business continuity program & how that can be implemented across the enterprise. Be sure that the BCM program matches the articulated “business case” (program justification) & addresses the organization’s objectives & requirements.
4. Don’t coordinate across your enterprise
Program pervasiveness is essential for optimal disaster recovery & continuity of operations. Ensure that the level of business continuity coordination between departments, functions, and business units across the enterprise is consistent & strong. Seek out weak links & look for opportunities for improvement. The degree to which business continuity considerations have been incorporated in other appropriate business initiatives, programs, & processes will be a big part of your ability to achieve optimal continuity.
5. Don’t measure or track BC performance
Having a BC plan is great, but now you need to have the ability to measure & track it. Establishing metrics can help you determine & monitoring the effectiveness of your BCM program performance. The establishment & tracking of a business continuity competency baseline is a key step in staying resilient. Remember the adage, ‘what gets measured, gets done.’
6. Don’t have committed resources
Resilience “takes a village.” Be sure that there are resource committed throughout the organization. There needs to be sufficient, properly trained & supported personnel, financial, & other resources to ensure the sustainability of your BCM Program.
7. Never coordinate with external parties
Share your plan with external agencies & emergency responders. Coordinate business continuity issues & requirements with your external community including customers, vendors, government, unions, banks, creditors, insurance carriers, etc. Ensure that critical supply chain partners have adequate BCM programs of their own in place.
8. Don’t integrate the 4 central disciplines of Business Continuity
The previous 7 Corporate “Incompetency’s” address the key behaviors of the BC program. The 8th Corporate Competency addresses how the organization implements the 4 central disciplines of business continuity:
- Incident Management – Ensure that all aspects of emergency response, crisis management, & any other activities involved in command, control, & communications during an organizational crisis &/or disastrous event are appropriately addressed.
- Security Management – Ensure that physical security, information security (cyber security), & any other activities associated with protecting the integrity of targeted information & resources are appropriately addressed.
- Technology Recovery – Ensure that critical information systems hardware, software, networks, & applications are adequately recoverable within defined recovery time objectives.
- Business Recovery – Ensure that critical business functions & resources are adequately recoverable within defined recovery time objectives
Not having any of these elements can greatly impact your organizational resilience & ability to recovery from a disaster. Each Corporate Competency categorizes a critical attribute of your organization's ability to create a sustainable business continuity program.
But don’t stop there! It is critical that the work together to share resources, standards, terminology. You can achieve an holistic framework in which all OR program stakeholders participate as the following diagram depicts:
What is your organization’s level of BCP competence? Download the free Business Continuity Maturity Model to find out!