You probably have a business continuity plan of some description — something that sets out how your organization will operate following an incident and how it will return to “business as usual” in the shortest timeframe possible. But chances are, it’s a snapshot — a static document based on a narrow set of requirements that’s gathering virtual dust, out of sight and out of mind amid day-to-day priorities.
The way your business is organized, who it serves, its locations and key staff have almost certainly changed over the intervening period, so even if your plan was solid at the time of writing, it’s unlikely to be wholly applicable today. Even a fully compliant plan can be fully irrelevant when you’re faced with a real crisis. And complacency is more dangerous than any storm.
A Lifecycle Approach
Business continuity management (BCM) is an ongoing process: one that identifies risks, threats and vulnerabilities that could impact your continued operations. But it should also provide the framework for building organizational resilience, and set out your capability for an effective response, based on enterprise-wide governance and a clear understanding of recovery priorities. And lastly, it should anticipate and adapt to prevailing circumstances, which requires a firm grip on change management.
This lifecycle approach to BCM tends to be neglected for one of two reasons: either organizations lack the dedicated risk management, security and BC expertise and resources to make it happen, or they are large, complex entities that cascade BC responsibility down to novice planners, such as branch managers.
Until recently, BC tools and solutions have largely fallen short of the mark: designed at an earlier time to meet a less sophisticated set of requirements than today’s always-on business demands. However, newer software offerings are built to systematize change management, federate communication, and guide actions throughout the entire BCM cycle, to ensure continued relevance of the plan and the threat mitigation in place.
Ultimately, though, the new era of business continuity assurance is not about software. It’s not about compliance. It’s not even about plans. It’s about shifting the focus to outcomes, to instill greater confidence among customers, employees, business partners and investors.