Hunting the Black Swans in Your Continuity Program
This is the ninth in the DRG ongoing series regarding hunting and mastery of the black swans in your continuity program. Look for it on the first Wednesday of each month.
Quarry 9: New Year's Resolutions!
Now that all of the wonderful (and not so wonderful!) presents and delicious foods of the holidays are over (or left-over!), may I suggest that you accede to tradition and begin to make resolutions about how you can do better in the New Year. Having survived the supposed end of the world according to the Mayan calendar, we now get another chance to put our Business Continuity houses in order. And so here is my list of Business Continuity Program Resolutions you might consider for the New Year. We have talked about some of these in earlier columns; here's some additional information about four choices.
Harness the Power of the People
And yes, you want to make everyone feel that he or she is an important member of your team. We may be the professionals, but we need to count on everyone to understand the risks in their individual areas of operation. And so also include everyone by name in departmental continuity plans and technology recovery plans. There is nothing quite like seeing the faces of employees change when they find their names and individual responsibilities listed in the plan when you do your periodic structured walkthrough or other plan exercise. Yes, it's true that listing the names of individual staff members in their department's plan will engender more updates….but it will also heighten the commitment of each individual to the program. Make ALL employees part of your team and you will be amazed at the results of so many eyes and ears and brains being directed to risk identification, design of mitigation measures, and missing communication links from one continuity plan to another. Leveraging this resource can rock your world! It can also make you a super-critical part of your organization. Just promise to try it.
Know Where Your Key People Live
Wouldn't you like to know about this situation ahead of time so that you would know that your five staff members who would be rebuilding databases live in the same neighborhood and/or rely on the same highways and bridges to get to your recovery site? Or they do not have vehicles and rely on public transportation (which may be disrupted). Yes, you can bring them in to hotels close to the recovery site or primary site ahead of time IF this is a disaster that provides time to prepare. But do remember that employees that are worried about the status of their family members will find it hard to concentrate their attention on recovery activities. It's not an easy call but you do not want to find out that you have no one available to accomplish key objectives when you are in the middle of a recovery event. This is clearly a potential black swan in ANY organization that has not performed this mapping exercise.
Build and Use Repeatable Processes
Not only will this make process execution easier for you, it will also become much easier for all participants each time that they also participate in the process. Of course you will need to refine the steps and the templates associated with each process during the first few executions, but once you have a working process, it should offer the right mix of process steps and tools for each step. If you have not used this type of process before, you may be surprised at how much easier it will make your work.
Processes are tools that work because they are fit-for-task. A hammer is a much better tool for setting a nail than is a shoe or whatever comes to hand when you need to set a nail. All of the other participants will grow used to the tool set that is brought to bear by the processes you put in place. And what used to be rocky will become smooth!
Ensure that Logistics and Support Teams Work
Some people are very calm under fire; some are immobilized by fear. Again, it is far better to find this out before an interruption incident occurs. Another difficult point is how senior management will make decisions under extreme pressure. It can be useful to have them walk through complex and serious interruption scenarios to sort out among themselves how they will come to a decision. Some of this will be dependent on the culture of the organization, but some will be dependent on the personalities of the participants. Again, best to rehearse when the real pressure is off.
Don't be afraid to do something that will take more than one year to demonstrate all of its benefits. Business Continuity Management is an ongoing process, and so take advantage of the time you have to build a more productive program, one that is easier for you to manage and more easily gains the support of all the members of your organization.
About the Author
Kathleen Lucey, FBCI, is President of Montague Risk Management, a business continuity consulting firm founded in 1996. She is a member of the BCI Global Membership Council, past member of the Board of the BCI, and the founding President of the BCI USA Chapter. IBM chose her as the first winner of its Business Continuity Practitioner of the Year Award in 1998. She speaks and publishes widely in both North America and Europe. Kathleen may be reached via email at firstname.lastname@example.org.