Automating your Business Continuity Program

By |2019-11-04T21:38:52+00:00October 28th, 2019|0 Comments

As a practitioner, you might be managing a plethora of business continuity documents ranging from Business Impact Analysis (BIA) records to continuity plans. Managing these documents is a critical part of your Business Continuity Management (BCM) program and should align with organization and compliance requirements.  Specialized BCM tool could be one approach for maintaining these crucial documents and if implemented in the right way it could save a lot of resources and make your BCM program business-friendly.

A good business continuity tool implementation should support your BCM program and not the other way around. Before automating program processes practitioner should have a clear framework and understanding of the organization’s BCM processes. Also, you should socialize the framework with the stakeholders and address any gaps and updates before automating them using a tool. Most of the leading BCM tools in the market would help you automate the following program processes:

  • Risk Assessments
  • Business Impact Analysis
  • Continuity Plans
  • Incident Management
  • Test and Exercises
  • Reporting and Program Metrics

Things to consider when selecting a BCM tool for your program

The following factors could be considered when selecting a BCM tool:

  • Alignment with your program framework: consideration on how well the program framework can supported by the tool
  • Ease of use: User-friendliness of the tool. Assume most of the stakeholders might be using the tool 4-5 times in a year. The tool should be intuitive to use and should have simplified workflows 
  • Tool Training: How often would you be able to train your stakeholders on the functionality? will you be getting training support from the vendor?. Also, consider automating the training so that the new tool users can easily use it  
  • Maintenance requirements: is the tool vendor going to support the maintenance or would you need a full-time specialist for the tool?

Assuming that you have the required budget and approvals for implementation you should consider the following aspects before implementing the tool:

  • Hosting your business continuity tool: When implementing a business continuity tool, you have an option to implement it on-prem or on-cloud. Given that you might need access to your recovery plans during disruption scenarios which could also include technology outage. you would want to host your plans on a tool that is not impacted during the outage – on-cloud hosting is a good option in that case. On-prem hosting has its own advantage. if you are implementing something on-prem you can partner with your internal technology teams and might get faster maintenance support for issues related to infrastructure. On-prem or On-cloud this decision is also based on multiple factors such as budget, leadership guidance, organization technology culture. However, as a BCM practitioner, you should manage the availability risk whether you opt for on-cloud or on-prem solution implementation.
  • Early buy-in from your stakeholders: Business users who are going to use the tool to update their recovery plans and business impact analysis should be introduced to the tool early in the process. You can organize working sessions with the tool vendors and stakeholders where they get a chance to use the tool, ask questions and provide requirements input. if users are at ease with using the tool it would be easier to create a sustainable model for managing the tool with minimal training requirements.
  • Requirements gathering: This is an important process. Requirement gathering workshops should be structured around the program framework. BCM practitioner should socialize the business continuity program framework with the tool vendor in advance of the workshops. A clear understanding of the program processes serves as a foundation for successful implementation.
  • Compliance requirements: Reviewing compliance requirements before the implementation is important as you might have to make sure that the tool implementation incorporates those requirements. Partnering with the compliance team early in the process is vital. Compliance requirements such as audit logs for recovery plan approvals, security controls for confidential information should be considered during the implementation of the tool.
  • Testing: Stakeholders should be included in the user acceptance test during the tool implementation. This gives an early chance to test the design and workflows implemented. Also, if anything needs to be changed or modified as per the access requriement it can be recorded early on. stakeholders should be informed in advance about the testing as in some cases it might require a significant time commitment from their end.
  • Tool Training: Adding training requirements in your BCM tool contract is important. if you have a lean BCM team you might want to address this before the implementation. Recorded WebEx sessions for tool training comes handy and could be shared with current and future users who will be using the BCM tool for hosting their recovery documentation.
  • On-going maintenance: Clear ownership for the BCM tool maintenance should be defined in advance of the implementation. if the vendor is responsible for the ongoing upgrades and maintenance, it should be reflected as part of the tool contract. However, if the maintenance and ownership are the onus of internal stakeholders the same should be identified. Also, internal maintenance teams should actively participate in different phases of implementation and should have a clear context on the tool functionality and purpose.

Finally, BCM tool implementation is a major project for any continuity program and requires significant time and resource commitment. I hope the above aspects will help you with the automation of your business continuity program.

About the author

Vaishali Jain is a Senior Program Manager for Business Continuity Management at ServiceNow. You can connect with her here

Recommended1 recommendationPublished in Enterprise Resilience

About the Author:

Leave A Comment