Measuring the Maturity of Your BCP Program

Need to measure the maturity of your BCP program?  At MHA Consulting, we look at a number of components to measure the current state of a  BCP program.  The evaluated components are weighed according to the importance to the critical path of the program and its ability to execute in the event of an unplanned disruption.  The minimum components we consider for each area of the BCP program (business and information technology) are as follows:

  1. Governance & Oversight  – Do you have effective management oversight and direction?    Appropriate staff?
  2. Policy– Is your policy documented, communicated, and enforced by management?
  3. Budgeting –Is your BCP program part of the annual corporate budget?
  4. Program Management Methodology– Do you have roadmap and process to guide your BCP initiative over the next 12 to 18 months?
  5. Prioritization of Critical Processes and Systems – Have you identified and prioritized the most critical processes and systems you need to keep your business running in the first week of a disruption.  If you can recover what you need for the first 7 days, you will stay in business.
  6. Identification of  relevant Threats and Risks – Have you clearly identified the relevant threats and risks to your organization via a threat and risk assessment study.  Do you have a mitigation plan to either accept, transfer or mitigate threats?
  7. Recovery Strategy  – Based on the results of the prioritization of your processes and systems as well as identification of threats/risks, have you identified  recovery strategies that will recover your critical business processes and systems?
  8. Recovery Plans  – Do you have documented, comprehensive and tested plans for your mission critical business processes and systems?
  9. Data Backups & Offsite Storage –Are you meeting the Recovery Point Objectives (RPO’s) of your organization?
  10. Exercises – Do you have regular exercises to validate the capability of the recovery strategy,  recovery plans and people?
  11. Training– Is training held on a regular basis to educate new and existing staff members on the BCP program and its role in the culture of the organization?
  12. Maintenance – Do you have a comprehensive maintenance schedule in place to maintain currency of the components of the BCP program?
  13. Continuous Improvement –Do you have a process in place to look for improvements to the BCP program?  Do you know what maturity level is required to meet the needs of your business?

Our Current State Assessment (CSA) model looks at these components for each area (business and technical) to determine a programs’ level of compliance and corresponding maturity level (Ad-Hoc, Capable, Mature, etc.).   Remember, in the end, it comes down to execution!

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations. Every day, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business. For more information, please visit: or contact Michael Herrera at [email protected].

Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.

Leave a Reply

Your email address will not be published. Required fields are marked *

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog