Metrics are key to assessing the maturity and level of sophistication of your continuity planning program. We believe there are two (2) levels of metrics you can use to assess your program. Tier 1 metrics address the underpinnings of the program while Tier 2 metrics address what is the real recovery capability. Too many times, only Tier 1 metrics are used and give a false sense of recoverability to senior management. Tier 2 metrics, if used properly, will paint the real picture of the DR capability of the organization. Here are examples of Tier 1 and 2 metrics:
Example: A large organization has had a DR office and program in place for many years, multiple backup sites in place and holds recovery exercises on a regular basis throughout the year. Internal audit regularly gives them their seal of approval. Sounds good, right? On the surface, the Tier 1 metrics will paint an average or above average picture of the program and its adherence to best practices. Now, once we used Tier 2 metrics to assess the real recovery capability of the organization, it was quickly determined that the true IT disaster recovery capability did not exist and that the DR program was failing miserably in its ability to recover the critical systems and applications of the organization. Senior management in IT had lived under the belief that all was well in the realm of DR when in reality, could not even begin to recover the systems and applications needed to run the business.
Our metrics tool analyzes the level of compliance, weights them and produces speedometer graphs that quickly show management the state of the component. Additionally, our tool ensures that if key components in an area are below average, the entire component cannot be raised even if its score dictates it. Using metrics is painful and can be eye-opening but also can lead to increased management support, allocation of resources and most importantly, the multi-year budget needed to implement what you need to succeed. Use them, they work.
Michael Herrera
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.
