Mitigating Controls and Your Business Recovery Plans.

Michael Herrera

Understanding what residual risk remains after we have implemented all of the mitigating controls available to us is essential for a strong BCM program.

In the world of Business Continuity Management (BCM), senior management is placing greater emphasis on understanding what Residual Risk remains after we have implemented all of the mitigating activities available to us. For management to feel comfortable, the remaining Residual Risk must be within their Risk Tolerance/Appetite. If it’s outside their Risk Tolerance/Appetite, they will request that additional work be done on the weak areas to minimize the Residual Risk. In a perfect world, the Residual Risk will be zero or negative, indicating that the controls in place are sufficient.

So, how many of you have thought about the mitigating activities in your Business Recovery Plans? Do you know what they would be and how important each of them might be to recovery? Here is what we see as the mitigating activities for a Business Recovery Plan:

  1. Business Impact Analysis
  2. Recovery Strategy
  3. Recovery Team
  4. Recovery Plan
  5. Recovery Exercise
  6. Third Party Supplier Risk
  7. Training & Awareness

Now, how important is each of these mitigating controls to the success of your recovery plan?  Is each mitigating activity equally important or are some of them more important before a disruption occurs? I believe that each mitigating activity has a different level of importance based on what it ultimately means to the plan and its level of recovery confidence.

In discussion with colleagues and subscribers of our BCMMETRICS(TM) tool, we have agreed that a sample priority for mitigating activities based on the value to minimizing risk is as follows:

  1. Recovery Exercise
  2. Recovery Strategy
  3. Recovery Team
  4. Recovery Plan
  5. BIA
  6. Third Party Supplier Risk
  7. Training & Awareness

What do you see as a priority for the mitigating activities? Begin looking at the mitigating activities for each of your recovery plans and see if a small or significant risk remains. Shore up the mitigating activities that need help and you will reduce your overall residual risk for the business unit and your organization.

Read More: BCMMETRICS Residual Risk

IMPROVE YOUR BCM PROGRAM

Download your guide to getting your BCM program into its best shape ever.
DOWNLOAD THE GUIDE

IMPROVE YOUR BCM PROGRAM

Download your guide to getting your BCM program into its best shape ever.
DOWNLOAD YOUR FREE GUIDE
close-link

IMPROVE YOUR BCM PROGRAM

Download your guide to getting your BCM program into its best shape ever.
DOWNLOAD THE GUIDE
close-link