Take a look at top lessons learned from our staff’s combined 150 years of business continuity experience. Use our knowledge to benefit your BCM plans.
When I look at my children and grandchildren, I smile at their accomplishments and at some of their struggles. With life experience comes the understanding of what is and what may not be important. Resolving a conflict or problem is often easier for me today than when I was just out of college. On that note, we’ve put together lessons learned in the business continuity/disaster recovery arena. These come from MHA’s numerous engagements and our consultants’ combined years of experience. There are several of us with over 30 years of experience in business continuity. So, sit back, relax, and let grandpa share his wisdom – then maybe we can get an ice cream after.
- Exercises can give a false sense of preparedness and capability. Even so, exercises are great – they teach us. But often after going through a tabletop or recovery exercise, the feeling of readiness belies the gaps. You must scope tests to facilitate success. Areas or applications with known gaps are left off because they are being “worked, ” or workarounds are used that are not really part of the plan – then the exercise is considered successful.
- They do not simulate real events. Don’t make assumptions. For example, “everyone will have their laptops” when during interviews we are told, “about half the people take them home.”
It is all about being ready for a real event.
- Often organizations plan and implement for exercises, but do not consider what will actually happen.
- Technology and/or space capacity is limited.
- The knowledge of or documentation for people directing or executing recovery is not sufficient.
- Workarounds are not truly usable or functional.
Resiliency is as, if not more, important than recovery.
Think of this as preventing individual outages like an email outage or network outage from a technology perspective, or a brand impacting event or significant financial emergency. We have planned for the recovery events – the data center or building is down – but not the significant localized events that are often more likely.
Business Continuity is about risk mitigation.
Business Continuity is about risk mitigation, not implementing recovery or resiliency solutions for all technologies or business functions. Your plans should be productive and dynamic so that you are able to use them for multiple scenarios.
Documentation is not the important part of a functional BC program.
If you cannot keep the business functions running, or recover technology and applications, all the documentation you’ve developed is not going to help. It is an important aspect of ensuring a functional program, but like people, without the actual capability, it does not matter (see #1 & #2 above).
People are your most important resource.
- There will be issues in program development, maintenance, and actual recovery. Without ongoing training, people expected to solve problems will not be as effective as they could be.
- Your organization is not the most important area of people’s lives. Depending on the situation, their friends and families will most likely take priority.
Clients Don’t Care.
Customers and clients don’t really care about your emergency or event, especially if it does not somehow impact them. While it doesn’t always take business continuity experience to learn this, it’s an important thing to keep in mind.
Maintenance is more important than initial development.
Outdated strategies, documentation, and lack of capacity are not much better than nothing at all.
We’ve expressed many of the lessons learned above in previous blogs and our presentations, so it’s a good idea to search our blog for more information on each subject. Some may be obvious; others may not apply to your organization today. Take a few minutes and consider how they may apply and how you could use this business continuity experience to improve your program in at least one area.