Anyone who talks to me for 5 minutes knows that I am a big believer in the value of choosing a standard for your program and complying with it. Anyone who talks to me for 10 minutes knows that I am especially a fan of NFPA 1600 (National Fire Protection Act 1600). I also see a lot to like in the BCI Good Practice guidelines, IS0 22301, NIST 800, and the FFIEC standards.
However, I’m well aware that many smart BCM managers have made the decision not to adopt a standard for their programs. That’s fine. They’re big boys and girls, and they have their reasons.
This post is written especially for those standard-avoiding managers: you know who you are!
Don’t worry, I’m not going to lecture you on why you really should adopt a standard. I just want to ask you a simple question: Did you really mean to throw the baby out with the bathwater?
What do I mean by that? Well, the bathwater in this case is the use of a standard. And the baby is the systematic gathering of measurements on the performance of your program.
One thing I hear a lot as I travel around the country is people saying, “I don’t need to collect measurements on my program because we are not worrying about complying with any standard.”
Obviously it’s true that one of the main reasons people collect metrics is so they can see where they stack up against their chosen standard. But the fact is there are many other excellent reasons to measure program performance. If you do not gather such metrics because you are under the impression that they have no relevance to you because you are not following a standard, you are depriving yourself of many valuable benefits.
If you need more guidance about the non-compliance-related benefits of metrics, and how measuring your program’s performance can benefit you and your organization, schedule a consultation call with one of our experts.
I will lay out some of those benefits in a moment, but first I thought you might find it interesting to hear the main reasons I get from people, as I travel the country, about why they do not gather metrics on their programs. As you will see, these reasons are not always 100% logical, confirming my long-standing observation that the biggest element in business continuity planning is the human element.
The reasons I most often hear from people are:
- I don’t have time.
- I would have no clue what to do with the results.
- I’m afraid to learn what’s wrong (otherwise known as the Ostrich Response)
- Management doesn’t care, so why should I?
It’s easy to see the flaws in these reasons, or ways of working around them, when you hear them from someone else. I grant you that it’s hard when you are the one enmeshed in that situation.
Anyway, there are many excellent reasons beyond assessing compliance with a standard for a business continuity manager to invest in gathering metrics for their program.
Here are a few ways beyond gauging compliance where programs can benefit by collecting program-performance information:
- Metrics help you lead. Quantitative information on how your program is doing is a lot like the information you get from the gauges in your car. Would you be comfortable driving if your dashboard was covered with paper? Don’t you like knowing your exact speed, the amount of fuel in your tank, the temperature of your engine, and whether your RPMs are in the safe zone? Having this information helps you drive with more confidence and precision, and it’s the same with having detailed numerical information about your BC program. Having this data helps you be a better-informed driver and leader of your program.
- Metrics help you set improvement goals. For improvement goals to have substance and clarity, they need to be objective. To be objective, it is essential that they be measurable in numbers. Assessments like “good quality,” “bad quality,” and “acceptable quality” are vague and may depend on the opinion of the person expressing them. Metrics translate the system’s operational performance into numbers that can be compared. This enables you to objectively measure where you stand at the beginning and how performance improves (or not) over time.
- Metrics give you more control. The more you know about anything, the more control you have over it. Metrics give you the lay of the land of your system’s performance. They turn you from a person sitting in a cave hoping for the best to someone hovering above the landscape with a clear view in all directions. Management philosophy holds that what is measured gets managed. Metrics suggest whether the process is in order or needs external interference. Metrics form the basis of control in any organization.
Are metrics important for determining whether a program is meeting a standard? You bet. But they provide many other valuable benefits besides.
Get Started With BCMMetricsTM Business Continuity Software
So, you think you have a strong BC program? You’ll never know for sure unless you measure it. Take the guesswork out of the equation with our Compliance Confidence (C2) tool. Part of the BCMMetricsTM suite of business continuity software, this cloud-based self-assessment tool was specifically designed not only to evaluate your business continuity program against multiple major industry standards, but to allow you to gather metrics that put you in control. It’s easy to use and walks you through a set of evaluation questions that you can complete at your own pace. A simple scoring system not only gives you an overall score for your compliance with the business continuity standards; it also provides you with areas of success and opportunities for improvement.
If you’re ready to take your bc program metrics seriously, schedule a free demo of Compliance Confidence (C2) today.