Accentuate the Positive: Recognizing Your BCM Program Strengths

In business continuity, we have a tendency to focus on what’s wrong with our programs or organizations. However, it’s important that we also take time to recognize what we’re doing right.

Today’s post explains why this is worthwhile—and will also help you get started on identifying which parts of your business continuity management (BCM) program are actually in pretty good shape.

Related on MHA Consulting: Sweating the Big Stuff: 5 Things That Really Matter in BCM

PROPHETS OF DOOM

There is one thing that business continuity consultants learn very early: most clients are about as excited to see us as they are to see their dentist.

This is because we are always telling people about what disasters could happen to them, all the ways in which they are not ready, and all the expensive steps they would have to take in order to be prepared.

In some ways, it feels as if we are the original prophets of doom.

“THIS IS NOT GOING TO BE A GOOD DAY”

I got a reminder just the other day of just how (un)happy people can be to see us. I arrived at one of our clients to conduct a mock disaster exercise, and the first thing someone said when they saw me was, “Oh, great, this is not going to be a good day, is it?” Actually, more than one person greeted me like that. They were all friendly and joking as the response was mostly due to knowing I had an emergency scenario for the mock and they assumed it would be bad. Sometimes I do wonder if it’s bad because we are working on business continuity.

Of course, as all mature people are aware, bad things happen in life and many people depend on our organizations for everything from their livelihoods to vital products and services, so we do have to anticipate potential problems and make our organizations more resilient.

In a word, we have to be realistic.

But sometimes being realistic is taken as a synonym for being negative, or at least we only focus on the negative.

ACKNOWLEDGING THE POSITIVE

All that together got me thinking about the importance of acknowledging the positive things in our BCM and IT/Disaster Recovery programs.

So that’s what today’s post is all about: I wanted to encourage the BCM and IT/DR professionals who read it to make themselves aware of the strong aspects of their programs and to take time to appreciate them.

THREE GOOD REASONS

There are three good reasons to acknowledge and celebrate the good aspects of our programs.

First, at MHA, we often emphasize the importance of being realistic in doing BC and IT/DR. A strong grasp of reality is the best foundation for an effective program. However, being realistic does not mean seeing all of the negatives and only the negatives.
A realistic view of anything requires an understanding of its strengths as well as its weaknesses.

Second, most if not all of the BCM practitioners that we know are still humans rather than robots.
And humans naturally like to be praised and recognized when they make a strong, effective effort. Praising people motivates them and makes them feel good, and constantly finding fault with their work demotivates them. This is an excellent reason to take time to point out your program’s strengths. It’s good for the staff and good for the organization.

Third, identifying our strengths helps us prioritize our future efforts. If there are things we’re doing well, just about the smartest thing we can do is leave those areas alone for a while (resisting the urge to try to make good into perfect) and go focus on areas where we are at most risk or weakest. This is the proven way to get the most bang for your buck in terms of improving your overall performance.

WHAT ARE YOUR PROGRAM’S STRENGTHS?

So what is your organization good at, in terms of BC and IT/DR?

No matter what problems they face, most organizations are really good at performing at least a couple of key skills and functionalities.

Below is a list that might help you get your thoughts going on what your company does well.

This isn’t a comprehensive list of essential BC capabilities. Rather, it’s a list of areas where I have seen a number of organizations do a pretty good job, even if they took it for granted or weren’t fully aware of it.

Note that the good results can come about organically or because the organization consciously worked on them.

I’ll divide the examples up into staffing, location, technology, and BCM:

Staffing:

• The IT staff is experienced and understands the environments very well. They are capable of performing the technology recoveries due to their high level of technical and institutional knowledge and skill. This is an especially valuable asset in an environment with limited documentation.
• The organization has individuals who are skilled and effective during emergencies or demanding situations.
• Departments and roles have knowledgeable and trained primary and backup personnel who are functionally capable during emergency events.

Location:

• Departments have staff distributed across multiple locations, limiting the potential impact of a problem at any one facility.
• The company has a culture where people work from home on a regular basis, so this capability is already in place and normal.
• Facilities are hardened against natural disasters or technology problems.
• Evacuation plans are in place and evacuation drills are held regularly. The capability of getting staff out of the buildings quickly and effectively has been demonstrated.
• Safety stock or inventory is at levels which will limit production hiccups or limited outages.

Technology:

• Remote access capability is well defined and used on a regular basis.
• IT recovery technology is sufficient to support the first five days of recovery needs. It has been tested and verified as being able to perform as needed.
• Emergency notification capabilities exist and are tested regularly for all areas (not just a few test groups or people).
• IT processing is in a hardened Tier 4 data center, limiting the organization’s exposure to data center–related issues.

BCM:

• Documentation exists and is accurate and easy to use for all staff. (Congratulations if you have this; this is a pretty rare strength.)
• Organization culture includes BC/DR in day-to-day activities.
• BCM is part of regular senior management status meetings and engagement.
• Exercises are performed unannounced and without pre-planning, to ensure there are no issues

NOW, PIVOT

If you have not included the strengths as part of an assessment recently, take some time and list out what you are doing well. You may be surprised.

If your organization is doing a good job in any of the areas listed above, or any others, then great. Congratulations. You should be pleased and proud about that, and acknowledgment of the success should be shared with everyone who helped achieve it.

And then you should mentally move those areas off to one side, and pivot toward the things you are not doing so well, and start working on them.

This is how we get better at our demanding and often frustrating, but extremely important, mission of improving the resilience of the organizations we work for.

FURTHER READING

For information on other hot topics in business continuity and IT/DR, check out these recent blog posts on MHA Consulting and BCMMETRICS:

• In Time of Crisis: What to Do in the First 24 Hours
• Everything You Always Wanted to Know About Managing Risk but Were Afraid to Ask
• Disaster Recovery as a Service Comes of Age
• Shark Attacks vs. Sunburn: Preparing for the Most Likely Problems
• How to Create an Emergency Response Plan
• 4 Rules for Effective Communication in a Crisis