Next year is a new chance for you to put your business continuity management (BCM) program on the map. In today’s blog, we share a BCM roadmap for 2022 you can follow to give your program direction and make your efforts more proactive.
Related on BCMMETRICS: Get Out the Map: Why Your BCM Program Needs a Roadmap
Here are five areas you should look at in the coming year to guide your work and organize your program. Together they make up a business continuity roadmap for 2022.
Think about the strategic aspects of your business continuity program and specifically the following three areas:
- Compliance Strive to get in alignment with your organization’s chosen business continuity standard. Don’t have a standard? Pick one already! (For a breakdown of the main ones, see “Standard Time: The Best Time to Choose a Business Continuity Standard Is Right Now.”) Selecting a BC standard that is suitable for your organization and moving into alignment with it is one of the best things you can do to strengthen your program and protect your stakeholders.
- Residual Risk. Residual risk is the risk that remains in your organization after the steps you have taken to make it more resilient are factored in. At most organizations, residual risk resides in one or more of the following three areas: recovery strategies, recovery exercises, and basic infrastructure. For more information see, “The Big Three of Residual Risk.” Squeezing down residual risk is a great way to boost your organization’s resiliency.
- Value on Investment. VOI is an intangible asset that contributes significantly to an organization’s performance. A BC programthat has high alignment with industry standards and low residual risk has a high VOI. A high VOI indicates you have built a sound program and mitigated significant risk. Focus on measuring and boosting the VOI your program brings to your organization. Your managers will appreciate it, and it will give new direction to your exertions.
Look at your program from an operational perspective and determine whether you are hitting your marks. Specifically look at how well you are executing on the following foundational BCM tasks:
- Scheduling, conducting, and maintaining business impact analyses (BIAs)
- Devising and fully implementing and validating business recovery strategies
- Keeping your business continuity and IT disaster recovery plans up to date
- Progressing in your testing program, such as by moving from tabletop tests to full functional exercises
- Adequately training the staff to carry out your plans and recover the business
Consider the potential negative events that could impact your organization, including natural, human-caused, and technological events. Extreme weather and cyberattacks are on the rise, and human threats remain a danger. Which have the potential to strike your organization? How likely is each to occur? What mitigations have you implemented? Understanding your threat landscape lets you prepare for the most likely and impactful risks. For more information, check out “Driving Blind: The Problem with Skipping the Threat and Risk Assessment,” “Weighing the Danger: The Continuing Value of the Threat and Risk Assessment,” and “A Sample Threat and Risk Assessment: The Case of Acme Widget Corp.”
In looking at the threats that have the potential to harm your organization, you should also consider your suppliers. Focus on the suppliers that provide the goods, services, and technology that are most critical to you. Anything that hurts your most important suppliers has the potential to harm your organization as well since you depend on them to carry out your mission. Also consider the state of your suppliers’ BC programs. Are your most vital vendors responsible and resilient? Or are they sitting ducks? For more about securing your supply chain, see “Let’s Get Critical: Identifying the Vendors You Truly Depend On,” “Vulnerable Vendors: Supplier Weaknesses Put Your Organization at Risk,” and “How to Stop Third-Party Vendors from Becoming Your Achilles’ Heel.”
5. Your Business
Lastly, you should take a look at your organization as a whole in terms of its trajectory and prospects. Are you expanding? Contracting? Consolidating? Have you recently acquired any new units? How has the pandemic affected you? Are most people still working remotely or are you in a hybrid situation or fully back to work? Organizations change and your BC program needs to keep pace. A program that protects your organization the way it was five years ago is of limited use if things have changed significantly since then. Once 2022 rolls around, take stock of where business is then and make sure your BC program is tailored to match.
Follow the BCM Roadmap for 2022
When 2022 arrives, take advantage of the opportunity to put your business continuity program on the map. Follow the roadmap drawn above to make your efforts more proactive and give your program strategic and tactical direction.
For more information on business continuity roadmaps, tips on your BCM roadmap for 2022, and other hot topics in BCM and IT/disaster recovery, check out these recent posts from BCMMETRICS and MHA Consulting:
- Get Out the Map: Why Your BCM Program Needs a Roadmap
- Standard Time: The Best Time to Choose a Business Continuity Standard Is Right Now
- The Big Three of Residual Risk
- Driving Blind: The Problem with Skipping the Threat and Risk Assessment
- Weighing the Danger: The Continuing Value of the Threat and Risk Assessment
- A Sample Threat and Risk Assessment: The Case of Acme Widget Corp.
- Let’s Get Critical: Identifying the Vendors You Truly Depend On
- Vulnerable Vendors: Supplier Weaknesses Put Your Organization at Risk
- How to Stop Third-Party Vendors from Becoming Your Achilles’ Heel