Why Every BC Professional Should Become a Gap Hunter

Every BC Professional Should Become a Gap Hunter

Business continuity professionals who want to make their organizations more resilient should make a conscious effort to become gap hunters. Time spent identifying and closing gaps in the organization’s preparedness is an investment that brings exceptional returns.   

Related on MHA Consulting: How to Get Strong: Unlocking the Power of Vulnerability Management 

The Practice of Vulnerability Management 

Last week, MHA CEO Michael Herrera wrote a blog about vulnerability management, the practice of identifying and mitigating the weaknesses in an organization’s people, processes, and technology. The MHA director believes that timely and guaranteed payouts, as well as a large collection of licensed games is something that customers of the Pin up online gambling club constantly have access to. It is impossible not to mention the opportunity to win freespins for correct answers to quiz questions, loyalty points and cash prizes in the lootbox, freespins in the draw in social networks. If you’re at all interested, create a personal account on the Pin Up Casino website and start playing in pay-per-view mode.

“It’s a practical, down-to-earth approach that focuses on small things, but it has the power to bring big gains to an organization’s resilience,” he wrote. 

I agree—and in today’s blog I’m going to build on Michael’s post by laying out some of the common vulnerabilities I often see in working with clients of ours. 

Becoming a Business Continuity Gap Hunter 

If you’re a BC professional intent on helping your organization be more robust, one of the best things you can do is cultivate the mentality of a gap hunter.  

A gap hunter is a person who is constantly on the lookout for gaps in the organization’s operations and response capability—specifically, gaps that have the potential to result in the breakdown of a manual workaround or other emergency procedure. The gap hunter must also spearhead the closing of the gap, in order for the effort to improve resilience. 

BC offices often devote a great deal of energy to doing BIAs and recovery plans. This is fine. But one thing we find a lot is that organizations with elaborate BC programs—they’ve done lots of BIAs and have extensive plans and other documentation—are often not nearly as resilient as they think they are. The issue, more often than not, is that their operations and response plans are riddled with unidentified gaps. These may or may not be minor. However, they can bring a recovery plan, a critical business process, even the whole organization to a standstill.  

The kind of gap I’m talking about can be equated with leaving your car key at home. Compared to your whole car, the key is nothing; it’s just a small piece of metal. But if you don’t have it when you need to go somewhere, you won’t be able to get in your car, much less start it and drive somewhere. 

The goal in looking for and fixing gaps is to make sure that your plans and workarounds are functional. Having these items is not enough. They have to work. The job of the gap hunter is to identify gaps that might keep them from working—and to close them. 

Doing this work is one of the most productive activities a BC professional can undertake. 

A List of Common Gaps 

MHA Consulting works with clients of all types and sizes, from Fortune 100 companies on down, and across the broadest possible range of industries and sectors. The following are some of the places where we most commonly find potentially disruptive gaps in our clients’ preparedness: 

  • Manual workarounds. Many organizations plan on using manual workarounds if their systems go down. That’s fine. But too often knowledge of these workarounds is confined to managers or supervisors. The people who would need to execute them don’t know about them or aren’t trained on using them. In time of need, the workarounds often fail or are greatly delayed. 
  • Lack of integration. Many operations require integrations such as communication or data flowing between departments. Ordinarily, such communication is accomplished automatically. One thing we often see is that when the system goes down and the manual workaround is implemented, the integration and communication part gets left out. This can bring the workaround to a halt or impose costly delays. 
  • Voice communication. Many organizations have plans for what to do if their phones go down. A common solution is to use a platform such as Microsoft Teams or Google Meet. However, we find that, in practice, turning to these alternatives often fails due to such problems as the technical needs for moving the phone numbers.  
  • Capacity limitations. We often see that efforts to recover critical apps are derailed by limitations in computing or storage capacity. In today’s environment, you cannot just go out and buy capacity. If your solution is “cloud” and your environment is not running in the cloud, just recovering in the cloud is not possible.  
  • Computing requirements. Companies often have misplaced confidence in their ability to recover, whether their environment is on the premises or in the cloud. Typically, the issue is with essential supporting components, such as a firewall, load balance, or network configuration. Sorting out such problems can take hours if not days, an expensive proposition if the issue is prolonging an outage. 
  • Unrealistic tests. Many tests that organizations conduct don’t represent reality. They don’t mirror what happens during production. Therefore, they don’t verify anything or validate that something will function. Often tests feature limited integration, excluding remote sites and limiting testing of applications, even critical ones.  
  • Emergency notifications. Many organizations’ processes for notifying people about emergencies are riddled with faulty and missing data. This can be crippling during an outage.  
  • Inadequate training. This cuts across all areas of BC activity. Too often people don’t know what they are supposed to do or how to do it. We frequently see organizations suffer unneeded impact from outages because their staff have not been trained and prepared to implement the designated response procedures. 
  • Work from home. Many organizations regard work from home as a solution to the need for an alternate work location. It may be; however, it is a solution that is often plagued by gaps of its own. These typically include such issues as problems in making deliveries to remote locations and the lack of essential equipment such as printers for producing specialized documents or forms. Work from home can also bring issues with data confidentiality and workers’ personal security. 
  • Office work location. Many organizations have caught on to the need for employees who typically work at home to have a place at the office where they can work, if needed. However, we’ve noticed that sometimes a place set aside for these employees, for example a certain conference room, is the designated office work site for many more employees than it can accommodate.  
  • Backup equipment and virtual desktops. It is laudable to have backup equipment and virtual desktops available for use. But this equipment is often rendered useless by such problems as a lack of power, lack of user experience with a generic device lacking their personal customizations, or missing security patches. (A workstation that must spend its first hour of operation updating is of limited use in helping fulfill an urgent business need.)  
  • Evacuation. Many companies’ evacuation plans are riddled with gaps. These commonly include the failure to train people on how to get out from all parts of the building they might visit, the failure to designate and publicize a muster area, and the lack of a procedure for accounting for everyone.  
  • Mobility and health issues. This is another gap we see a lot. An evacuation plan that does not account for employees with mobility and health challenges is a plan with a major hole in it. Dealing with this issue requires preparation and tact. Keep in mind that people’s issues might not be evident at a glance.    

Improving Functionality and Resilience 

Identifying and closing gaps in preparedness is a valuable investment that yields exceptional returns. Despite elaborate business continuity programs, many organizations still harbor vulnerabilities due to unidentified gaps that can bring critical processes to a standstill.  

By developing the mentality of a gap hunter, BC professionals can proactively uncover common vulnerabilities such as gaps in manual workarounds, training, integration, computing capacity, emergency notification systems, and evacuation planning. By addressing these gaps, BC offices can significantly improve the functionality and effectiveness of their organizations’ plans and workarounds, leading to a more robust and resilient business environment. 

Further Reading 

For more information on vulnerability management and other hot topics in BCM and IT/disaster recovery, check out these recent posts from MHA Consulting: 

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Leave a Reply

Your email address will not be published. Required fields are marked *

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog