Business Continuity Planning is core competency. We have built Business Continuity Plans for companies of varying sizes in different industries. Service Management Leadership has a proprietary process using templates created in-house to bring the most value to our business customers. The process includes Business Impact Analyses (BIAs), Risk Assessments, Business Continuity Plan development, Tabletop Testing, and Training all based on the NIST and FEMA frameworks.
Business Impact Analysis (BIA) phase helps to establish the Core Business Processes, how they are supported (both intern and external), processes, critical records, and much, much more. For example, minimum levels of staffing, technology, and infrastructure. Just the understanding of which external vendors are heavily relied upon may save an organization valuable time and hundreds of thousands of dollars if an event occurs.
The Risk Assessment portion is broken down by Business Process and calculates a Risk Score for each type of potential event. This Risk Score is calculated by assigning a Probability to each and a potential Impact. By understanding which types of events have the highest Risk Score for each Business Process – Core and Supporting – the organization can be better prepared for specific events. Understanding the types of risk for each group enables continuity. It also helps to identify areas for investment.
The Business Continuity Planning development is thorough. The Business Continuity Plans include all the information gleaned in the Business Impact Analysis and Risk Assessment phases for all Business Processes but take it a step further. The Business Continuity Plan development usually yields an outcome of the organization requiring Business Continuity Plans from their strategic and operational vendors and service providers. If the vendor or service provider is heavily leveraged for your organization, you need it to withstand impactful events, especially in today’s world of data and cyber breaches. The Business Continuity Plans address the facility, technology, and people aspects. Questions are asked like, “if this facility was unusable, where would the employees work?’. The answer, “at home” is not always viable if their individual homes are impacted by the same event that impacted the organization. So, an alternate location for key areas needs to be addressed. How about technology?
Can your organization withstand a data breach or an extended ERP outage? If so, how? For the people, imagine a virus or flu knocking out large parts of the staff. How would your organization continue to operate? These are the types of questions we ask, and content captured, in the Business Continuity Plans. Additionally, your organization needs to know how – and how – the Business Continuity Plans are enacted in an emergency.
For Tabletop and Real-Life Testing, the harder the scenario, the better. Even if it shows how immature your Business Continuity Plans are, a strong testing scenario will help you prepare for the difficult types of potential events. On the topic of data breaches, wouldn’t it be best to test against the scenario before it happens? We agree. The Business Continuity Plans need to be tested every year, optimally, due to how quickly things change within an organization. Testing offers an opportunity to understand the strengths and improvement opportunities.
The topic of Training is difficult for many. It seems like a waste of time UNTIL the scenario occurs. Then, every organization wishes they invested more in training, for both documentation and walk-throughs. How will leadership communicate to staff during an event? Training helps during a traumatic time. The same can be said for all scenarios.
Whether your organization needs the entire process, an update, or just an outside firm to conduct testing, we can perform these services at a high level, bringing value to your organizations. Contact us today to hear more about how we can save your organization time and money for Business Continuity.