Last Updated on May 17, 2018
I suspect that most senior executives and managers, especially those directly concerned with operations, probably worry about business continuity just about every waking moment, although they might not think about it that way. But if you ask them, “What keeps you up at night?” they will tell you without hesitation their top concerns, from cyber-attack to talent availability to their regulatory environment to their brand’s reputation, directly relate to keeping the business up-and-running and able to serve clients in the face of disaster, disruption and dire straits.
Why do executives lose sleep worrying about business continuity scenarios? Often, it’s because their organization doesn’t really have business continuity “nailed down.” The majority of businesses either don’t have a formal/documented business continuity plan, have never tested their plan, and/or don’t regularly update their plan. Many more don’t have a specific person or don’t have a budget for it.
This leaves executives to handle these concerns informally or on an ad hoc basis. That results in unaddressed risk, which leaves the business vulnerable to disruption or worse, which leads to insomnia and an urge to constantly check email while at home or on vacation.
A more effective approach is to comprehensively address business continuity-related concerns through formalized business continuity planning. It’s well understood that a robust business continuity plan can confer competitive advantage, protect your brand, improve governance and compliance, reduce insurance costs, boost organizational maturity, improve business agility and even drive your organization towards resiliency.
On a day-to-day operational level, a business continuity plan is effectively a living legacy that carries senior management’s knowledge and guidance forward even if they aren’t there to provide direction during a disruption. If a key manager is on vacation or otherwise unavailable when disruptive circumstances occur, the next best thing besides his or her presence is to have a framework in place that codifies management’s guidance in the form of priorities, options and actions.
Further, by putting appropriate procedures and policies in place prior to the need for them, staff can respond confidently to events, knowing they have management approval for their actions. Removing the need for direct reports and other staff to act on their own (with or without adequate coordination) in a crisis—leading to faster, more effective action and thus reduced impacts—is also a top benefit of a business continuity plan.
If you’re a senior executive, director or manager, try this the next time you wake up at 2 AM because you’re worried about something related to business continuity: jot it down and pass it on to the business continuity coordinator. If you don’t have a business continuity coordinator, consider appointing one. After all, business continuity is not a one-and-done project, but an ongoing program of continuous improvement. Having someone with a 24×7 business continuity mindset can help change the business culture to become more efficient, robust and ultimately resilient.
Pivot Point Security has deep expertise in business continuity planning. To talk with an expert about the scenarios that keep your senior management up at night, identify the causes of those consequences and begin planning actions to avoid them, contact us.
Organizations must comply with specific standards including extensive documentation, maintenance, monitoring, and review. This checklist will make sure your ISO 22301 implementation hits on the key points of the attestation.
Download our ISO 22301 Implementation Checklist now!