Last month, we published a perspective (Business Continuity for Small Businesses – We Can Do Better!) on how most small and medium-sized organizations escape the complexity of larger organizations and thus have the opportunity to implement streamlined business continuity planning processes, which should include:
- Prioritizing departments and activities;
- Identifying and classifying dependencies;
- Establishing an approach to recover the critical departments and the critical dependencies;
- Writing a plan to ensure a repeatable implementation of the recovery approach, along with details on how to ‘restart’ the critical departments; and
- Testing the plan with an exercise, identifying lessons learned and building experiences.
A software tool can enable these key steps in the planning process and provide a more efficient process to collect, use and maintain data. However, while organizations of all sizes utilize similar processes when it comes to business continuity planning, the same cannot be said for the use of tools.
Tools for large organizations are problematic for smaller organizations because they are built to address the complexities of large, distributed operations. As such, these tools typically require heavy configuration and provide robust functionality on top of the core analysis and planning functions. This additional functionality is great when it’s used; however, learning this functionality typically requires heavy training, vendor assistance with maintenance/changes, and can be difficult to navigate for the general end user. Unfortunately, this combination usually results in a large investment in a tool that typically underutilized.
Smaller organizations need tools that are simple to use, simple to administer and offer the right functionality to enable the five key steps outlined above. Smaller and medium size organizations should seek out tools with the following key attributes and functionality:
- Easy to buy and cost effective for small businesses.
- Hosted in a highly secure data center with appropriate backup and recovery plans of its own.
- BIA and planning templates, based on proven best practices that can be implemented in your type of organization so that you can quickly add your organization’s specific content and move on.
- The BIA should include the ability to prioritize departments and activities and identify/classify dependencies. Further, the BIA reporting capability should provide the analysis to develop mitigation and recovery strategies for these criticalities.
- The Plan should provide an ability to document how to recover critical departments and their dependencies, in a repeatable and easy to maintain manner.
- Information should be shared between the BIA and plan development stages so that it is not entered multiple times and can be used in either area.
- An approval process should enable easy and efficient tracking of reviews and approvals.
- Security permissions should simple, but allow for isolation of plan or BIA content when needed.
With these core capabilities, a software tool can enable a much more efficient and higher quality management of continuity risk at small and medium sized organizations. We’ve seen smaller organizations attempt to use the wrong tools and it has been disastrous. Be sure to choose the right tool for your needs.
If you’re having trouble finding such a tool – you’re not alone! We had the same problems. Luckily, we’re working on some solutions now. If you’d like to hear about them – you can sign up at bccatalyst.com.
Avalution Consulting: Business Continuity Consulting