All organizations with a Business Continuity Management (BCM) or Disaster Recovery (DR) program always strive to have their Business Continuity Plans (BCP) / Disaster Recovery Plans (DRP) in a state they can use: in a state they believe will cover them in any and all situations. They want their plans to at least cover the basic minimum so that they can be responsive to any situation. But if an organization takes its program – and related plans – seriously, then these plans are never fully complete.
For a plan to be truly viable and robust, it must be able to address as many possible situations as possible while at the same time must have the flexible enough to adapt to any potential unknown situations. If it’s ‘carved in stone’ it makes a bit tough to adapt the plan to the situation (the situation won’t adapt to your plan).
This flexibility – and it’s maintenance (which keeps the plan alive) – includes incorporating lessons learned captured from news headlines and then incorporating the potential new activities or considerations that may not be in the current BCM / DRP plan. These plans aren’t quick fixes or static responses to disasters; they are ‘living and breathing’ documents that need new information to grow and become robust. This is why they should never be considered as complete; as the organization grows and changes – and the circumstances surrounding the organization changes – so to must the BCM and DRP plans.
It’s like trying to pin a cloud to the sky; it can’t be done. A BCP / DRP plan can’t stand still; it must be flexible, adaptable and continue to grow.
Risk profiles and risk triggers will continue to change as the organization develops and implements its strategic and tactical goals and objectives – the BCM program and plans must be able to follow along to assist in ensuring the organization can respond to a situation that might take them off their strategic path. A good plan or program is not a destination, it’s really a desired state of being where plans and processes are nurtured to grow and expand – it’s not a plateau you reach and then stop.
So if you want the best BCP / DRP plans to address as many situations and scenarios as possible when your organization is hit by a disaster, understand that to ensure they do just that, don’t ever consider the plans complete. Think of them as an entity that needs to grow and needs attention, otherwise when you need your plans, they won’t be able to help you because they’d reflect contingencies and strategies that represent the company when the plan was first developed – which could be years earlier.
© StoneRoad 2014
A.Alex Fullick has over 17 years experience working in Business Continuity and is the author of numerous books, including “Heads in the Sand” and “BIA: Building the Foundation for a Strong Business Continuity Program.”
A.Alex Fullick, MBCI, CBCP, CBRA, v3ITIL | Director, Stone Road Inc. | 1-416-830-4632 | firstname.lastname@example.org
“Failure isn’t about falling down, failure is staying down…” – Marillion