Recently, I have been attending quite a few meetings regarding contingencies required for the implementation of a large project initiative. Because it’s a new initiative and many users aren’t even assigned an ID yet to use these new systems and applications, it’s a bit hard for them to know what contingency strategies are required for insertion into their Business Continuity Plan (BCP). But that’s OK because there are still options at their fingertips.
In some instances, like the one noted above, you may have to wait for direction from the Crisis Management Team (CMT) or triage team or support team – whoever is managing the situation. Until you receive that direction your immediate response – or contingency response – is to hold off on activities and wait. It may seem odd but that is your short term contingency until provided other guidance. Even though doing nothing isn’t usually an acceptable response sometimes it’s the only response available when you’re waiting for direction from the Crisis Management Team (CMT) or some other group that provides your area with direction and guidance.
Doing nothing is actually doing something. You may not be able to process a payment or send a file on to its next destination but by doing either one of those, you are actually performing a task; you’re holding and waiting until you can continue. But even if that is your option, it’ll only be for a short duration because if it turns out its going to be a longer outage, you may need consider additional activities to implement if you receive word your application and/or system will be done longer than the acceptable outage period. So your BCP should contain short and long term contingency strategies.
With short term you may be able to manage on your own with no one else’s involvement; however, in long term contingencies you’ll need to determine what you can do – or not do – with you various internal and external stakeholders. If you decided to hold and wait during a short term duration, it might not have much impact on others…or very little, but if you have a longer duration outage then there’s a chance others are experiencing the pain as well. Then you need to include them in your long term contingency strategies and they need to consider you, as longer term outage durations require much more coordination between various teams (business units, IT teams, internal partners, external partners and suppliers etc.).
Even if you determine that for short (and long) term durations your contingency is to do nothing, you will still need to consider what to get back to normal Business as Usual (BAU) operations. When your system or application becomes available once again (or your facility or employee levels for that matter) you will need time to ramp back up to normal levels and that’s not going to happen at the snap of a finger. You need to understand that you have a high volume of work that requires immediate attention; something that needs to be coordinated and executed in an efficient manner. You could have time sensitive materials that need addressing and having been down for a time could cause potential harm to you company. What are you doing about it and what are you going to do address it? Surely you won’t be doing nothing when this happens.
These steps need to be created by the business unit involved and captured in their BCP plans or else they could run into problems when everyone else is up and running and beginning their validation to allow them to continue back to BAU but your area is trying to figure out what to do. That could cause a breakdown in processes itself even though all the tools are available and working.
Contingencies aren’t just for detailing what you need to do when things go awry and something is unavailable; they need to help get you back to BAU as fast as possible when everything is available once more.
© StoneRoad 2016
A.Alex Fullick has over 19 years’ experience working in Business Continuity and is the author of numerous books, including “Watch Your Step”, “BIA: Building the Foundation for a Strong Business Continuity Program.”and “Testing Disaster Recovery and Business Continuity Plans.”