When organizations build a Business Continuity management (BMC), Disaster Recovery Plan (DRP) or whatever name you want to give the program, quite often they fail to communicate a specific aspect of BCM to their sponsors and executive management: BCM is not a onetime thing. It’s not a single goal to reach and then it’s over. It’s not final when you’ve tested a plan and put the plan on the shelf (or saved the plans in an online application).
It’s cyclical. Yes, that’s right – cyclical. That’s because for the most part any methodology you leverage to build your plans, protocols, processes, teams and programs, will fit into – one way or another – the Plan-Do-Check-Act (PDCA) framework developed by W. Edward Deming. I won’t go into detail the overall cycle in this blog (maybe some other time) but one way or another what you’re doing to create your program is the PDCA cycle.
The cycle is a wheel, which continues round and round and if that’s the case then how could creating and especially the maintenance and review of a BCM/DR program be a onetime thing? It can’t. This is what executives fail to either understand or aren’t told, which is why later on down the road people – especially executives, begin to question why BCM/DR activities continue after they believe the program (and its deliverables) have been established. They fail to understand and practitioners fail all too often, to explain that BCM/DR is continuous and not a onetime project. It’s an operationalized program (hopefully), which needs ongoing support, review and maintenance.
This really needs to be communicated up front when you first start putting you program together. You may not know the full extent of when, who or how the program will be maintained but when you start your planning you’ve got to communicate that it’s something that’s ongoing. You may deliver the Finance BCP plan but you’ve got to communicate that it will need to be reviewed annually (at least) for updates, as well as other program components and findings. Organizational Changes, IT Changes and personal changes will require the continued maintenance and review of strategies and plans otherwise plans – and the program overall – won’t address the needs of the organization.
So the next time you’re talking to you program sponsor or providing an update to executives, make sure they are aware that the program is ongoing and needs continue support and resources. Then they need to ensure that support exists in all areas and that all areas continue to support and provide updates when required. It’s not over when the BCP or IT DRP is documented. The program needs to move in step with the organization.
© StoneRoad 2018
A.Alex Fullick has over 21 years’ experience working in Business Continuity and is the author of numerous books, including “Watch Your Step”, “BIA: Building the Foundation for a Strong Business Continuity Program.”and “Testing Disaster Recovery and Business Continuity Plans.”