Don’t let these BCP mistakes put your recovery at risk:
1. Managing the wrong risks.
You may have heard of the term cognitive bias – the irrational errors that we humans make in our decision-making. One type of cognitive bias, the availability heuristic, causes us to heavily weigh our judgments toward more recent information. This means we assume the latest threat in the news is the one we should be planning for. But this is not the case, minor interruptions such as power outages and server failures can be just as damaging. Look at your threat risk assessment and look at the news. If they are heavily correlated, you need to do some revisiting.
2. Using BCP jargon.
Business units and management don’t want to hear about BIAs, RTOs and RPOs, they want to hear that you’re working together to figure out what you’re going to do if something bad happens to the business. You’re going to establish what the priorities will be to get the business back up and running. You’ll then figure out ways to get those priorities restored and find the resources that might be required to make that happen. Nothing tunes out an audience more than using jargon they don’t understand, so really try to eliminate it from your interactions whenever possible.
3. Not using the results of your Business Impact Analysis (BIA) OR not setting priorities and validating the resources needed to achieve them.
Assuming that everyone within an organization has the same priorities and therefore will all work toward those common goals can, in itself, be a disastrous BCP mistake. With every department viewing the organization through their own lens, it won’t take long before priorities conflict and people are working in cross-purposes. Whether it’s through a formal BIA process or just doing some prioritizing with the management team, recovery will go more smoothly when everyone knows what the priorities are and what may be subject to change, depending on the circumstances. Do you have the equipment, disaster recovery capacity, and alternate physical space to meet the timelines you have in mind? With priorities established, the resource requirements need to be validated.
4. Not partnering with IT.
Relationships with IT departments can be great or they can be challenging. Whatever your relationship is, it’s worthwhile investing the time and effort to make it a good one. First, you need to have a solid understanding of the recovery capabilities of your organization’s IT systems in order to ensure your business continuity plan is even viable. IT can help you validate that your plans are doable from a technology perspective and help to identify what additional technology might be needed to fill any identified gaps. Second, with a solid relationship, you can present your recovery capability challenges to management together and lobby for the resources needed to close those gaps.
5. The next BCP mistake is making your plan too big and too complex
There is considerable debate about the best format for a business continuity plan. While there is no single right answer, there are guidelines to follow and the most important is document length. The document needs to be easy to navigate and with that generally comes making it short and concise. The core plan should fit into 2 to 3 pages with links to more in-depth content. Using BCP software can make navigation your plan a breeze. By leveraging imbedded links to longer, more in-depth content, users can quickly and easily find what they need. Check out our free BCP tool here: https://www.kingsbridgebcp.com/shield/#shield-free
KingsBridgeBCP offers businesses of all sizes BCP Software Solutions and industry know how based on best practices. From a FREE Edition to a Platinum Edition there is a Shield for everyone. Our software packages are customized to meet the wide range of our customers’ needs, ensuring we deliver the best value in every project. To learn more about KingsBridge click here.