Gaining internal buy-in for a business continuity program from peers and executive leadership is a common challenge for business continuity and disaster recovery (BC/DR) professionals. This collection of frequently asked questions provides some talking points for BC/DR managers who want to help their organization engage in more effective business continuity practices.
I have found three primary ways to use business continuity to achieve cost savings. The first is by identifying redundancies. When business continuity planning goes down to the dependency level — mapping business processes to their needed vendors, locations, applications, systems, staff, and equipment — you can see where there may be duplicate operations.
The second way to achieve cost savings is by identifying true recovery time and recovery point objectives [RTOs and RPOs]. Business environments change rapidly, and in some cases, what was a critical priority in the past no longer reaches that level. This means there may be some systems that have a better RTO/RPO than is actually needed.
Finally, organizations can leverage the data collected during the BC planning process for other GRC purposes. For example, your vendor management program needs your database of critical vendors; your IT risk management program needs the system inventory list; and your enterprise risk management program needs the business process list.
The obvious ways a business continuity plan provides benefit to the whole organization is by protecting life, ensuring compliance, reducing risk, eliminating single points of failure, and keeping staff trained. One often overlooked benefit is the ability to leverage data gathered in the business continuity program for other governance, risk, and compliance efforts. Vendor lists can be shared with vendor management. Business processes can be shared with enterprise risk management. Disaster recovery times for technology can be shared with IT risk management to help with the ‘A’ in the CIA model (confidentiality, integrity, and availability) for effective information security programs. Mapping IT systems to business processes can also assist with privacy programs such as GLBA or HIPAA.
Sometimes working in a larger organization is challenging when you don’t understand how your job fits into the overall company mission. It is vital to your ongoing career path to understand how your job/department ultimately serves your customers. Business continuity can help clarify this role during the business impact analysis by creating dependency maps for your organization. This way, a particular department can see how they ultimately serve the customer.
Organizations can better publicize their business continuity program by working with departments such as public relations or marketing. When working with public relations, use the press release to publish the wins of your business continuity program. Marketing departments that utilize email campaigns are always looking for content to publish. Write up an article explaining the resources, effort, and focus of your business continuity program. Finally, publish a business continuity program statement on your website.
Browse through some selections below, or find other topics at the Resources Center.