There are eight Corporate Competencies that our organization has identified as essential to support an optimal business continuity program (BCP). The first seven address the key behaviors of the BC program. The eighth Corporate Competency, program content, addresses how your organization implements the four central disciplines of business continuity:
- Incident Management – Emergency & Crisis Management
- Security Management – Physical & Cyber Security
- Technology Recovery – IT Disaster Recovery, plus other critical asset recovery issues
- Business Continuity (BC) or Continuity of Operations
Each Corporate Competency categorizes a critical business/operational characteristic of an organization’s ability to create a sustainable business continuity program.
Let’s have a little fun and discuss them as 8 Corporate Incompetencies.
1. No support from leadership
No BC program can be optimal without leadership buy-in. There needs to be a commitment & understanding demonstrated by executive management with regard to the implementation of an appropriately scaled, enterprise-wide business continuity program. In addition, the “business case” for implementing sustainable business continuity needs to be articulated to & understood by executive management.
2. Keep employees in the dark
Employee awareness and adoption of an enterprise business continuity management (BCM) program are essential to its success. There needs to be a wide breadth and depth of business continuity conceptual awareness throughout all levels of the organization. This includes having an ongoing, quality training and awareness program, which demonstrates relatable disruptive events & how each team member can contribute to resilience & recovery.
3. Keep it freeform
Although some flexibility should be built-in, the BCM program requires structure. Consider the scale & appropriateness of the business continuity program & how that can be implemented across the enterprise. Be sure that the BCM program matches the articulated “business case” (program justification) & addresses the organization’s objectives & requirements.
4. Don’t coordinate across your enterprise
Program pervasiveness is essential for optimal disaster recovery & continuity of operations. Ensure that the level of business continuity coordination between departments, functions, and business units across the enterprise is consistent & strong. Seek out weak links & look for opportunities for improvement. The degree to which business continuity considerations have been incorporated in other appropriate business initiatives, programs, & processes will be a big part of your ability to achieve optimal continuity.
5. Don’t measure or track BC performance
Having a BC plan is great, but now you need to have the ability to measure & track it. Establishing metrics can help you determine & monitoring the effectiveness of your BCM program performance. The establishment & tracking of a business continuity competency baseline is a key step in staying resilient. Remember the adage, ‘what gets measured, gets done.’
5. No committed resources
Resilience “takes a village.” Be sure that there are resources committed throughout the organization. There needs to be sufficient, properly trained & supported personnel, financial, & other resources to ensure the sustainability of your BCM Program.
5. No coordination with external parties
Share your plan with external agencies & emergency responders. Coordinate business continuity issues & requirements with your external community including customers, vendors, government, unions, banks, creditors, insurance carriers, etc. Ensure that critical supply chain partners have adequate BCM programs of their own in place.
8. No integration of the 4 central disciplines of Business Continuity
The previous 7 Corporate “Incompetency’s” address the key behaviors of the BC program. The 8th Corporate Competency addresses how the organization implements the 4 central disciplines of business continuity:
- Incident Management – Ensure that all aspects of emergency response, crisis management, & any other activities involved in command, control, & communications during an organizational crisis &/or disastrous event are appropriately addressed.
- Security Management – Ensure that physical security, information security (cybersecurity), & any other activities associated with protecting the integrity of targeted information & resources are appropriately addressed.
- Technology Recovery – Ensure that critical information systems hardware, software, networks, & applications are adequately recoverable within defined recovery time objectives.
Business Recovery – Ensure that critical business functions & resources are adequately recoverable within defined recovery time objectives
When the above elements are missing from your planning, it’s almost guaranteed to be a significant impact on your organizational resilience and ability to recover from a disaster. Each Corporate Competency categorizes a critical attribute of your organization’s ability to create a sustainable business continuity program.
But don’t stop there! It is critical that cross-functional teams work together to share resources, standards, and terminology. You can achieve a holistic framework in which all OR program stakeholders participate as the following diagram depicts:
So, ask yourself, what is your organization’s level of BCP competence? Not sure? Due for an assessment? Access our free Business Continuity Maturity Model® to see where you stand.