Putting Business Continuity Plans into Practice
Latest posts by Eric Beser (see all)
- 3 Things NonProfit Organizations Need to Do Immediately to Strengthen the Equipment Management Process - October 22, 2014
- Get eQuip! FREE for Windows Mobile - August 25, 2014
- eQuip! 6.4.10: Integrated Applications, PDF Reports, Search Improvements, and More - June 30, 2014
In the last post we discussed ten-ways organizations can promote their business continuity when facing a disaster. As noted, the cornerstone of any effective disaster preparedness and mitigation plan is clear communication. However, the only way to ensure a plan will be implemented as communicated is to put into practice.
Recovery exercises are where it all comes together in a continuity-planning program. The hard part, actually designing a preparedness plan with input from all relevant departmental experts, is over. However, just as you spent time meticulously considering and accounting for all possible disaster scenarios, so too must you spend the time to design and implement a comprehensive exercise program. To ensure success in a real disaster event, the exercise program must be designed to provide consistent results. Accordingly, effective exercise programs have the following components:
- Exercise Standards
- Forecast of Exercises
- Exercise Road Map
- Planning Methodology
- Exercise Objective Setting
#1 Exercise Standards – Define the frequency and timing of recovery exercises based on the criticality of the process/application, the type of exercise required, and the approved processes for validation of the exercise.
#2 Forecast of Exercises – Document the scheduling of exercises. Base this schedule around the approved standards established by executives and decision makers – then stick to the schedule.The forecast should look ahead at least 18 to 24 months and clearly define what is being tested. The forecast must be updated on a regular basis as processes and applications change.
#3 Exercise Road Maps – Clearly establish the steps your team will follow in order to execute a successful exercise. These steps should begin with the pre-planning and end with the post exercise reporting. A comprehensive road map ensures your organization consistently follows the same process over and over, minimizing the potential for critical errors during a real disaster response scenario.
#4 Planning Methodology – Best practices recommend that exercise planning include pre-exercise, exercise, and post-exercise plans. The pre-exercise plan is designed to be documented at least 90 days before the exercise and provide your team with an overview of the scope, assumptions, and objectives of the plan. The exercise plan should be documented at least 60 days before the practice-run and include the detailed task lists, recovery timeline, and other key information needed to execute the plan. The post-exercise plan outlines the results of the exercise, successes and opportunities for improvement, action items for resolution, etc.
#5 Exercise Objectives – Use use S.M.A.R.T. (Specific, Measurable, Actionable, Realistic and Time Bound) objectives as the basis for defining exercise goals. Lastly, objectives should be focused around business process testing to better simulate a real recovery.
Establishing a solid exercise program through standards, forecasts, road maps, planning methodology and objective setting will yield consistent results not only during exercises but provide the basis for success in a real disaster scenario.