1 of 60

#1 Create a Planning Team

Business Continuity Planning

2 of 60

#1 Create a Planning Team

Gather the experts from the key areas of your operation. Use their unique perspectives to build your continuity plan. Embedding business continuity in the company culture makes everyone part of the team.

Responsible for overseeing and implementing resilience, continuity and response capabilities.

This unit, “Creating the Planning Team”, includes understanding the perspective of the C-Suite, and assembling members of the team from all areas of the business. We will also cover the importance of embedding business continuity into the company culture so that business continuity is “business as usual”.

Business leaders will be tempted to pawn the responsibility for building a Business Continuity Plan off to an outsourced provider with the idea that the leader and or employees won't have to deal with it. After all, the employees can't be distracted from their normal duties because they need to keep the business afloat. This thinking is dead wrong, and plans that have been built without heavy staff involvement will discover fatal failure. An outsourced provider can be very helpful, however the providers who do it right will require staff involvement. Business continuity is more than a plan, it is a management program that is best when integrated as part of the company culture.

The Business Continuity Planning Team is also known as a Business Continuity Management Team or Business Continuity Program Team and is responsible for overseeing and implementing resilience, continuity and response capabilities.

When you put together your team you will want to gather the experts from the key areas of your operation and use their unique perspectives to build your plans.

Embedding business continuity into the company culture effectively makes everyone part of the team in one way or another.

3 of 60

(FFIEC.gov, Business Continuity Management Handbook, Nov 2019)

A Business Continuity Management Team is responsible for the following 10 actions that make up the Business Continuity Management Cycle.

They oversee and implement resilience, continuity and response capabilities.
Align business continuity management elements with strategic goals and objectives.
Identify and analyze critical functions, interdependencies, and assess impacts.
Conduct a risk assessment to identify risks and evaluate likelihood and impact of disruptions.
Develop effective strategies to meet resilience and recovery objectives.
Establish a business continuity plan that includes incident response, disaster recovery, and crisis/emergency management.
Implement a business continuity training program for personnel and other stakeholders.
Conduct exercises and tests to verify that procedures support established objectives.
Review and update the business continuity program to reflect the current environment.
And monitor and report business continuity and resilience activities.

All of this is cyclical constituting the Business Continuity Management Cycle and the responsibilities of this team.

4 of 60

Senior Management Responsibilities

Alignment of BCM elements with the entity’s strategic goals and objectives.
Team oversight.
Management assignment of BCM-related responsibilities.
Development of BCM strategies.

The Business Continuity position is best set at the executive level office, or at least a clear line connecting to the executive level.

Embedding business continuity as part of the company culture should be both a top down and bottom up approach. Start with the top down. Find at least one senior level person that can champion for you. Embedding activities will also happen in all the levels. Embed from the mailroom, to the board room.

Senior management should set the “tone at the top” and consider the entity’s entire operations, including functions performed by affiliates and third-party service providers, when managing business continuity. The board and senior management govern business continuity through defining responsibilities and accountability, and by allocating adequate resources to business continuity. Management should evaluate continuity risk, set short- and long-term continuity objectives, adopt policies and procedures to mitigate continuity risk, evaluate continuity performance, and adjust operations in response to test results and actual events.

Senior management involvement is key, but not every business has them involved. In the event that your business continuity efforts have become disconnected from senior management, the following are some ideas to help get them reengaged.

5 of 60

Step 1: Engage your C-Suite

Understand the perspectives of your companies various Chief Officers

CEO

COO

CFO

CMO

CIO

6 of 60

Chief Executive Officer

How Business Continuity Helps

Encourages communication
Unites departments
Chance to evaluate
Competitive advantage
Identifies opportunities

CEO

The Chief Executive Officer or CEO is under enormous pressure to promote the company’s vision and outrank the competition in a marketplace fueled by rapid technology changes and compliance issues. On top of that, today’s CEO is struggling to overcome a disconnect with employees, who want the CEO to communicate more often, criticize less, and celebrate successes consistently.

So, how does business continuity help your CEO?

• It encourages communication between the CEO and staff by requiring interdepartmental coordination.

• It helps unite various departments and locations for a common purpose.

• It gives the CEO a chance to evaluate whether the business’s operations reflect the company’s overall vision.

• It creates a competitive advantage for the organization.

• And it identifies opportunities for improving process efficiencies and revenue streams.

7 of 60

Chief Operations Officer

How Business Continuity Helps

Become more familiar
Improve business resiliency
Innovation and quick decision making to improve their value
Satisfies regulation

COO

“Work smarter, not harder” is the motto of the Chief Operations Officer. As the person responsible for doing things more efficiently and profitably, the COO is challenged with staying abreast of rapidly evolving technologies, processes, security concerns, and compliance requirements.

So, how does business continuity help your COO?

• It allows the COO to become more familiar with critical business processes, products and services, supply chains, employee roles, and technology.

• It improves business resiliency by allowing the COO to identify interdependencies and single points of failure.

• It allows for innovation in everyday business activities and quick decision-making during an interruption, which gives the COO a chance to prove their value to the organization.

• And it satisfies federal and industry regulatory requirements.

8 of 60

Chief Financial Officer

How Business Continuity Helps

Protects the bottom line
Mitigate losses
Operations recommendations

CFO

The Chief Financial Officer or CFO role is changing, thanks to the influence of the global financial crisis, big data explosion, and widespread social media adoption. In addition to the traditional tasks, the CFO is becoming more active in working with the CEO on the company’s strategic planning initiatives. In these different capacities, the CFO has to balance innovation with making sound decisions that protect the bottom line.

So, how does business continuity help your CFO?

• It protects the bottom line by reducing downtime and showing stakeholders the business will do what it takes to protect their interests.

• It helps mitigate property and profit losses.

• And it provides an overall picture of business data and processes, which helps the CFO make business recommendations for improving day-to-day operations and avoiding lost revenue in the event of an interruption.

9 of 60

Chief Marketing Officer

How Business Continuity Helps

New marketing angles
Reassures customers
Protects from reputation damage

CMO

10 of 60

Chief Information Officer

How Business Continuity Helps

Interdepartmental cooperation
Resolve IT threats
Improve efficiency and security
Decrease downtime
Improves response

CIO

11 of 60

What Top-Level Commitment �May Look Like

Sign off on written policy
Acceptance of BCP costs/responsibilities/goals
Business continuity integrated into company culture
Top level directives for staff engagement and responsibilities

The first step to developing a business continuity program is to obtain top-level commitment and buy-in. When faced with tight budgets and a need to generate revenue to reach short-term business goals, investing in the development of a business continuity program may not be top priority. Management must understand the risks and benefits and be committed, at the highest level, to developing an effective plan that serves as part of the company’s strategic plan. Without a solid plan, companies face high risks in terms of safety, liability, loss of personnel, asset loss, and recovery time. When obtaining a commitment from top-level managers, be sure to receive sign-off on a written policy, stating acceptance of business continuity program costs, responsibilities, and goals. Top-level commitment could also include support in embedding business continuity into the company culture, and by providing top down directives for staff engagement and responsibilities those staff have in the entire continuity planning and implementation continuum. When presenting the case for developing a business continuity program and plan, be sure to emphasize the positive aspects of preparedness and avoid dwelling on the negative effects of an emergency, like deaths, fines, criminal prosecution.

Here is a pro tip to consider: If top level management says business continuity is not valuable because it is not going to happen, then ask them to sign a statement to that effect. Putting a signature to something helps individuals re-think, or think a little deeper.

12 of 60

Gain Top-Level Commitment

Show the benefits and the “Why”
WIIFM “What's in it for me”
Alignment with goals, policy, values
Educate
Invite them
Involve them

Consider some of the the foundations of human behavior when trying to gain top level commitment.

Some company leaders are willing to simply cut their losses and walk away if disaster happens. When the perceived weight of everything else is heavier than the weight of the benefit, then we generally don’t choose to do the benefit.

The company's Chief Officers have to choose their battles. If you do the action, there is risk, but if you don’t there is also risk. A company could be sued for sins of omission or choosing not to do something.

How do you gain top-level commitment?

Show them the benefits, like the ones shown in the previous slides, such as increased trust in the business, or more leverage for contracts.
They need to know the WHY. If they don’t know the WHY then they won't do it. Some of the statistics shown in the introductory unit may help with seeing the WHY.
Use the WIIFM concept, “What's in it for me”. If they don’t know what's in it for them or the business then they will likely resist.
To make a compelling case for the diverse benefits of business continuity, emphasize how it helps each executive meet their specific goals, and alleviates their pain points.
Show them where it aligns with existing company policy, and values.
Provide educational opportunities. You don’t know what you don’t know. The problem is people resist learning something new until they have a good reason for it. You resist doing anything new when the weight of everything else is so high.
When meetings or events happen, invite them. If they cant come then keep them in the know with follow up emails containing meeting notes and action items.
Be sure to involve them in discussions. Give them a moment to say something to the group, and provide a role for them to fill if they are able.

13 of 60

Step 2: Establish The Planning Team

Include leaders from all departments
Define the Team Leader
Set expectations for the long haul
Clarify team authority
Assign roles and responsibilities

Your business’ continuity program should be absorbed by all departments of the business and should be embedded into your business’ corporate culture. To ensure full integration of your program into your business, select departmental leaders to serve on the Business Continuity Planning and Program Development Team.

Define the Team Leader. Who is the champion who makes sure the meetings and planning continues forward? This person may not be the head of the organization and may not even be a supervisor but should have a clear assignment to lead the effort.

Set the expectation for the long haul. A Business Continuity Program is not a one and done deal. Everyone should be committed to a continual process of updating and maintaining the program. For this reason business continuity should be embedded as part of the company’s culture. Include continuity as a critical element of leaders’ evaluations and performance plans. Make testing, training and exercise events part of the company culture.

Does the team have authority to do what they are going to do? Define the structure and authority of the planning group and make sure the lines of authority are clear. A team without authority wont go very far. This is one reason why gaining top-level commitment precedes making the team.

Assign team roles and responsibilities. Developing a business continuity plan or program should never be by a single person in a vacuum. Everyone on a team needs a role. It takes an entire team with clear assignments and responsibilities to make a business continuity program. If I’m part of your team, what’s in my scope that you want me to do?

14 of 60

Who To Consider

Planner

Team Leader

Operations

Manager

Facility

Management

Human

Resource

Sales

&

Marketing

Finance &

Procurement

Security

IT

Here are some specific examples of who you could involve:

Management provides leadership functions, authority chains, and executive policy and procedure.
HR provides employee information.
Engineering provides knowledge of facility structure and hazards
Security is familiar with all the exits, windows, vents, etc.
Sales and Marketing understands revenue and what is necessary to generate income
Legal and Finance provides information on contracts for products or services that the organization might have and what the impact would be if not met. Finance can predict downtime costs.
There are many others. Bring to the table the areas that can provide the best information to plan, respond and recover from any type of an event.

Business continuity planning will require input from all areas of your business. Connecting to all areas of the business may be accomplished by involving team leaders or employees with technical responsibilities like system and database admins, or storage and security engineers. You will need a lot of involvement in the business process analysis, and so creating a business process team may be helpful. Involve support team members such as legal counsel to advise on legal and regulatory issues, as well as public affairs, procurement specialists and administrative assistants. Involve employees with special needs to help consider their needs in the planning process.

15 of 60

Operations Manager

Has general knowledge of overall business functions
Close working relationship with company department managers
Familiar with communication procedures and/or systems

Operations

Manager

16 of 60

Facilities Management

Utility shut-off
Coordinates utility company response
Provides access to restricted areas
Assists facility close-up and opening
Provides functional details
Directs maintenance/facilities staff

Facility

Management

17 of 60

Human Resources

Provides personnel contact information
Assists with family notification
Coordinates Employee Assistance Programs
Coordinates compensation

Payroll

Supervises Human Resource staff

Human

Resource

18 of 60

Sales and Marketing

Understands Customer Demographics
Trends in Revenue

Highest sales gross items

Generates Revenue
And would utilize the Established Customer Contact Database

Sales

&

Marketing

19 of 60

Finance/Procurement

Pre-plans supply chain continuity
Facilitates pickup and delivery
Disperses emergency operating funds
Arranges for temporary credit

Finance &

Procurement

20 of 60

Security/Protection

Secures assets during emergency
Controls access to property
Restricts building entry/exit
Responds to requests for assistance
Coordinates with emergency agencies
Supervises protection staff

Security

21 of 60

Information Technology (IT)

Document minimum desktop configuration

Proprietary software

Data Recovery
Hardware Requirements

Location of hardware/application/data
Modems

Print Requirements
Voice and Fax Requirements

IT

22 of 60

Other…

Production/Manufacturing
Shipping & Receiving
Legal / Contracts
Administration / Office Manager
Environmental
Public Information Officer
Property Management

Planner

Team Leader

23 of 60

Team Continuity

3 deep leadership

With clear decision making authority in each role.

24 of 60

Possible Teams/Actions

Continuity Planning Team
Continuity Embedding
Business Process Analysis
Business Impact Analysis
Continuity Team
Mitigation strategies
Emergency preparedness promotion
Supply chain resilience assessment
Emergency communications
Successions program
Reconstitution Team

Devolution planning
Financial resilience planning
Supply cache management
Vital records protection
IT Disaster Recovery Team
Cybersecurity Team
Cyber incident response team
Emergency response team
Exercise and evaluation
Training
Internal capabilities survey

Business Continuity Management can involve a lot of people in many different types of teams. It’s important to note that for small businesses, a single person may play vital roles on every team. This list of teams or activities, requiring work to be done, is another reminder about how important it is for business continuity to be embedded into the company culture.

The primary team is the Continuity Planning Team. This team oversees the entire planning process.
There is the continuity embedding program, Business Process Analysis, and Business Impact Analysis
The Continuity Team ensures continuity actions happen in the wake of a disaster. They put continuity into action.
There is developing mitigation strategies, promoting emergency preparedness, and the supply chain resilience assessment.
There is emergency communications planning and team development and implementation.
There are successions program plans which carries out all successions for continuity of authority.
The Reconstitution Team plans and carries out all efforts to re-enter the workplace post disaster.
There is devolution planning, financial resilience planning, and supply cache management.
There is Vital records protection, and developing the IT Disaster Recovery Team, Cybersecurity Team, and Cyber Incident Response Team
There is the development of the emergency response plans and team, as well as developing training, exercises and evaluations, and surveying for internal capabilities.

Don’t be overwhelmed by this list. Simply start where you are and grow from there. Your workplace is unique and arranging what actions belong to which teams is determined by your organization. Hopefully this list gives you an idea of the breadth of the continuity planning and implementation continuum.

25 of 60

Examples of BC Teams Roles and Responsibilities

Team	Role	Responsibility
Site emergency response, Facilities management	Emergency response	Life safety, Damage limitation
Damage assessment	Damage assessment	Damage assessment
Crisis management	Strategic decision making, Communication during incident	Strategic management, Communications, Public relations
Information and Communication Technology Recovery (ICT)	Recovering ICT systems and infrastructure	ICT disaster recovery
Communications	Communication during incident	Communications, Public relations
Human resources, Occupational health	Welfare and special needs, Interested party well-being	Human resources, Safety and welfare
Finance, Administrative	General and financial administration	Finance and administration
Business continuity	Resume disrupted activities	Coordinate resumption, Manage resources

26 of 60

BCP Annual Review

BCP Annual Review Template

One great tool for the Business Continuity Planning Team to use is an Annual Review. A Business Continuity Program is never a one and done concept, its is rather a living document and an ever changing, growing, improving program, and something that needs continual management. Keeping up with all the elements within the Business Continuity Program and plans can be overwhelming. A best practice for keeping up with all the parts and pieces is by doing an annual review of all the business continuity parts and pieces. Here is a link to an Annual Review template you can use to help you track the review of the various parts of your business continuity plans. You can edit this to meet the specific needs of your plans. https://docs.google.com/document/d/19eK4OSWOuWFymzNd6A5l4aFQ3mhouqj1/edit?usp=sharing&ouid=103639936772277895433&rtpof=true&sd=true

27 of 60

Embedding Business Continuity

Making Business Continuity “Business-as-Usual”

Everyone in the business is impacted by business continuity in one way or another. Embedding, loosely spoken, is making everyone in the business part of the business continuity team. Yes you have your primary Business Continuity Planning Team you need to form, but in order for business continuity to be most effective, your goal is to make business continuity “business-as-usual”. It becomes part of the business culture and is bought into by everyone. For this reason “Embedding” is part of building your team, but from a holistic point of view.

To embed is defined as “implanting (an idea or feeling) within something else so it becomes an ingrained or essential characteristic of it. Or to “make something an integral part of.. Or the professional practice that defines how to integrate business continuity awareness and practice into business as usual activities.”

The basic rule for embedding is to talk to as many people as possible, whoever will listen, and at every opportunity, whether by invitation or creation on your part. You may wish to target specific groups like board members, audit committee, risk managers, and various leadership teams, etc. You should also look to cover ‘everyone’ – all staff within your organization, your customers and clients, your third party suppliers, your insurers, etc.

The reason why we are talking about embedding business continuity in the team development stage, is because of how central embedding is to the entire business continuity life cycle. You will notice in this image that “Embedding” is in the center of the business continuity lifecycle. This is important to understand with every point we will cover in Business Continuity Planning and Management.

28 of 60

Why Embedding is in the Center

Policy and Program Management

Best opportunities to involve and get commitment from top management and embed continuity.
Adopting BC policy officially embeds BC into the organization.

Analysis

Opportunities to interact with people across the organization.
May be first introduction to or hands-on involvement with BC planning.
Is specific to individuals work.

Design and Implementation

Opportunities to involve those who will carry out the strategies/plans.
Includes strategic, tactical and operational levels of the organization

Validation

Training, exercises and tests
Continuing improvement

There is a reason embedding is in the center.

The Policy and Program Management section provides the best opportunities to involve and get commitment from top management and embed continuity. Adopting business continuity policy officially embeds business continuity into the organization.

The Analysis section provides opportunities to interact with people across the organization. This may be everyone's first introduction to, or hands-on involvement with, business continuity planning. And the analysis section gets specific to the work of every individual.

The Design and Implementation section provides opportunities to involve those who will carry out the strategies and plans, and includes strategic, tactical and operational levels of the organization.

The Validation section includes training, exercises and tests, as well as continuing improvement.

29 of 60

The Embedding Plan

Make a Business Continuity Embedding Plan

30 of 60

Embedding Actions

Understand the Company Culture
Conduct an Embedding Gap Analysis
Educate and sell business continuity on an ongoing basis

31 of 60

Embedding Actions Continued

Learn the organization
Partner with the business
Create and maintain networks
Build for the future

32 of 60

Embedding BC into Company Culture

Starts with understanding your business culture and making business continuity appeal to the culture

Business continuity is not just ”Business Continuity”. Think of the big picture of the organization. Business continuity has to do with the broader organization and involves the entire organization’s culture to embed business continuity. To do this you must first understand your current business culture.

The planning team and executive management will be vital for embedding business continuity into the company culture.

Embedding business continuity into the company culture should be both a top down and bottom up approach. Embedding activities will happen in all the levels. Embed from the mailroom, to the board room.

An organization's culture is based on group goals, values, beliefs, shared assumptions and group norms. With this in mind the “Leaders Guide to Corporate Culture” provides a tool to help measure or determine your organization's culture. In this graph the horizontal axis measures how people interact in context to how independent or interdependent the organization is built to be. The vertical axis measures how people respond to change based on how flexible or stable the organization is built to be. No matter where your organization's culture lands, your goal is to make sure business continuity appeals to the culture at hand. If business continuity is communicated in a way that opposes or challenges the company culture, then business continuity will become more difficult to embed.

Follow this link to the “Leaders Guide to Corporate Culture” for more information.

33 of 60

Conduct an Embedding Gap Analysis

Check what your embedding plan includes
Revisit for today's new environment
Review what others want to know
Consider who it includes

34 of 60

Educate and Sell BC on an Ongoing Basis

Do your research

Organization
Culture
People

Speak their language, Avoid acronyms
Help them understand why they should care
Accentuate the positive

To embed Business continuity as part of the company culture you will do two things on an ongoing basis, that is educate and sell business continuity.

Business continuity ambassadors or champions can include anyone who understands and is passionate about business continuity. These individuals help do the education within the organization and suppliers, inside and outside. Educate and sell business continuity down to the individual level so you can connect with the individuals needs and desires.

Individuals that understand business continuity are more likely to participate and support it. For business continuity champions to reach others you will need to do your research. Understand the organization, and its culture and people. Speak their language. Avoid overusing acronyms. Help them understand why they should care. Accentuate the positive and lighten up. Business continuity does not have to be overly serious or scary.

The process of business continuity planning will gather info from across the organization that is not typically available to others across the organization. This information is useful to share with others to help others catch the vision.

35 of 60

All Employees Have an Interest in Business Continuity

Vested stakeholders
Increasing regulatory/legal requirements
Customers expectations
The bottom line

Do they have the same view?

All employees have an interest in business continuity whether they know it or not.

Many stakeholders care about the business continuity capability of the organization, and some have a vested interest.
In extreme situations the success, even survival, of the organization as it exists today may depend on its business continuity capability.
The number of regulatory and legal requirements that include having a business continuity program continue to increase in number.
Business continuity is a critical element of a strategic enterprise-wide approach to managing risk and building resilience.
Customers need and expect your products and services to be available even when significant disruptions and disasters occur.
Developing, implementing, and maintaining a continuity program that ensures the organization can continue operations even in the face of disaster, thereby avoiding damage to the company’s brand, image, and reputation, and losses to the bottom line impact all employees.

The question to ask then is, do they have the same view? To truly embed business continuity requires that those not directly involved in business continuity appreciates its importance and understands the value of the role they play in the program, however great or small.

36 of 60

Journey from Know to Like to Trust

Expect pushback

Opposition
Denial that its needed
All the usual reasons
Worst case scenario – fully ignoring all attempts

Zig Ziglar said, “If people like you, they’ll listen to you, but if they trust you, they’ll do business with you.” Embedding business continuity will be a journey from Know, to Like, to Trust. At the beginning expect pushback. There will be opposition. People will deny that its needed. All the usual reasons will come out. The worst case scenario is they will ignore all your attempts. In the real world, it's more likely that business continuity is being driven by an obligation, and top management may perceive it as a necessary evil instead of a beneficial discipline. Additionally top management simply wants compliance at the lowest budgetary cost.

Until business continuity is understood and openly admitted, change will be difficult.

If business continuity is not part of the company culture then you will always have an uphill battle for attention towards business continuity.

If the organization has a culture that is defiant against business continuity management, then mindsets have to change, and this may require a change in the existing business culture, or improvements may need to be made in how continuity appeals to the existing culture.

37 of 60

What’s your Modus Operandi?

The answer to this question is often:

We are obliged by our regulator
We are obliged by our civil contingencies legislation
We are obliged legally
We are obliged by our potential clients through procurement tender processes

Want them to say “because it is cost effective”

38 of 60

Carrot or Stick

What are your next steps?

Tick a box and comply, or
Do it for real?

Do you expect “compliance” or “competence”?

Quantitative box ticking favors compliance.
Measuring quality outputs ensures competence.

39 of 60

Organization Expectations

Competence: Providing necessary resources to people so they can apply knowledge and skills to achieve intended results.
Awareness: Ensuring that people are aware of their own role and responsibilities before, during, and after disruptions.
Communication: Establishing two-way communication on risks, opportunities, incidents, hazards and changes.
Duty of Care: Ensuring the safety, well-being and interest of people as a moral and/or legal obligation.

40 of 60

BC aspects that heavily depend on Competence and Awareness

Risk management,
Business Impact Analysis
BC strategies and solutions,
BC plans and procedures,

Exercising and testing,
Evaluating BC capabilities (how ready we are),
Audit (show the competence of the people by a competent auditor)

41 of 60

Cost Benefit Analysis (CBA)

The CBA will help you and others know if business continuity is worth investing in.

Creating and educating with a Cost Benefit Analysis can help secure by-in and shift the motivation to doing business continuity because it is cost effective.

Embedding is often difficult because people don’t perceive it as adding anything to the organization. People may feel like it attracts a cost and is perceived as a burden, to only deal with “just in case” incident scenarios.

Remember that one of the practitioners goals is to ensure that business continuity has a demonstrable return on investment. If individuals and the organization are perceiving that business continuity is a burden and undesired activity, then perhaps you may need to use a cost benefit analysis and communicate those findings with others. The cost benefit analysis will help you and others know if business continuity is worth investing in.

42 of 60

43 of 60

44 of 60

45 of 60

Tips for Buy-In

Ask top management if they understand that business continuity management is a return on investment.
Prove through a cost benefit analysis that costs are outweighed by negative impacts.
Continue to provide a cost benefit analysis in the design stage to substantiate the return on investment.

46 of 60

A Positive Perspective

Focus on carrots as a modus operandi
Create and encourage organizational change agents.

Create positive operational targets.
Empower BC champions through competency

Measure positive outcomes

47 of 60

From One Human to Another

“…starving need for recognition”

Understand others and their perspectives.
Sincerely and personally thank people.
Recognize small contributions and successes.
Include everyone

48 of 60

Embedding Requires Partnering

Strategy and Plan Development

Give Ownership to the implementers
Train and empower

IT/DR

Collaborative DR and BC exercises and tests
IT is also a business unit

One small step for business continuity-kind; one giant step for a successful BCMS

Embedding requires partnering. Your strategy and plan development are best when you give ownership to the implementers and when you train and empower them. You become a partner with them in developing the plan.

Your Information Technology department is an important partner to have on board. The IT department is also a unit of your business, even if it is an external service your paying for. Encourage collaborative Disaster Recovery and Business Continuity exercises and tests.

There are many departments or functions within your business that you will need to consider partnering with. Your Business Process Analysis will help you identify each one.

One small step for business continuity-kind is one giant step for a successful Business Continuity Management System.

One pro tip to help your partners is to adopt a shared glossary of business continuity terms and acronyms that is used throughout the organization.

49 of 60

Fellow Partners

Health and Safety
Risk Management
Crisis Management
Emergency Management
Cyber Security

Human Resources
Communications
Facilities Management
Information Security
Physical Security
etc

50 of 60

New Product Development (NPD)

Development Process Phase	Business Continuity
Initiation- Problem Solving	Determines potential continuity implications
Modeling, Developing	Identifies internal/external dependencies, conducts BIA, risk and threat analysis; identifies mitigation opportunities
Project Initiation	Adjusts criticality based on project changes; develops BC strategies
Project Continuation	Cross-checks changes made; tests BC strategies
Maintenance	Integrates final outcomes into BC Program; enacts protocols to ensure BC is informed of any future changes

A win-win

Embeds BC into multiple functions
Avoids BC as an afterthought

With each new service or product, business continuity needs to be updated and embedded. Business continuity should not be an add-on or after-thought but conducted side by side with the new product development (NPD) process. Each product has internal and external dependencies. The start of this will be a broad brush look at the product for continuity priority and strategy if it’s a priority.

The following is the Development Process Phase and its corresponding Business Continuity activity.

During the products initiation and problem solving phase, the business continuity activity is determining potential continuity implications.
During the products modeling and developing phase, the business continuity activity is identifying internal and external dependencies, conducting a Business Impact Analysis or BIA and a risk and threat analysis, and identifying mitigation opportunities.
During the products project initiation phase, the business continuity activity includes adjusting criticality based on project changes, and developing business continuity strategies.
During the products project continuation phase, the business continuity activity includes cross-checking changes made, and testing business continuity strategies.
And during the products maintenance phase, the business continuity activity includes integrating final outcomes into the business continuity program, and enacting protocols to ensure business continuity is informed of any future changes.

The goal is to make a win-win situation.

This embeds Business Continuity into multiple business functions.

And this avoids Business Continuity as an afterthought or add-on and missed opportunities

51 of 60

Silos and Turf Wars

Competing for resources
Territory building or defense
Losing sight of the goal
May be cultural

Establish, build, and maintain cross silo communication, collaboration, coordination

The Fiefdom Syndrome

“Simply put, it’s the very human tendency people have to protect their turf…” Robert J. Herold

52 of 60

Overcoming Silos and Turf Wars

Takes time, effort, & energy

Communication
Repeated educating and selling BC
Hearing and listening to understand and know them
Build trust

53 of 60

An Integrative Approach

Requires building relationships among business functions and operational units
Breaks through the “us vs them” mentality and facilitates communication of critical information across the participating functions and business units.
Helps take people from “I have to” to “I want to”.
Results in a long-term win-win for all concerned.

Henry Ford said “Coming together is a beginning; keeping together is progress; working together is success.”

Embedding business continuity with an integrative approach requires building relationships among business functions and operational units. An integrative approach breaks through the us-them mentality and facilitates communication of critical information across the participating functions and business units. It helps take people from “I have to” to “I want to”, and results in a long-term win-win for all concerned.

Integrating is the same as embedding and involves everyone in the organization. Business continuity should never be a silo, but inclusive and collaborative so that it becomes part of the company culture.

A pro tip is to use the business process analysis and business impact analysis (BPA/BIA) Worksheet suite as a useful tool for everyone to use in their scope of work in order to add processes and products to the overall business continuity plan.

54 of 60

An Integrative Approach Continued

“Greatness is accomplishing the unrequired – doing what is right beyond what is expected.” Seth Moulton

Identify improvement goals; you can’t go forward and backward at the same time
Be innovative – open to new ideas, new approaches
Empower people
Shift to a more collaborative mindset
Actively listen, truly consider ideas offered by others

55 of 60

The Embedding Process

Create the organization’s BCM Program supported by a policy.
Understand the outputs and timing of the outputs as milestones in the program
Understand the competencies and skills required for each milestone.
Understand the current levels of competency
Through a training needs analysis, develop training and awareness milestones to reach a desired state of competency and business continuity maturity.

56 of 60

Discussion

Why is it essential that the concept of BCP be adopted by the entire organization, not just as a plan on paper, but also as a program?

57 of 60

Summary

Get senior leadership by in and support

Convince there is a positive cost benefit ratio associated with BCM

Establish your planning team
Set the vision for embedding business continuity as “business-as-usual”.

Move business culture from a focus on compliance to competency.

58 of 60

Be Ready Business Toolkit

BeReadyUtah.gov

bit.ly/brbtoolkit

Google Drive Folder

Business Continuity Planning Toolkit
PSPC Toolkit
And more

59 of 60

Be Ready Business Board on Be Ready Utah Pinterest

Subscribe to receive private sector preparedness related emails

bit.ly/brbemails

Connect with the Be Ready Business Conversation

Be Ready Business Playlist on the Be Ready Utah Channel

Follow

#BeReadyBusiness

@BeReadyUtah

Calendar of private sector preparedness related events

bit.ly/brbcalendar

60 of 60

Be Ready Business Recognition Program

Find Criteria on BeReadyUtah.gov

Recognition on the Be Ready Utah website and social media.