Standards play an important role in the way our world works. Standards define how light bulbs will fit into sockets as a practical matter. But standards can also be valuable when applied to business processes and best practices. For example, the Uptime Institute Standard created a fast path for understanding the way a data center is built; and SAS70 provided context and content to more quickly determine how well run that data center might be.

But in the DR/BCP world we can’t seem to even agree on basic terminology much less a universal standard…until now? ISO 22301 couple with ISO 27001 provide the first hope that a true standard will emerge that will allow firms to quickly assess their trading partners making it easier to assess and easier to comply. Instead of chasing myriad, poorly defined objectives, these standards provide the foundation for business to business conversation between trading partners. How will Standards evolve? Who knows for sure. But what we do know is that solid standards reduce complexity and miscommunication and provide a clear, concise and reusable form for managing your DR/BC program. While we may individually have our own opinions about some elements of a given standard, we should all be motivated to contribute toward a future state where our compliance with a standard is stamp of approval that says “we have taken DR/BC seriously and have achieved measurable results!”

To discuss this or any other related topics further, feel free to contact us. You can also connect with us on LinkedIn!


Business Resilience – Focus on the Facility or Focus on the Business Unit?

Have you ever been caught between the need to develop plans for individual facilities and addressing risk more comprehensively at the business unit level?  What do you do?

While disasters frequently focus on the facility or building as the cause, smart organizations design their continuity and risk management plans around business units and business processes. For a mid-sized or large enterprise, designing risk mitigation strategies and continuity plans at the business level means having comprehensive plans that span multiple facilities — such as offices, manufacturing plants, R&D facilities, etc. When it comes to a specific event, it is the facility that suffers the outage, and it is the facility that must be remediated and returned to service, but the business units and processes are what keep the business operating, so the continuity and risk focus needs to be at the business unit level.

When assessing a business unit, practitioners must understand for each business unit and its associated processes how quickly these need to be back in service should an interruption occur. This translates into the type of recovery plan required and defines what mitigation alternatives are available. It also covers what technologies are required, how electronic and paper based records are protected, and how voice, internet and data networks need to be reconnected. These plans also need to be extended beyond the walls of the business itself to consider how external providers, vendors and customers are impacted. In the development of risk mitigation and business continuity plans, such issues are not easily addressed, and in some cases skipped altogether.

So while recovery and remediation plans often focus at the facility level, a comprehensive business continuity and risk management plan must be focused at the business unit level. We find that when practitioners “stick to their guns” and take this approach, the organization gains a greater ability to respond to unplanned events, the executive team gains greater confidence in the overall plan, and they find it to be a much more efficient and economical path to achieving the overall goal of ensuring that the business can remain operational.

Please contact Fusion to discuss these and related topics with you. You can also connect  with us on LinkedIn, Twitter, and Facebook!

What are the benefits of actionable plans?

Are your disaster recovery plans actionable?  In this video, BCI’s Lifetime Achievement Award (2012) Winner and ICOR Expert, John Jackson gives you some very valuable insight from over 500 recoveries he has been involved in throughout his career.  Why were these recoveries necessary and how could they have been prevented?  David Nolan discusses his vision for adaptive systems how they help answer those questions.

Does every risk need a plan?

The connections all around us drive risk.  Those risks are what drive our industry.  And every risk needs to be addressed and managed… but does every risk need a plan?  How do we prepare for the endless amounts of vulnerabilities and threats, when the funds to address them are far from endless?  Check out what David Nolan has to say:

If you haven’t seen the previous videos in this series from David Nolan and John Jackson at DRJ Fall World 2012, you can see them here and here.