To increase our resilience we need to be able to cope with a range of events that may impact us. These things tend to exist along a continuum.
Too often we overdo the “Disaster” end of the range, with the potential that our programs are seen as the “Department of Unlikely Events“. It also demeans the true impact of real disasters like the recent Tsunami and Volcano events in Indonesia when we equate the term to our local file server crashing.
Certainly there is a need to be able to respond to events of this scale – but too often we neglect the smaller scale problems.
At the other extreme are the regularly occuring “distractions” from our normal business. These could be nothing more than a fire alarm (which later turns out to be a false alarm), a bomb threat (that likewise is false) or a piece of technology infrastructure failing.
Too often we do not see these as being an opportunity for the BCM Program – but these are the events that happen regulary, when we get to practice how we would respond.
Is it surprising then that when the nature of the impact escalates, nobody will think to contact the BCM folks, as they were never part of the way we responded to an incident in the past.
Recently I reviewed the new Australian BC standard, which talks more about disruption-related risk – rather than BCM and/or Disaster Recovery. Disruptions are a more common occurrence than disasters, sometimes they are dealt with using our routine (or BAU) management processes – and at other times they need may need some form of non-routine management.
Learning to deal with disruptions (on a continuum from distractions to disasters) is an important capability for any organisation to develop and maintain. We develop and maintain this capability by practise – not by following one set of arrangements for the bulk of these incidents and then a totally different process in the time of our greatest peril.
It also provides a means to demonstrate how the program can contribute value to the organisation, and get the attention of management for BCM being part of the ongoing operations of the business.
It would also eliminate a problem that besets many BC programs – trying to define what constitutes a disaster or a crisis. Describing the level of events that are the trigger mechanisms for these various plans.
Is a “disruption” a “crisis” or a “disaster” an “emergency”? Will deal with these questions in a later post.
How often do we hear the mantra that an untested plan is no plan at all?
The best test is to exercise the Incident Management process when any level of disruption occurs. don’t you think?
Leave a Reply