continuity planning

ISO 22301 Business Continuity Management

ISO 22301 Business Continuity Management provides a framework for establishing a business continuity management system.   Too many organizations have historically looked at the creation of a business continuity plan as a singular step in being organizationally prepared for those what-if scenarios.  Way too often, these fancy plans, printed and distributed, become nothing more than "shelfware" and become obsolete in a small matter of time. 

Culturally, the importance of establishing a management system can not be stressed enough.  Once the plan becomes out-of-date, its effectiveness reduces dramatically.

A few years ago, I was reviewing a plan for a new client.  In one section, they had a back-up procedure that stated the following steps:
1.  Every Friday, Mary will copy the contents of the S: network drive to a CD.
2. Mary will label the CD with date/time of the back-up and then store the CD in her basement for safe keeping.
3. In the event the S: drive's contents need to be recovered, Mary will retrieve the proper CD, deliver to the IT group, and have the needed data recovered.

Putting aside the issues with this basic approach, this was their process...

In reviewing this section, I was met with a lot of blank stares and sheepish looks.  As it turned out, Mary had left the company three months prior to the review.  Not only were the previous back-up copies not retrieved from her basement, no back-ups had been performed since her departure.

This is a perfect example where the plan had been crafted, but the overriding mangaement system was not reinforced by the organization. 

To be ready, Business Continuity is more than just a plan.  It is the cultural adaption of a mindset, it is the creation and maintenance of the plan(s), it is periodic reviews and updates to the plans, and it is the exercises to keep business continuity and resilience in the forefront of all employees' minds.

ISO-22301 is a good reference point for such a mangement system.  The article found at this link provides a great overview:  http://www.iso.org/iso/news.htm?refid=Ref1602