Disaster Recovery Journal

special report

however, should include: BCP/DR processes, DR/high availability technologies, organizational and business line recovery, infrastructure readiness, and incident management. All of these components (in addition to a few unreferenced others) are part of the core direction in the roadmap to enterprise resiliency and require reflective measurement in your message.

One way to progress in accordance with this roadmap is to develop integrated vision, mission, policy, program guidance, technology, process, and reporting for the program. The roadmap must ensure integrated exercise of the program between technology and business line areas to include DR, high availability operations, infrastructure, operational recovery, and business line testing.

Begin with a unified program policy. Ensure your vision and mission have clear and articulate scope and strategies, accountabilities, and program components to senior executives and your stakeholders. Develop detailed guidance that is linked to policy, processes, and technologies and, finally, reporting. Sending multiple messages and organizational reporting in terms of readiness, preparedness, compliance, exercises, and program risk are not conducive in the eyes of senior executive management or the board, to supporting the resiliency value proposition for the enterprise.

Structure and Align Technology, Tools, and Processes

Oftentimes, the organizational structure of the program may dictate isolated or silo-based processes, technologies, and frameworks. To support a unified message, BC programs require integrated activities and technology that ensure and demonstrate the ability to maintain the resiliency of the organization.

In order to accomplish this, BC program processes should be structured to promote BC, DR, and incident policy integration; guidance; and risk assessment frameworks. Too often policies are not grounded or linked by common governance, risk assessment, performance, or management. Stakeholders are often split between organizations and lack the interdependence and visibility between business areas and technology environments to effectively plan and perform dependency risk assessment.

A key tenet in the BC program has been, and will always be, the overall risk determination factors for ensuring an appropriate risk mitigation approach to planning and recovery. One of the more critical elements of a strong resiliency program is not only the risk factors for the business, but also the overall impact to the value proposition for resiliency.

Where risk methodology focuses on the overall impact to the corporation, the key resiliency business drivers should be aligned with risk and the required technology and availability requirements necessary to both mitigate the risk and avoid impact to the key business drivers. If the focus is only on risk, the enterprise misses its opportunity to ensure message continuity and the linkage to preventative and high-availability methodologies.

Programs should focus on people, process, and technology throughout events and post-recovery. They should also introduce key preventative dependency technologies such as fault-tolerance, high availability, virtualization, stand-by, and extreme replication environments. Working concurrently with these technologies should be the guidance by IT infrastructure and BC professionals to avoid or reduce the impact of an event to the enterprise.

Leveraging any of the BCP, DR, and incident management vendor software platforms available in the market today enhances the planning, tracking, and alignment of major BC program components for many corporations. These products provide the ability to not only plan for and manage events but also provide a platform, when integrated with other enterprise knowledge bases, for supporting measurement of the value proposition to senior executives. The information housed in these products, when properly aligned across business processes, technology, and personnel, supports both the resiliency program and creates value as a knowledge base for the enterprise.

Develop Integrated Resiliency Measurements

Several of the measurements that can be utilized in assessing the value proposition for an enterprise BC program include the dimensioning of key strategic program domains (such as financials, customers, reputation, availability, assets, stakeholders, partners, employees, operations, regulations, compliance, and guidance.)

When assessing the many program domain data points, it is important to analyze the value of these data points not only in terms of inherent and residual risk impacts or exposure, but also in terms of the costs associated with not meeting predefined operational, process, and customer service levels and other data point threshold values.

Utilizing the data point elements of aligned technology for planning, monitoring, tracking, and recovery allows the enterprise BC program to enjoy a base of trusted information to the corporation. The data in the BC program can, through alignment of processes and technologies, federate other trusted single sources of corporate information. The BC program knowledge base elements then become a primary source for