however, should include: BCP/DR processes, DR/high availability
technologies, organizational and business line recovery, infrastructure
readiness, and incident management. All of these components (in addition to a few unreferenced others) are part of the core direction in the
roadmap to enterprise resiliency and require reflective measurement in
One way to progress in accordance with this roadmap is to develop
integrated vision, mission, policy, program guidance, technology, process, and reporting for the program. The roadmap must ensure integrated exercise of the program between technology and business line
areas to include DR, high availability operations, infrastructure, operational recovery, and business line testing.
Begin with a unified program policy. Ensure your vision and mission have clear and articulate scope and strategies, accountabilities,
and program components to senior executives and your stakeholders.
Develop detailed guidance that is linked to policy, processes, and technologies and, finally, reporting. Sending multiple messages and organizational reporting in terms of readiness, preparedness, compliance,
exercises, and program risk are not conducive in the eyes of senior
executive management or the board, to supporting the resiliency value
proposition for the enterprise.
Structure and Align Technology, Tools, and Processes
Oftentimes, the organizational structure of the program may dictate
isolated or silo-based processes, technologies, and frameworks. To
support a unified message, BC programs require integrated activities
and technology that ensure and demonstrate the ability to maintain the
resiliency of the organization.
In order to accomplish this, BC program processes should be structured to promote BC, DR, and incident policy integration; guidance; and
risk assessment frameworks. Too often policies are not grounded or
linked by common governance, risk assessment, performance, or management. Stakeholders are often split between organizations and lack
the interdependence and visibility between business areas and technology environments to effectively plan and perform dependency risk
A key tenet in the BC program has been, and will always be, the
overall risk determination factors for ensuring an appropriate risk mitigation approach to planning and recovery. One of the more critical elements of a strong resiliency program is not only the risk factors for the
business, but also the overall impact to the value proposition for resiliency.
Where risk methodology focuses on the overall impact to the corporation, the key resiliency business drivers should be aligned with risk
and the required technology and availability requirements necessary to
both mitigate the risk and avoid impact to the key business drivers. If
the focus is only on risk, the enterprise misses its opportunity to ensure
message continuity and the linkage to preventative and high-availability
Programs should focus on people, process, and technology throughout events and post-recovery. They should also introduce key preventative dependency technologies such as fault-tolerance, high availability,
virtualization, stand-by, and extreme replication environments. Working
concurrently with these technologies should be the guidance by IT
infrastructure and BC professionals to avoid or reduce the impact of an
event to the enterprise.
Leveraging any of the BCP, DR, and incident management vendor
software platforms available in the market today enhances the planning,
tracking, and alignment of major BC program components for many corporations. These products provide the ability to not only plan for and
manage events but also provide a platform, when integrated with other
enterprise knowledge bases, for supporting measurement of the value
proposition to senior executives. The information housed in these products, when properly aligned across business processes, technology,
and personnel, supports both the resiliency program and creates value
as a knowledge base for the enterprise.
Develop Integrated Resiliency Measurements
Several of the measurements that can be utilized in assessing the
value proposition for an enterprise BC program include the dimensioning of key strategic program domains (such as financials, customers,
reputation, availability, assets, stakeholders, partners, employees,
operations, regulations, compliance, and guidance.)
When assessing the many program domain data points, it is important to analyze the value of these data points not only in terms of inherent and residual risk impacts or exposure, but also in terms of the costs
associated with not meeting predefined operational, process, and customer service levels and other data point threshold values.
Utilizing the data point elements of aligned technology for planning,
monitoring, tracking, and recovery allows the enterprise BC program
to enjoy a base of trusted information to the corporation. The data in
the BC program can, through alignment of processes and technologies,
federate other trusted single sources of corporate information. The BC
program knowledge base elements then become a primary source for
Establishing an Effective Continuity Ris