• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to footer

Before Header

About Us | Articles | Free Resources | Podcast | YouTube Channel

Contact Us Subscribe

Bryghtpath

Business Continuity and Crisis Management Consultants

  • Start
        • Start your Resilience Journey

          Moving your organization – or your career – forward on your resilience journey can be a difficult and scary proposition.  Often, we find that prospective clients aren’t quite sure where to start.

          To help you along your journey, we’ve outlined below four curated collections geared towards momentum-building action and advice perfectly paired with your organization’s current stage of resilience.

        • I want to learn more about Resilience

        • We’re just getting started with our resilience program

        • We’re seeking to optimize & mature our resilience program

        • I’m a Resilience Professional seeking to further develop my skills

  • Company
        • About Bryghtpath

        • Our Core Values

        • Meet our Team

        • About Bryghtpath
          • Case Studies & Results
          • Certifications and Awards
          • Contact Bryghtpath
          • Contract Vehicles
          • Media & Professional Appearances
          • Our Clients
          • Our Proven Process
          • Security & Compliance
          • Strategic Partners
          • Work with Us
  • Capabilities
        • Our Capabilities
        • We help your organization strategically navigate uncertainty and disruption.

        • Case Studies & Results

        • Business Continuity as a Service

        • Business Continuity
          • Business Continuity - Overview
          • Business Continuity as a Service (BCaaS)
          • Business Continuity Software
          • Coaching
          • IT Disaster Recovery
          • Resiliency Diagnosis®️
        • Crisis Management
          • Crisis Management - Overview
          • Crisis Communications
          • Crisis Exercises
          • Cyber Crisis Exercises
          • Cyber Incident Response Planning
          • Crisis Playbook®️
          • Global Security Operations Center (GSOC)
          • Resiliency Diagnosis®️
        • Other Capabilities
          • Intelligence & Global Security Consulting
          • Speaking
          • Training
  • Courses & Training
        • Courses & Training

          We’ve created a number of free and premium courses that have helped thousands improve their skills, build more resilient organizations, and lead through organizations through difficult critical moments successfully.

        • Coaching
          • 1-on-1 Coaching Call
          • Private Backchannel
          • Private Coaching Program
        • Free Intro Courses
          • Overview
          • Business Continuity 101
          • Crisis Communications 101
          • Crisis Management 101
        • Premium Courses
          • Overview
          • Custom Training
          • 5-Day Business Continuity Accelerator
          • Communicating in the Critical Moment
          • Crisis Management Academy®️
          • Preparing for Careers in Resilience
  • Expertise
        • Our Expertise
        • Here at Bryghtpath, in our core values, we state that we are humbly confident in our resiliency expertise.

          We write, publish, speak, and train others constantly – striving to share our thought leadership publicly to advance our industry and exercise our curiosity by interacting with other leaders in our practice domains.

        • Ultimate Guide to Business Continuity

        • Ultimate Guide to Crisis Management

        • Case Studies & Results

        • Free Resources & Frameworks
          • Overview - Free Resources
          • Bryghtpath Frameworks
            • Bryghtpath Business Continuity Lifecycle
            • Bryghtpath Crisis Management Framework
            • Bryghtpath Exercise Maturity Model
            • Bryghtpath Global Security Framework
            • Bryghtpath Long-Term Recovery Framework
            • Bryghtpath Professional Reading List
            • Bryghtpath Workplace Violence & Threat Management Toolkit
          • Resiliency Professionals Facebook Group
          • Resource Library
          • Webinars & Videos
          • Whitepapers & Reports
        • Our Thoughts & Insights
          • Articles
          • Lead Through Disruption. Stay Ahead with Bryghtpath.
          • Managing Uncertainty Podcast
          • Media & Professional Appearances
          • YouTube Channel
        • Whitepapers & Reports
          • Global Security Operations Centers & Resilience
          • Managing the Whole Crisis: The Ransomware Challenge
          • Mastering Uncertainty: Strengthening Organizational Resilience
          • Social Activism Campaigns
          • The Resilience Roadmap: 250 Ways to Fortify your Business against Disruption
  • Industries
        • Our Industry Expertise

          Bryghtpath has extensive experience in a number of industries working with clients of all sizes, geographical locations, and business models. As a team, we possess, deep global operating experience on every continent around the world.

        • Industries Overview

        • Case Studies

        • Start your Journey

        • Education

          Education Icon
        • Finance

          Financial Services 800x800
        • Government

          Government Icon
        • Healthcare

          Healthcare Icon 800x800
        • Hospitality & Leisure

          Hospitality & Leisure Industry Icon 800x800
        • Life Sciences

          Life Sciences 800x800
        • Logistics

          Transportation & Logistics Industry Icon 800x800
        • Manufacturing

          Manufacturing Industry Icon 800x800
        • Non-Profits

          Non-Profit Industry Icon 800x800
        • Retail

          Retail Industry Icon 800x800
        • Tech & Media

          Communications Industry Icon 800x800
        • Utilities

          Power & Utilities Icon
  • Products
        • Our Products

          College Classroom - Mature Teacher
        • Crisis Playbook™️

        • Exercise in a Box™️

        • Exercise in a Day™️

        • Books
          • From Panic to Poise: Crisis Management in the Modern World
          • The Continuity Code: Mastering Business Resilience
        • Crisis Playbook™️
          • Overview
          • Active Shooter Plan
          • Emergency Response Guide
          • Fatality
          • Food/Product Recall
          • Protest
          • Violent Attack
        • Maturity Models
          • Overview
          • ASIS Workplace Violence and Active Assailant
          • FFEIC Maturity Model – Business Continuity
          • ISO 22301 – Business Continuity
          • ISO 22361 – Crisis Management
          • ISO 27031 - IT Disaster Recovery
          • NIST 800-53 Contingency Planning Maturity Model
        • Templates & More
          • After-Action Process & Templates
          • Awareness Collateral
          • Business Continuity Plan Templates
          • Crisis Management Plan Templates
          • Disaster Recovery Plan Templates
          • Job Descriptions
  •  

Mobile Menu

  • Start
  • Company
    • About Bryghtpath
      • Case Studies & Results
      • Certifications and Awards
      • Contact Bryghtpath
      • Contract Vehicles
      • Media & Professional Appearances
      • Our Clients
      • Our Proven Process
      • Security & Compliance
      • Strategic Partners
      • Work with Us
  • Capabilities
    • Our Capabilities
    • Business Continuity
      • Business Continuity – Overview
      • Business Continuity as a Service (BCaaS)
      • Business Continuity Software
      • Coaching
      • IT Disaster Recovery
      • Resiliency Diagnosis®️
    • Crisis Management
      • Crisis Management – Overview
      • Crisis Communications
      • Crisis Exercises
      • Cyber Crisis Exercises
      • Cyber Incident Response Planning
      • Crisis Playbook®️
      • Global Security Operations Center (GSOC)
      • Resiliency Diagnosis®️
    • Other Capabilities
      • Intelligence & Global Security Consulting
      • Speaking
      • Training
  • Courses & Training
    • Coaching
      • 1-on-1 Coaching Call
      • Private Backchannel
      • Private Coaching Program
    • Free Intro Courses
      • Overview
      • Business Continuity 101
      • Crisis Communications 101
      • Crisis Management 101
    • Premium Courses
      • Overview
      • Custom Training
      • 5-Day Business Continuity Accelerator
      • Communicating in the Critical Moment
      • Crisis Management Academy®️
      • Preparing for Careers in Resilience
  • Expertise
    • Our Expertise
    • Our Thoughts & Insights
      • Articles
      • Lead Through Disruption. Stay Ahead with Bryghtpath.
      • Managing Uncertainty Podcast
      • Media & Professional Appearances
      • YouTube Channel
    • Free Resources & Frameworks
      • Overview – Free Resources
      • Bryghtpath Frameworks
        • Bryghtpath Business Continuity Lifecycle
        • Bryghtpath Crisis Management Framework
        • Bryghtpath Exercise Maturity Model
        • Bryghtpath Global Security Framework
        • Bryghtpath Long-Term Recovery Framework
        • Bryghtpath Professional Reading List
        • Bryghtpath Workplace Violence & Threat Management Toolkit
      • Resiliency Professionals Facebook Group
      • Resource Library
      • Webinars & Videos
      • Whitepapers & Reports
    • Whitepapers & Reports
      • Global Security Operations Centers & Resilience
      • Managing the Whole Crisis: The Ransomware Challenge
      • Mastering Uncertainty: Strengthening Organizational Resilience
      • Social Activism Campaigns
      • The Resilience Roadmap: 250 Ways to Fortify your Business against Disruption
  • Industries
  • Products
    • Books
      • From Panic to Poise: Crisis Management in the Modern World
      • The Continuity Code: Mastering Business Resilience
    • Crisis Playbook™️
      • Overview
      • Active Shooter Plan
      • Emergency Response Guide
      • Fatality
      • Food/Product Recall
      • Protest
      • Violent Attack
    • Maturity Models
      • Overview
      • ASIS Workplace Violence and Active Assailant
      • FFEIC Maturity Model – Business Continuity
      • ISO 22301 – Business Continuity
      • ISO 22361 – Crisis Management
      • ISO 27031 – IT Disaster Recovery
      • NIST 800-53 Contingency Planning Maturity Model
    • Templates & More
      • After-Action Process & Templates
      • Awareness Collateral
      • Business Continuity Plan Templates
      • Crisis Management Plan Templates
      • Disaster Recovery Plan Templates
      • Job Descriptions
  •  

Evaluating Business Continuity Programs: Is your Business Continuity Program ready for the next Disruption?

You are here: Home / Business Continuity / Evaluating Business Continuity Programs: Is your Business Continuity Program ready for the next Disruption?

April 21, 2021 By //  by Bryan Strawser

Is Your Business Continuity Program Ready for the Next Disruption?

A series of hurricanes tore through the Caribbean and the U.S. southern states in August and September of 2017.

Harvey, Irma, and Maria took hundreds of lives and inflicted $210 billion in damage.

On March 11, 2020, the National Basketball Association postponed its season with no clear idea of if or when it would resume.

Within days, companies across the country sent employees home — many of them with no clear plan for how to do their jobs remotely.

The reason?

COVID-19.

The 2017 hurricane season and the global pandemic are just two of many recent examples of crisis events that drastically disrupted business operations.

Preparing for Disruption

In the event of a disaster, how will you respond?

No one enjoys thinking about crisis management or disaster recovery. But this much is certain: your business will face unexpected disruptions.

As experts in business continuity, we often get calls after crisis events. The questions business leaders often ask sound similar. They sound like this:

  • What can we do to prepare our company to survive the next disruption?

The answer?

Business continuity planning.

What Is Business Continuity Planning?

Put simply, a business continuity plan is a written set of instructions to follow in response to a disruption of your business.

For formal standards, we use ISO 22301, a widely accepted industry standard for organizational resilience. It describes the focus of a business continuity management system (BCMS) as follows:

A BCMS emphasizes the importance of:

  • understanding the organization’s needs and the necessity for establishing business continuity policies and objectives;
  • operating and maintaining processes, capabilities, and response structures for ensuring the organization will survive disruptions;
  • monitoring and reviewing the performance and effectiveness of the BCMS;
  • continual improvement based on qualitative and quantitative measures.

When you think about continuity and disaster recovery planning, the ISO 22301 standard is a blueprint. It’s a starting place, not a step-by-step instruction manual specific to your business.

What Kinds of Events Should I Plan For?

A business disruption is any incident disrupts your business’ normal operating procedures — either temporarily or permanently.

Examples of disruptions from recent years include:

  • Natural disasters (examples: hurricanes, tornados, earthquakes, floods, severe winter storms)
  • Infrastructure disruptions (examples: power outages, cyber-attacks, data security breach, data center disruptions, telecom and internet downtime)
  • Conflict and violence (examples: active shooter, terrorist attacks, riots)
  • Personnel events (examples: absence of key employees, executive misconduct)

Continuity planning is the intentional, ongoing process of planning how you will respond to disruptions of all kinds, including — but not limited to — the ones listed above.

Some incidents are temporary and can be resolved quickly. Others require an extended change in business processes (for example, the COVID-19 pandemic).

Events like these will test your company’s resilience — and they’ll reveal the strengths and weaknesses of your continuity program in real-life situations.

No one can plan for every possible disruption, but a strong business continuity program will guide your company’s response when it experiences a disruption.

What-is-BC-Planning-Disruption-Examples Evaluating Business Continuity Programs: Is your Business Continuity Program ready for the next Disruption?

How to Evaluate a Business Continuity Program

We are often engaged to evaluate business continuity programs, evaluate the risk faced by companies, and help improve the long-term resiliency of an organization.

The process we’ve developed can be used to evaluate continuity programs in businesses of any size — from small consulting firms to multi-billion-dollar utility companies.

We call our proprietary process the Resiliency Diagnosis.

A full review takes between four and eight weeks, but in every case, the process begins by defining what — exactly — your organization needs from its continuity program.

What-is-BC-Planning-Steps Evaluating Business Continuity Programs: Is your Business Continuity Program ready for the next Disruption?

Here’s the process we follow:

1. Define What You Need from the Program

Sometimes a company executive will say: “We want a world-class continuity program.”

In most cases, “world-class” is beyond the company’s actual needs.

For this reason, we always start by reviewing the organization’s strategic goals and objectives, and we ask how a business continuity program should support those goals.

To do this, we ask questions such as:

  • What are your organization’s mission and vision?
  • Are there particular values for the organization as a whole?
  • What are the organization’s strategic goals and objectives?
  • How would you define your internal culture? In other words, what are the written and unwritten rules for operating internally?
  • What is the perception of the current business continuity program and team?
  • How does the business continuity program support the organization’s strategic objectives?

I have received calls from chief executive officers, chief security officers, and chief information security officers responding to directions from the board of directors or a board-appointed audit committee to implement a business continuity program.

I’ve also been in meetings where the CEO is championing the initiative after an emergency management official asked about business continuity and crisis management — and the CEO wasn’t sure how to respond.

2. Review Company Documentation and Artifacts

Step two is to review your documentation.

As with any business plan, if it’s not in writing, it doesn’t really exist. Hopefully, you already have documented processes that describe how your business continuity program operates, along with crisis management processes for decision making, communication, and escalation.

You should also go beyond your business continuity documentation and review any major business documentation, including:

  • Mission, vision, and values
  • Investor reports
  • Strategic plans
  • Employee handbooks and documentation

Look at your existing documentation for people as well as information technology. We look for:

  • Information about high-availability, backup, and recovery strategies in IT
  • Plans for human resources disruptions
  • Supply chain continuity and recovery strategies
  • Documentation of potential threats
  • Key business objectives.

This review will show you where you are today, creating the foundation for a business continuity strategy tied to the company’s existing culture and strategic objectives.

3. Talk with Everyone on the Team

Step three is to talk with the people involved in the business continuity program, including program team members, stakeholders, and leaders of critical business functions. These are the people we’ll include in our evaluation process as you work to improve your organizational resilience.

These interviews tend to be full of open-ended questions. You want to hear first-person accounts of how your team responds to business disruptions.

For example, we’ve recently been asking questions such as:

  • You just spent 15 months dealing with COVID-19. What decisions did you and your team have to make to respond to the disruption in your business? What process did you use to make these decisions?
  • Have there been other disruptions that you’ve been a part of managing during your time at the company? Tell us a bit about those.
  • What plans or processes did you use during those previous disruptions? How did they help?
  • What risks or issues keep you up at night in terms of disruptions or crisis situations?

These interviews provide specific, concrete examples of how the program is perceived within the company. They also illustrate how previous disruptions have been managed, providing valuable insights that complement what we’ve already learned reviewing documentation.

4. Complete the Maturity Model

Once you’ve reviewed your documentation and talked to employees, you’ll have a clear view of the business continuity program at your company.

Now you can compare what you’ve learned about your current program against the ISO 22301 standard and see how the maturity of your program stacks up.

Using a maturity model as a part of your evaluation can help you easily compare your current business continuity program against the industry standard in ISO 22301 to spot areas of strength and opportunity.

When we’re working with a company to conduct an evaluation of its program, we provide a detailed view from a maturity standpoint using a proprietary maturity model we’ve developed.  We provide a maturity score across 98 factors, score roll ups across the core themes of ISO 22301, and an overall maturity score.

From there, we provide a roadmap, based on your specific industry, for where you should be in the next year, two years from now, three years from now, and so on.

What-is-BC-Planning-Maturity-Model Evaluating Business Continuity Programs: Is your Business Continuity Program ready for the next Disruption?
Example ISO 22301 Maturity Model Scoring

5. Make a Plan for Improvement

Every continuity program evaluation ends with a comprehensive Resiliency Diagnosis report including key findings, strengths, opportunities, and recommendations for improvement.

Specifically, the report contains three major sections:

  1. Observations: The facts you observed about the program, supported by artifacts, documentation, and interviews
  2. Maturity model score and overview: A detailed look at how your continuity program scored against the ISO 22301 standard — along with strengths and opportunities
  3. Recommendations: Specific, concrete recommendations for actions your company could take to improve operational resilience during a business disruption.

The observations and maturity model scoring provide context for the current state of your business continuity program.

The recommendations then provide a roadmap with concrete and measurable steps on maturing the program over time.

Taken together, these three elements provide a thorough Resiliency Diagnosis evaluation report to influence executives and stakeholders towards the investments needed to mature your business continuity program and improve your organization’s resilience.

Learn more about our Resiliency Diagnosis Evaluation Process

Our Resiliency Diagnosis process is the perfect way to advance your business continuity, crisis management, and/or disaster recovery program.

Our thorough standards-based review culminates in a full report, maturity model scoring, and clear recommendations for improvement.

You’ll know exactly where you stand and how to go about rapidly improving your current state of resiliency.

Learn more about our Resiliency Diagnosis methodology

The Business Impact of a Strong Continuity Program

The challenge with business continuity is that you never know when a disruption will happen.

For that reason, we believe strongly that business continuity programs should be evaluated annually and improved and revised to reflect new business challenges and changes to the broader business landscape. You can learn more about our approach to Business Continuity in our Ultimate Guide to Business Continuity.

No one saw the COVID-19 pandemic coming, but everyone had to adjust.

A strong continuity program can’t take away the risk of disruption, but it can position your company to react swiftly and efficiently when a disruption hits.

Learn more about our proprietary Resiliency Diagnosis process and setup an initial call today.

Resiliency-Diagnosis-FB-Evaluate-400x400 Evaluating Business Continuity Programs: Is your Business Continuity Program ready for the next Disruption?

 

Category: Business ContinuityTag: Bryan Strawser, bryghtpath, bryghtpath llc, Business Continuity, business continuity consultant, business continuity evaluation, business continuity management, business continuity maturity model, covid 19, iso 22301, iso 22301 evaluation, iso 22301 maturity model, maturity model

About Bryan Strawser

Bryan Strawser is Founder, Principal, and Chief Executive at Bryghtpath LLC, a strategic advisory firm he founded in 2014. He has more than twenty-five years of experience in the areas of, business continuity, disaster recovery, crisis management, enterprise risk, intelligence, and crisis communications.

At Bryghtpath, Bryan leads a team of experts that offer strategic counsel and support to the world’s leading brands, public sector agencies, and nonprofit organizations to strategically navigate uncertainty and disruption.

Learn more about Bryan at this link.

Previous Post: «Year two crisis management Prevent and Recover from Marketing Missteps
Next Post: Business Continuity as a Service: How to Outsource Your Continuity Program »

Footer

Contact

BRYGHTPATH LLC
+1.612.235.6435

PO Box 131416
Saint Paul, MN 55113
USA


contact@bryghtpath.com

  • Facebook
  • LinkedIn
  • RSS
  • Twitter
  • YouTube

Our Capabilities

  • Business Continuity
    • Business Continuity as a Service (BCaaS)
    • Business Continuity Software
    • Coaching
    • IT Disaster Recovery Consulting Services
    • Resiliency Diagnosis®️
  • Crisis Communications
  • Crisis Management
    • Crisis Exercises
    • Cyber Crisis Exercises
    • Cyber Incident Response Planning
    • Global Security Operations Center (GSOC)
  • Speaking
  • Training

Our Free Courses

Business Continuity 101

Crisis Communications 101

Crisis Management 101

Our Premium Courses

5-Day Business Continuity Accelerator

Communicating in the Critical Moment

Crisis Management Academy®️

Preparing for Careers in Resilience

Our Products

After-Action Templates

Books

Business Continuity Plan Templates

Communications & Awareness Collateral Packages

Crisis Plan Templates

Crisis Playbook®

Disaster Recovery Templates

Exercise in a Box®

Exercise in a Day®

Maturity Models

Ready-Made Crisis Plans

Resilience Job Descriptions

Pre-made Processes & Templates

Site Footer

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Bryghtpath®, Crisis Management Academy®, Crisis Playbook®, Exercise in a Box®, Exercise in a Day®, Resiliency Diagnosis®, Resilience Operating Model™
and their respective logos are registered trademarks of Bryghtpath LLC in the United States and other countries.


About Bryghtpath LLC | Disclaimer | Privacy | Status Page | Terms of Use

Proudly powered by Mai Theme, the Genesis Framework, and Wordpress.