Plan-Do-Check-Act and your Business Continuity Program

Let’s talk about the law of aggregate marginal gains.

As the theory goes, many tiny improvements add up to huge wins over time.

In the case of the British Cycling Team, the accumulation of tiny improvements like improved handwashing, new massage gels and pillows, and tweaks to bike ergonomics were credited for the team’s wildly successful performance at the 2012 Tour de France and London Olympics.

For the rest of us, a more practical example of the theory in action might be parking at the end of the parking lot, taking the stairs, and skipping dessert to shed a few more pounds over the course of a year. Or if savings are the goal, ditching your drive-through coffee each morning, packing your lunch, and collecting your change can quickly propel your savings efforts into appreciable gains.

In theory, the law of aggregate marginal gains seems like a foolproof and nearly effortless way to accomplish big things.

So how is it then that the average 20-something has less than $10,000 in their retirement savings?

And am I the only one with a step-tracking smart-watch who has yet to fit back into my size 34 jeans from college?

Why Your Business Continuity Program Needs Plan-Do-Check-Act

There are endless explanations for why we humans find it so hard to make progress towards our goals—whether it be losing weight, saving money, or making strides in our business.

When it comes to organizational resiliency, one of the most common problems I see is not having a good system for implementing and improving your business continuity program.

Ad hoc efforts usually lead to ad hoc results. Opportunities for improvement slip through the cracks and your program quietly and unimpressively manages to subsist. Not exactly your dream scenario.

Especially considering the ramifications of being unprepared for the next disruption.

Meaningful improvements—whether to your waist size, your resiliency, or your bottom line—require a proven methodology to evaluate what’s working and what’s not. And to ensure that you’re making consistent efforts towards those improvements over time.

If your business continuity program doesn’t already have a system in place to do this, the Plan-Do-Check-Act model is a good place to start.

What is Plan-Do-Check-Act?

The Plan-Do-Check-Act (PDCA) model is a highly effective and proven approach for implementing, maintaining, and maturing a business continuity program, or any program for that matter.

In early iterations, the PDCA model was referred to as the Deming-Shewhart cycle (named for its creators) and today is part of the foundational theory that undergirds Lean Six Sigma, Kaizen, ISO standards, and other systems for quality management and improvement.

So if your organization already has a process for establishing and maintaining your programs, it likely shares many similarities to the Plan-Do-Check-Act model or is loosely based on the PDCA methodology.  Whatever your experience, you’ve likely heard of Plan-Do-Check-Act before, or at least seen it in practice.

But what exactly is Plan-Do-Check-Act and how can it help your organization better achieve its resiliency goals?

The PDCA model is based on a four-step closed-loop cycle that is used to improve a process or project over time. The steps, in short, are as follows:

• Plan: Establish your objectives, processes, procedures, and resources
• Do: Implement and operate your program or project as informed by your plan
• Check: Gather data and evaluate the outcomes from the “do” phase
• Act: Use insights from the “check” phase to identify corrective and preventive actions and drive continuous improvement over time

The PDCA process is continuous, rather than focused on a discrete endpoint.  The result is an upwards spiral of continuous program and project improvement that has the potential to bring tremendous gains when applied consistently and correctly. Nike and Toyota are but two commonly cited examples of organizations that have used the PDCA model with much success.

How Does Plan-Do-Check-Act Relate to ISO 22301?

In 2012, the International Standards Organization (ISO) implemented a new harmonized structure for developing management system standards, or Annex SL. Steps 4-10 of the Annex SL framework were specifically designed to incorporate the key elements of the PDCA cycle.

Many of the current ISO standards, including ISO 22301:2019 for Business Continuity Management, have since been revised to incorporate the new Annex SL structure. As a result, the PDCA model heavily informs the current international standard and best practice framework for business continuity management.

The diagram below illustrates how the components of ISO 22301:2019 correlate with the PDCA cycle.

Plan-Do-Check-Act	ISO 22301:2019
Plan: Establish	Clause 4—Context of the organization Identify internal and external drivers, including legal and regulatory requirements, and the needs and expectations of all stakeholders. Determine plan scope. Clause 5—Leadership Determine how top management will demonstrate its leadership and commitment to the business continuity program. Establish and communicate the business continuity policy. Assign program roles and responsibilities and determine how business continuity performance will be reported to top management. Clause 6—Planning Define strategic and mission-critical objectives in consideration of both external and internal drivers. Determine risk tolerance and risk acceptance, and how risks and opportunities will be handled. Determine required resources, responsibilities, timelines, and how results will be evaluated. Clause 7—Support Identify training and communications requirements. Establish plans for documenting, maintaining, and controlling the business continuity management system.
Do: Implement and operate	Clause 8—Operation Plan, implement and document the business continuity program. This includes: Conducting the Business Impact Analysis (BIA) and Risk Assessment Identifying, selecting, and implementing appropriate business continuity strategies and solutions Creating response and communication structures Developing and testing business continuity plans and procedures
Check: Monitor and review	Clause 9—Performance evaluation Determine how, when, and by whom the program will be monitored, measured, and evaluated. Conduct internal audits and determine how top management will regularly review business continuity program progress and effectiveness.
Act: Maintain and improve	Clause 10—Evaluate and improve Determine opportunities for improvement and take appropriate corrective actions as part of the continual improvement process.

How Plan-Do-Check-Act Can Improve Your Organizational Resilience

The first and most obvious benefit of utilizing the PDCA model is having an effective and proven method for evaluating and improving your company’s business continuity program. Still, there are many other ways that PDCA can add value to your business continuity planning efforts.

Alignment

If you want the support of the C-Suite and board, you need to understand their perspective and align the activities of your business continuity program to your organization’s overarching objectives.

• What are your company’s mission, vision, and strategic objectives?
• What initiatives are most important right now?
• What are the external drivers that most influence your company’s operations?
• What products and services are you trying to protect and what is the likely impact of a disruption?

Using the PDCA model helps ensure your business continuity program aligns with other top-level management structures and utilizes a common language and standards that are familiar to your company’s executive and leadership team. As a result, you can better communicate how your business continuity program helps the company meet its overarching objectives and secure more internal support and resources for your program.

Engagement

It’s one thing to get board and executive buy-in on your business continuity program but quite another to have them actively engaged in the process (at least at a high level).

Executive management and leadership play a key role in program improvement under the PDCA model. As a result, utilizing the PDCA cycle can help ensure decision-makers are in the know and exercising proper oversight over your business continuity planning efforts. It can also help open new channels for governance conversations between your organization’s leaders and those directly responsible for and impacted by your business continuity plans.

Compliance

Applying a PDCA model to business continuity planning ensures your business continuity program aligns with global standards.  This can help streamline the external audit and inspection process.

Modeling the PDCA approach outlined in ISO 22301 also ensures that relevant legal and compliance obligations are adequately addressed by your resiliency plan.

Best Practices for Applying Plan-Do-Check-Act to Your Business Continuity Program

Many consultants take a standardized approach to helping their clients implement or improve their business continuity planning program. This often involves a line-by-line cross-reference of the ISO 22301 standards against the company’s existing practices and procedures and creating a line-item list of gaps that need to be addressed.

We don’t do that at Bryghtpath.  And here’s why.

Every company has its own unique culture, which informs everything from how you communicate and work together to how you make decisions.

And every company is at a different point on its path to resiliency.  Many companies have already organically built many of the capabilities embodied in the PDCA model and simply need to integrate them into a more structured program. Others are starting from the very beginning.

Likewise, every company has different resources and risk tolerances that inform their business continuity planning investment.

That’s why our best advice to anyone considering how the Plan-Do-Check-Act cycle can improve their business continuity program is to find a consultant who appreciates the science behind the PDCA model—but also appreciates the need for its artful application to your business’s particular resiliency needs.

Conclusion

The Plan-Do-Check-Act cycle is a highly effective and proven approach for implementing, maintaining, and maturing a business continuity program. And having a better understanding of the PDCA model can positively inform your approach no matter where your business is on its business continuity planning journey.

At Brygthpath, we can help you understand how your resiliency efforts line up with the PDCA model and prioritize your next best steps for improving your business continuity program. Learn more about our approach to Business Continuity in our Ultimate Guide to Business Continuity and then contact us today.