In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses the Plan Do Check Act Cycle in your Business Continuity Program.
Topics discussed include the Plan Do Check Act Cycle, how the PDCA Cycle connects to the ISO 22301 Standard (and others), and how you can use the PDCA cycle to mature and improve your business continuity program.
Related Episodes & Blog Posts
- Blog Post: A look at the new ISO 22317 Standard for Business Impact Analysis (BIA)
- Blog Post: Using ISO 22301 to Evaluate your Business Continuity Program
- Blog Post: Plan-Do-Check-Act and your Business Continuity Program
- Episode #110: Is your BC Program ready for the next disruption?
- Episode #121: Metrics for Success in your Business Continuity Program
- ASQ: What is the Plan Do Check Act (PDCA) Cycle?
- Lean Enterprise Institute: Plan, Do, Check, Act
Hello, and Welcome to the Managing Uncertainty Podcast. This is Bryan Strawser, Principal and Chief Executive here at Bryghtpath, and in this week’s episode of our podcast, I’d like to talk about the Plan Do Check Act Cycle in your Business Continuity Program. And I want to start by talking about the Law of Aggregate Marginal Gain. As this theory goes, many tiny improvements can add up to huge wins over time. In the case of the British Cycling Team from many years ago, the small acclimation of tiny improvements, such as improved hand-washing, new massage gels and pillows, and minor changes to their bike ergonomics were credited for their wildly successful performance at the 2012 Tour de France, and then the London Olympics. For the rest of us, a more practical example of this theory in action might be parking at the far end of the parking lot, taking the stairs, and then skipping dessert to shed a few more pounds over the course of the year. Or if savings are your goal, ditching your drive-through coffee every morning, packing your lunch, and collecting your change can quickly propel your savings efforts into appreciable gains.
In theory, the Law of Aggregate Marginal Gain seems like a foolproof and nearly effortless way to accomplish big things. So how is that then the average 20 something has less than $10,000 in retirement savings? And am I the only person here with a step-tracking smartwatch, I use an Apple Watch, who has yet to fit back into my size 34 jeans that I wore in high school? There’s endless explanations for why as humans we find it hard to make progress towards our goals, whether it’s losing weight or saving money, or making strides in our business. When it comes to organizational resiliency, one of the common problems I see is just not having a good system for implementing and improving maturing your Business Continuity Program. Ad hoc efforts, in my experience, lead to ad hoc results. Opportunities for improvement will slip through the cracks in your program quietly and unimpressively just manage to subsist.
It’s not exactly your dream scenario, especially considering the ramifications of being unprepared for the next disruption that your company will face. Meaningful improvements, whether to your waist size, your company’s resilience, or your bottom line require a proven methodology to evaluate what’s working and what’s not and to ensure that you’re making consistent efforts towards those improvements over time. If your Business Continuity Program doesn’t already have a system in place to do this, then the Plan Do Check Act Model, or the PDCA Cycle, some will call it, the Deming Cycle, is a good place to start. What is Plan Do Check Act? The Plan Do Check Act Model is a highly effective and proven approach for implementing, maintaining, and ensuring a Business Continuity Program. Or, for that matter, it’s a way to do this with really any standard program that you’re implementing that’s based on an industry standard.
In its early iterations, the PDCA Model was referred to as the Deming Cycle or the Deming Shewhart Cycle, which was named for its creators. Today, it’s part of the foundational theory that underlines Lean, Six Sigma, Kaizen, the ISO Standards, and other systems for quality management and improvement. So if your organization already has a process for establishing and maintaining your programs, it likely shares many similarities to this model or it’s loosely based on this methodology. Whatever your experience, you’ve likely heard of this before or at least seen it in practice, even if you’ve never heard it called this. But what exactly is it and how can it help your organization better achieve its resiliency goals? The PDCA model is based on a four-step closed-loop cycle. That’s used to improve a process or project over time. The steps, in short, are as follows: Plan, establish your objectives, processes, procedures, and resources, Do, implement, and operate your program or project as informed by your plan, Check, gather data and evaluate the outcomes from your Do phase, and Act, use insights from the Check phase to identify corrective and preventative actions and drive continuous improvement over time.
The PDCA Cycle is continuous rather than focused on a discreet endpoint. The result is this upward spiral of continuous program and project improvement that has the potential to bring tremendous gains when applied consistently and correctly. Companies like Nike and Toyota are just two commonly cited examples of companies that have used this with much success. So you’re probably wondering, how does all of this, how does this Plan Do Check Act cycle relate to ISO 22301? How does it relate to business continuity? Well, in 2012, ISO, the International Standards Organization, implemented a new structure for developing management system standards. It was called Annex SL. In six steps, steps four through 10 of this framework, were designed to incorporate the key elements from the Plan Do Check Act Cycle, many of the current ISO standards, including the ISO 22301 Standard that we use for business continuity management, have since been revised to incorporate this new structure. As a result, this model of Plan Do Check Act heavily informs the current international standard and what at Bryghtpath we think of as the best practice framework for business continuity management.
Let me walk through how these things connect to the ISO Standard, how the PDCA Cycle connects to the ISO Standard. Plan, where we’re establishing the plan, well, the ISO Standard references this in four different clauses. In clause four, we talk about the plan scope and about identifying the context of the organization. What are the internal and external drivers? What are the regulatory and legal requirements? What are the needs and expectations of our stakeholders? In clause five, for leadership, we talk about, well, how will top management demonstrate its leadership and commitment to the program? How do we establish and communicate a business continuity policy? How do we assign program roles and responsibilities and determine how performance will be reported back to top management? In clause six, for planning, we talk about defining strategic and mission-critical objectives in consideration of the drivers we previously identified.
We talk about risk tolerance and acceptance and how risks and opportunities will be handled and we determine what required resources, responsibilities, timelines, and results will be evaluated. And then, finally, in clause seven of the ISO Standard, we identify training and communication requirements, and we establish plans to document, maintain, and control the business continuity management system. Do from the PDCA Cycle is about implementing and operating. Well, that’s clause eight of the ISO Standard, operation. How do we plan, implement, and document the program, including the BIA, the risk assessment, creating, identifying, selecting, and implementing appropriate business continuity strategies and solutions? How do we create response and communication structures? And how do we develop and task to business continuity plans and procedures? Check from the PDCA cycle, how do we monitor and review what’s going on? That’s clause nine from the ISO Standard, performance evaluation.
We determine how, when, and by whom the program will be monitored, measured, and evaluated. We conduct audits and we determine how top management will regularly review the progress of the program and it’s effectiveness. And then, finally, Act, how do we maintain and approve? Well, that’s clause 10, evaluate and improve from the ISO Standard. We determine opportunities for improvement and we take appropriate corrective action as a part of the continual improvement process. So how can you use this to improve your organizational resilience? Well, the first and most obvious benefit of using the PDCA Cycle is having an effective and proven method for evaluating and improving your company’s Business Continuity Program. There are many other ways that PDCA can add value to your business continuity planning efforts.
Alignment, if you want the support of your C-suite and your board, you need to understand their perspective and you need to ensure that you’ve aligned the activities of your Business Continuity Program to your organization’s overarching objectives. What are your company’s mission, vision, and strategic objectives? What initiatives are most important to your executives right now? What are the external drivers that most influence your company’s operations? And what products and services are you trying to protect? And what is the likely impact of a disruption to those products and services? Using the PDCA Model can help ensure your Business Continuity Program aligns with those other top-level management structures and utilizes a common language and standards that are familiar to your company’s executive and leadership team. As a result, you can better communicate how your program helps the company meet its overarching objectives and secure more internal support and resources for your program.
The second part is engagement. It’s one thing to get board and executive buy-in on the program, but it’s quite another thing to have them actively engaged in the process, or at least at a high level. Executive management and leadership play a key role in program improvement under the PDCA Model. As a result, utilizing the PDCA Cycle can help ensure decision-makers are in the know and that they’re exercising proper oversight over your business continuity planning efforts. It could also help open new channels for governance conversations between your organization’s leaders and those directly responsible for and impacted by your business continuity plans. And then the third is around compliance. Applying the PDCA Model to business continuity planning ensures that your program aligns with global standards. That can help streamline the external audit and inspection process.
Modeling this approach as outlined in ISO 22301 also ensures that relevant legal and compliance obligations are adequately addressed by your resiliency plan. So what are some best practices for applying PDCA to your Business Continuity Program? Well, a lot of companies are going to take a very standardized approach to this and a lot of consultants are going to take a standardized approach to this by helping clients implement or improve their business continuity planning efforts. This often involves almost a line-by-line cross-reference of the ISO 22301 standards against the company’s existing practices and procedures in creating a line item list of gaps that need to be addressed. Now, that’s not my approach here at a Bryghtpath, and here’s why. Every company has a unique culture and that culture informs everything from how you communicate and work together to how you make decisions, and every company is on a different point in its path towards organizational resilience.
Some companies have already organically built many of these capabilities that we talk about with the PDCA cycle and they just need to integrate them into a more structured Business Continuity Program. Others are at the very beginning and they’re starting from scratch. Likewise, every company has different resources and risk tolerances that inform your program investment. That’s why our best advice to anyone considering using the PDCA Cycle and how you can use that to improve your Business Continuity Program is to find a consultant that appreciates the science and the methodology behind the model but also appreciates the need for its artful application to your business’ particular resiliency needs. I think the Plan Do Check Act Cycle is a highly effective and proven approach for implementing, maintaining, and maturing a Business Continuity Program, and having a better understanding of this model can positively inform your approach no matter where your business is on your business continuity planning and Business Continuity Program journey.
At Bryghtpath, we can help you understand how your resiliency efforts line up with the PDCA Model and help prioritize your next best steps for improving your Business Continuity Program. That’s it for this edition of the Managing Uncertainty Podcast. We’ll be back next week with another new episode. Be well.