The
post-crisis recovery phase is one of the least addressed in planning, training
and simulations. This is an area that,
if not properly managed, can cost financially, reputationally and operationally. Communications, internal and external are, at
best, misjudged. Guidelines for recovery
are lacking and most entities lose focus when it comes to discussing recovery
operations. It may be that recovery is
one of the most complicated of the lifecycle elements and that no two
recoveries are going to follow the same pattern. However, the recovery process can be
segmented into manageable bits that can be undertaken using a project
management approach.
Business Continuity Lifecycle – A
Perspective on Recovery
Transition
point 2, I have titled “Unplanned Disruption”.
This is the phase where we begin to identify and address the unplanned
developments that result from the event and the reactive response to the
event. Unplanned disruption would
include those elements of surprise that the planning effort did not directly
address or completely overlooked. During
this phase it is possible that crisis management becomes the lead element in
the business continuity process.
Transition
point 3, I have titled “Planned Disruption”.
It is in this phase that the plan is actually working as it was written
(well perhaps). This phase is critical
to recovery as the recovery planning, based on actual reentry assessment
activities, should commence and the recovery team should be transitioned in to
the organization.
Transition
point 4, I have titled “Termination”. It
is in this phase that recovery activities are in full swing. Restoration and resumption of business
operations are underway. The resumption
activities may still be conducted at an alternate location (if an evacuation
has occurred). During this phase the
recovery team is moving dislocated units, entities, etc. back to the normal
work area. It is critical in this phase
to get it “right” so that the transition back does not create a new
event/crisis. Note that on figure 1, I
have differentiated the Recovery Management aspect, as well as the “Business
Recovery” and the “Systems/Information Recovery” activities.
Business
Recovery involves more than the recovery of systems/information. Activities, such as Finance, Marketing, Legal,
Production, internal support and external support (“Value Chain”) have to be
reset and integrated back into the organization. Depending on the severity of the event,
realignment of operations, reorganization and resetting of corporate
goals/objectives may be necessary. While
too numerous to delineate in this space, one should have a plan that outlines
the functions and areas within the organization. This plan should establish timelines for
recovery of these activities and reintegration into the business
operation. To ensure smooth transition
from event termination to recovery and resumption of “normal business”
operations a touchpoint assessment should be part of the recovery process. This assessment would identify the various
touchpoints that major units have in order to incorporate them into the
recovery timeline. For example, if a
production unit is coming back on line and new or altered processes are being
put in place; training may be required for operators/staff. The touchpoint with Human Resources would be
the training program and certification of staff to operate in the new/altered
environment.
Concluding Thoughts
While I have
highlighted some aspects of the recovery process in this brief article, I think
it is necessary to offer a suggestion regarding recovery plan validation
activities. Some may use the term
“drills and exercises” or “simulations” or “war gaming” to describe the
validation process. Designing,
developing and implementing a “Recovery Exercise” is, in my experience, a very
rare occurrence. I would recommend that
planners take a moment to assess the actual recovery capabilities of their
organization. Design, develop and
implement a drill or exercise; whether tabletop or full scale, to see if
recovery operations can actually be undertaken and carried out as described in
the plan or in the thought process of the organization. This is an ideal situation for involving the
public sector and the “Value Chain” components within your planning framework. The focus should be on identification of
flawed decisions to establish a context for correcting flaws within the risk
assessment, business impact assessment process.
About Geary Sikich – Entrepreneur, consultant, author and business lecturer
Contact Information: E-mail: G.Sikich@att.net or gsikich@logicalmanagement.com. Telephone: 1- 219-922-7718.
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base. With a M.Ed. in Counseling and Guidance, Geary's focus is human capital: what people think, who they are, what they need and how they communicate. With over 25 years in management consulting as a trusted advisor, crisis manager, senior executive and educator, Geary brings unprecedented value to clients worldwide.
He holds a B.S. in Criminology from Indiana State University and a M.Ed., in Counseling & Guidance from the University of Texas at El Paso. A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet.
He holds a B.S. in Criminology from Indiana State University and a M.Ed., in Counseling & Guidance from the University of Texas at El Paso. A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet.
