Business Continuity Planning: Common Mistakes

7 Feb

Before we present our framework, it is important to discuss the biggest mistakes that companies make when creating a BCP, as we wish to consider all previous findings in our final post(s).

As presented in this article by Dan Carson and Brian Zawada, the 10 most common mistakes where BCP is concerned are the following:

Over-reliance
This is essentially companies placing too much weight in the BCP they create. Without regular reviews and tests, they can easily become out-of-date, and employees must be constantly trained. It is not enough to simply rely on a plan in theory; it must work in practice also.

Scope
This is a problem that has become common in more recent times. It has become apparent that BCP must not only consider IT and IS, but also consider normal business practices as well. There is certainly a need for board-level involvement with regards to these business processes (Swartz et.al, 2003).

Prioritization
It’s important that all the aforementioned business processes are prioritized accordingly. It is senior management’s responsibility to ensure this is completed when putting together a BCP.

Plan Update
This is something I have already discussed in previous posts. It is essential to constantly retool and update BCP as they can become irrelevant as conditions change.

Ownership
This involves delegating responsibility of control of a BCP to a person who can correctly manage and control.

Communication
This is imperative, particularly during the recovery process, as those involved must be constantly updated as the process develops.

Security
Not taking security into account often leads to exposure to certain risks that could make the situation worse.

PR
The public reaction is often important, and they must be communicated with in an effective way so as to avoid developing a bad reputation.

Insurance
Some companies fail to accommodate accordingly for insurance needs, which is extremely important when considering possible disasters and incidents.

Service Evaluation
Without proper assessment of recovery products (such as software) a company may not be able to deal with the situation adequately.

Keeping all of these mistakes in mind, we must also consider all that has been previously discussed. Many of the above issues relate to the main areas of a BCP, something that has been posted by sully1210 previously. For example, leadership is a governance issue, and a standard by which BCP tests are measured. Over reliance also feeds into a post in which I mentioned a paper written by David Tickner, who highlights the pitfalls of over-relying on a BCP.

It is our intention to consider everything that has been discussed up to this point in our final post(s), and ensure that an adequate framework for analysing a BCP is created.

Dan Carson and Brian Zawada (1999) Ten Common Business Continuity Planning Mistakes The Trusted Professional http://www.prescientsolutions.com/2013/01/09/three-biggest-myths-about-business-continuity-planning/

David Tickner Test the organisation, not just the plan http://www.bcm2012.com/papers/StreamA/6TesttheorganisationDavidTickner.pdf

Ethne Swartz, Dominic Elliott and Brahim Herbane (2003) “Greater Than the Sum of it’s Parts: Business Continuity in the UK Fincance Sector” Risk Management: An International Journal

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: