Page 18 - TNR-V02N2
P. 18

Implementing the Professional Practices

        Sustaining Readiness: Business Continuity

        Plan Exercise, Assessment, and


        Maintenance                                                          By Cynthia Wenn, MA CBCP CBCA





                  aving assessed the risks, analyzed the impacts,   in the plan will be motivated to prepare for these events
                  written the plan, and trained the teams, Senior   by updating business process information. If you schedule
                  Management can become convinced that they     one minor exercise per business section, an annual major
        Hhave achieved a solid state of readiness. The          exercise, and an annual audit, it translates into three
        Business Continuity Professional knows better. DRII’s   major updates of the plan per year. Add in a method of
        Professional Practice #8 operationalizes the business   determining turnover in key business continuity roles and
        continuity plans and prevents them from becoming        your plan will continue to be relevant year after year. One
        inadequate, invalid, or incomplete. In this article, I will build   simple suggestion is to send a monthly business continuity
        on each of the professional roles to advance your business   management e-mail newsletter to everyone named in the
        continuity plan exercise, audit, and maintenance program.   plans. When an e-mail bounces back, you should follow up
                                                                with your other contacts in the unit for a staffing update.
        Professional Role 1: Establish an exercise/             When colleagues find themselves in a new role, they may
        test program                                            contact you to redirect the newsletter. Try to work with
        Tip #1: Start with a simple straightforward             your organization’s Project Management Office and other
        exercise                                                change managers to play an advisory role in meeting the
                                                                organization’s business continuity standards before new
        An effective exercise program allows the organization to   projects “go live”. The upfront time investment is much less
        learn to ‘walk before they run’. It is important that the type   when compared to working on plans and strategies after
        and scale of each exercise are in line with the organization’s   the project is operational.
        Business Continuity Management maturity. Participants
        should come away with a positive feeling from each      Professional Role 3: Identify appropriate
        exercise, having met a goal while recognizing that more   governance
        work is needed. A positive experience will support the   Tip #3 Balance Operational subject matter
        program by promoting future participation. The Business   expertise with Strategic awareness
        Continuity Professional should raise the bar over time as
        the skill set of the organization grows.                PP#8 indicates that the professional should “ensure
                                                                approval by the relevant organizational parties”. The trick
        DRII lists ten types of exercises in order of complexity   here is to determine what level will ensure that exercise
        (from life safety; to scenario-based tabletop; to fully-  and maintenance programs are adhered to and that the
        integrated exercise/test with both internal and external   plans are valid without miring the process in unnecessary
        dependencies) (DRII, 2017, PP#8 section 1.3.3).  Borrowing   approvals. For example, the scope and objectives for each
        from emergency management exercise program guidance     exercise should be approved by the most senior staff
        (such as Homeland Security Exercise and Evaluation      member participating in the exercise. Operational-level
        Program (HSEEP)), BCM professionals can use the building   exercises require operational-level approval.
        block approach each year by designing a series of exercises
        that share a common theme or threat. As your team       This balance can be preserved within the maintenance
        progresses through each level, their confidence, and their   programs by requiring annual BCP documents to be
        understanding of their role in the business continuity plan   approved at the operational level while a report card is
        will grow.                                              issued to senior strategic executives to track compliance
                                                                and boost awareness.
        Professional Role 2: Establish a plan
        maintenance program                                     Professional Role 4: Establish an audit
        Tip #2 Arrange to review and update                     process for the business continuity
        the plan just prior to audits and annual                program
        exercises                                               Tip #4 Embrace the Audit
                                                                Ideally, an audit should be conducted by an independent
        If the results of the exercise and audit are given the   3rd party to ensure objectivity. During the engagement
        appropriate attention by the organization, those involved




          18              Return to TOC                                True North RESILIENCE magazine - Fall 2023
   13   14   15   16   17   18   19   20   21   22   23