Alert & Declare: (877) 364-9393
Member Emergency Hotline
Emergency Hotline
Agility Recovery +

Resilience Is Good for Business

What has emerged from the organizational response to COVID is a greater focus on business resilience: not only attaining an understanding of it but also developing a desire to achieve it. With COVID, both leadership and staff saw firsthand that being resilient is good for business. Current risks, such as increased and extreme weather-related events and cybersecurity concerns, have companies looking at what made organizations more resilient during COVID and increasing their investment in resilience. Aon surveyed 800 C-suite leaders and senior executives. One of their main findings was that “ across industries, executives are reporting a greater willingness to address risk and make investments to build resiliency for the future .” A PwC survey of 2,800 business leaders found that 7 out of 10 organizations reported planning to increase their investment in building resilience ; among risk leaders, that number rises to 9 out of 10. But what is business resilience? The International Organization for Standardization (ISO) defines resilience as “the ability of an organization to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper.” In general, this is achieved by rapidly responding to business disruptions and crises and safeguarding people and assets while maintaining continuous business operations. Ernst & Young continues , “Enterprise resilience is a firm’s ability to respond to, recover from, and resume operations at acceptable levels of service to customers, clients, and counterparties through significant disruptions.” However, it is not just about crisis management or business continuity planning; it is also about foreseeing risks and mitigating them.

Beyond the ability to recover quickly from and respond to events, resilience enables organizations to both foresee upcoming threats and capitalize on opportunities.

Risk Resilience Report 2021, Marsh LLC

Attributes of Business Resilience

Components of resilience

Anticipate

Resilient companies anticipate threats. They know a crisis will come, and they prepare by looking for vulnerabilities and putting controls in place to mitigate negative impacts.

Prepare

Resilient organizations prepare for crises by conducting BIAs, creating all types of plans, and raising awareness of the plans through exercising and training.

Respond

Resilient organizations rapidly respond by continually communicating with all applicable stakeholders and utilizing actionable plans.

Adapt

Resilient organizations adapt by having plans that are flexible and that provide strategies to be able to quickly change course based on current conditions.

Learn

Resilient organizations continually learn from past incidents by reviewing and making changes in after-action assessments. During a longer-term incident, such as the pandemic, they assess during the incident and apply lessons earned in real time.

Operational Resilience

Operational resilience focuses on the organization’s ability to deliver its critical products and services. The Basel Committee on Banking Supervision, for example, defines operational resilience as “the ability of a bank to deliver critical operations through disruption.” A more vertical-agnostic definition is one by Protiviti, which defines operational resilience as the “ability of an organization to withstand adverse changes in its operating environment and continue the delivery of business services and economic functions.” Organizations can accomplish operational resilience by building resilience into processes and assets, such as within personnel, third-party service providers, communications, physical infrastructure (structure and recovery), data (backup and replication), power, cyber resilience, telecommunications, change management, and resumption of operations as built into the FFIEC BCM framework .

A More Holistic Program for Greater Business Resilience

Many reported that what made their COVID-19 response successful was breaking down silos and increasing collaboration. “Crises like the COVID-19 pandemic highlight the importance of effective collaboration for long-term commercial success,” states an article in the Harvard Business Review . Organizations are finding that there are inconsistencies and redundancies in plans and that teams are disjointed and less effective without collaboration. Companies also realized that all personnel were important in their success and concluded that business resilience must be an enterprise-wide effort. As a result, organizations are now looking to implement or enhance strategies to ensure these elements in the next crisis. The recent BCI survey on business continuity and resilience found that “COVID-19 continues to drive better interdepartmental collaboration as well as more effective industry collaboration.” This is reinforced by C-level executives surveyed by Deloitte regarding building a resilient organization, noting that “removing silos within our organization and focusing more on cross-functional collaboration was a top strategic action that CXOs were focused on both before and during 2020.” Build the foundation in the preparation phase. Promote collaboration and consistency by formalizing a resilience team, group, or department that brings together multi-risk and resilience disciplines. These disciplines can include crisis management, business continuity, disaster recovery, information security, emergency management, risk management, vendor management, and areas that support them, like human resources or security. Additionally, leadership must recognize that everyone in the organization is integral in a response; therefore, plans should consider individual and function, not just those deemed critical.

Business continuity management (BCM) professionals face complex issues with today’s operational disruptions and external threats. The BCM professional must focus on risk mitigation from natural disasters to cyberattacks. This article reviews the critical focus areas that BCM professionals manage for success. This means moving beyond the typical IT issues. You’ll get tips on non-technical operational recovery areas too.

Business Continuity Management

Every enterprise has determined the structure of how they want business continuity managed. The funding tends to follow this structure. Regardless of who owns business continuity, the process starts with a business impact analysis (BIA). The purpose of the BIA is to map the critical functions of an enterprise. It analyzes potential disruptions, their effects on systems, and the associated costs. The first step is identifying what is worth protecting.

Value Worth Protecting

Every enterprise has inherent value that is worth protecting. These values are often overlooked. They seldom get proper coverage in the business continuity plan. To play it safe, make a list of the fundamental corporate values, including:

  • Staff
  • Clients
  • Vendors
  • Operations
  • Profits
  • Brand
  • Key products
  • The secret sauce
  • And more

Anything you determine is a valued asset needs some form of protection. In some companies, specific roles are critical to a company’s future success. You may list a mission-critical application or system necessary to your company’s continuity.

Identify Potential Threats

A list of threats seems to get larger each year with new pandemics and internet hackers. The key is to make a list that focuses on how each threat impacts different values. This step needs care in balancing speculation with research. Some of the more common potential threats include:

If you don’t know how a valued asset or function gets impacted, you won’t determine how to protect it.

Prioritize Protection Coverage

The assets or functions must be prioritized for action. The higher the priority, the greater the budget. To establish a basis:

  1. Consider the asset or function’s value
  2. Consider the company’s need for recovery should a risk event happen
  3. Document this step for easy access when mapping out your business continuity plan

You can also rank valued assets and functions by short-term and long-term perspectives. Your priorities must set specific actions in place for both sets of circumstances. A catastrophic company event can occur in a few minutes or over months.

Business Continuity Plan

It is a tragedy when business continuity plans turn into a shelved report. Instead, consider the plan as a living document. This type of plan is often gets updated with the latest information. The value of assets can change. Executives might move the company in a new direction. Functions may vary due to business streamlining or consolidation. Response protocols might need change with the rotation of vendors. A new implementation of a system for handling conflict resolution might be added. With the participation of many departments, the document must remain fluid and current.

Staff Assignments

To reduce risk and increase recovery, key employees must hold specific responsibilities. The participants in each department must know what to do, when to do it, and how. Planned reviews or practice dates are critical for your business continuity response team. The plan must list the duties of each participating employee based on any given risk event. Speed to take action is critical for losses or damages on operations, finances, and reputation. Employees must enact change upon an incident before it becomes a real problem. Support from senior staff is critical to keep employees accountable for their roles. The employees will need business continuity and recovery training. Trainees should receive a grade for situational performance criteria on their employee review.

Risk Mitigation

The best way to mitigate risk is to regularly monitor all critical areas of the continuity plan. This might include cross-training employees on essential departmental functions. Also, conduct periodic risk assessments of the company’s operations and environment. Another form of risk management includes preventative measures. For instance, you might want to have a secondary location available for certain activities. Having several vendors or operational redundancies can also reduce risk factors. The goal is to find ways of reducing or removing risk. You can also learn at what level executives are willing to accept a loss. This knowledge will empower you to make quick decisions during a catastrophic event.

Recovery Strategy

There is not a large enough budget to plan for every eventuality. But you can prepare for the top three or four that your industry might face. Some common ones include the loss of:

  • Employee availability due to health issues, storms, or strikes
  • Building access due to damages, chemicals, or outages
  • Supply chain due to strikes, errors, or vendor issues
  • Technology due to cyberattacks, outages, or vendors

You’ll have to determine what phases of your business recovery strategy you put in place.

Test Continuity Plan

Plans are worthless unless they’re tested and proven viable. The business continuity plan testing process also helps you spot gaps and performance issues in your program. You should test all aspects of the plan . This includes the activities of your business continuity response team. Testing will reveal how vital each recovery factor is to the company. It will also clarify what level of incident requires specific actions, compared to employees using common sense. Not all problems are about business continuity. The key is making sure you have clear and well-understood event management protocols. Take time to determine how the internal and external communications will get initiated. You can base the timing and amount of communication on the level of impact assessed. The impact can also determine who receives communications. This might include shareholders, stakeholders, managers, customers, and others. Crisis communication management should include an escalation and dissemination structure. Internal communications work best when handled in groups or teams. External communication should go through a predetermined network familiar with the company.

Improving Business Continuity

Business continuity is a process that takes consistent effort to protect company assets and functions. A business impact analysis is critical to ensure all activities mitigate risk. But a recovery plan can fall short unless the participating employees test it. Your employees will show remarkable resilience in mitigating a crisis by following continuity management guidelines. To learn about the trends of BCM, check out our latest blog posts for similar information. If you have questions, feel free to contact us.

Why ROI (Return on Investment)?

Business continuity professionals are often asked what the return on investment – or ROI – of business continuity really is. Is it worth the investment, both time and money? If you have no business continuity plan in place when a disruptive incident occurs, but your biggest competitor responds to the incident effectively using their own business continuity plan, how will that impact your bottom line and customer base?

On average, each minute of IT downtime costs $8,850 (Ponemon Institute, 2014) – not to mention downstream reputational damage.

Business continuity is more than just a line item in your organization’s budget. It’s a lifeline for when – not if – an incident occurs, whether it’s a natural disaster or cyberattack . A business continuity plan means that you will be able to maintain organizational resilience and continue operations, preventing a costly interruption that can damage your company’s bottom line as well as its reputation. Business continuity software and planning automates and streamlines the process, making reporting easy and saving your organization the time it usually takes to prepare a plan from scratch and collect and report on data.

Why Do We Need Business Continuity Software?

Drive Efficiency with Automation and Reporting

Without automation, one person may be required to chase down information, statuses, and updates. During an incident, different departments will try to access different resources, lengthening your downtime and costing you revenue if there isn’t a plan in place that automatically prioritizes resources. Implementing BC software means you won’t have to spend hours collecting data for an exam or presentation; it’ll be at your fingertips. You can easily consolidate data and show ROI in both time and data collected to different stakeholders. Show which departments have completed tasks, outstanding tasks, and recovery time objective (RTO) timelines, and quickly and easily make tweaks in your plan that will be standard for all users.

Easily Maintain Accurate Data and Form an Effective Plan

You shouldn’t focus on gathering data. Instead, focus on analyzing and figuring out which products and services are highest priority to your business. Instead of focusing on making a plan, focus on creating an effective program.

Insights from Other Companies

Organizations around the globe are increasingly recognizing the need for business continuity planning:

  • 84% have discussed the value of organizational resilience (PWC Global Crisis Survey 2021)
  • 83% of organizations are performing longer-term trend analysis, and over half carry it out on a centralized basis (BSI Horizon Scan Report 2021)
  • 21% of organizations have a business continuity management (BCM) budget of more than $1M (2021 BCM Trends Report)
  • 25% of respondents anticipate hiring personnel dedicated to business continuity planning (BCP) in 2021, up from 14% in 2018 (2021 BCM Trends Report)

Prevent Downtime and Save Money

The average cost of an interruption could range anywhere from hundreds of thousands to millions of dollars. Many businesses can’t afford to recovery from such an incident; in fact, 40-60% of small businesses don’t reopen following a disaster (FEMA, 2016). Disruptions cost large companies $184M a year on average (Interos Annual Global Supply Chain Report 2021). Business continuity software and planning heavily mitigate the cost of an itnerruption. With BC planning in place, your organization will be able to maintain resilience and continue operations, rather than lose thousands of dollars during each minute of downtime (NAVEX Global 2021 Definitive Risk & Compliance Benchmark Report). The cost of natural disasters is high, according to the Allianz Risk Barometer 2019:

Data breaches, technology downtime, and supply chain disruptions add to the mounting costs of not maintaining continuity.

Tabletop Exercises

Even for an expert, creating a 50-slide tabletop exercise from scratch may take more than 20 hours – time better spent on other pressing tasks. Agility’s tabletop exercises take just two hours to run, saving you at least 18 hours – and you can choose from dozens of scenarios.

As any BC professional will tell you, a company’s business continuity plan should not be static; it should be reviewed, tested, and optimized to ensure it is fit for purpose when a threat arises. In 2021, the continuation and unpredictability of COVID-19 and the emergence of more extreme weather events and supply chain issues highlight the importance of having a solid business continuity strategy and plan to mitigate business risk. Closing out 2021 and going into 2022, it’s crucial to reflect on how well your business prevented, responded to, and recovered from the prior year’s events and update plans accordingly.

The Importance of Updating Your Business Continuity Plan

Failing to update your business continuity plan is a bit like keeping an old fire escape route posted after renovating the building. It’s not relevant, and following it will likely result in poor outcomes. The pandemic was a catalyst for many companies to invest time and resources into business continuity planning. According to The Future of Business Continuity & Resilience Report 2021 , published by the Business Continuity Institute (BCI), seventy-nine percent of respondents stated that the appreciation of resilience rose in their organization due to the pandemic. Both high-level business leaders and team members were able to see the impact that a solid plan (or lack thereof) has on their organization.

Known threats evolve; new threats emerge

Threats are changing every day. A new cybersecurity risk will arise, or another Covid variant like Delta or Omicron will emerge. While it’s impossible to predict and plan for every change or eventuality, there are new trends that appeared in the past year that you’ll now need to consider. One example is the trend toward work-from-home/remote work. While many WFH policies were successful as a crisis management strategy, the BCI report states that ninety-four percent of respondents say that some, most, or all staff want to work from home for a proportion of time post-pandemic. This new trend will become standard for many organizations’ business operations. Still, it creates other risks to address around IT security and backup power and communications.

Updating your BC plan to protect your business

In the BCI’s Crisis Management Report 2021 , survey findings report that thirty-three percent of organizations had a crisis plan before the pandemic that was ineffective in dealing with Covid. Of these respondents, three-quarters could create a new program or modify current plans to make them relevant to COVID-19. Updating your plan will ensure that it is relevant to changing circumstances, allowing you to speed time to recovery, which can help your organization gain or maintain a competitive advantage or, at the very least, lessen the negative financial and operational impacts. You’ll want to review how effective your previous plan was on macro and micro levels, thinking about both world events and risks specific to your industry or business. Some key questions to ask while updating your plan are:

  • – What is practical to keep in our business continuity plan?
  • – Is there anything that is no longer relevant?
  • – Is our plan too rigid or vague?
  • – Is the company using new technology or vendors? Have we completed our due diligence on their BC strategies?
  • – Did the company have significant changes to business processes or personnel?
  • – Have company goals or priorities changed?

While the momentum BC has gained in recent years is encouraging, the effort can’t stop just because the world is going into its third pandemic year. Enterprise business continuity plans must be forward-thinking to prepare for the next threat on the horizon.

How Frequently Should Your Business Continuity Plan Be Updated?

How frequently you update your BCP will depend on your industry and individual company purpose, operations, and risk profile. As a baseline, companies should review their plans for critical operations as needed or every six months and all other plans at least every year. On top of completing regularly scheduled reviews, you’ll want to update your business continuity plan if any of the following occur:

  • – There are significant changes to the operations of your business. Examples include personnel/ownership changes, new vendors, new technology, changing operational processes/policies, etc. These are likely to come to light when completing a business impact analysis.
  • – A testing exercise highlights a gap in your business continuity management.
  • – Learnings from real-world experience.

Any time you update your plan, ensure you communicate changes and provide necessary training to appropriate stakeholders and key personnel. Improving awareness will increase the odds of proper execution.

Lessons Learned In 2021 To Incorporate Into Your 2022 Business Continuity Plans

Throughout 2021, several threats and trends emerged. These threats and shifts include the COVID-19 virus, work-from-home policies, supply chain management, and the immediate and lasting effects of extreme weather. You should consider keeping or adding these to your 2022 business continuity plan if they’re relevant to your business.

COVID Continues

We’ve learned a lot about the COVID-19 virus and how to respond. However, the virus and the world’s handling of the pandemic will continue to evolve. It is likely that more variants, like Omicron, will emerge, which could once again affect the workplace, workforce, and supply chains despite a vaccine. Luckily, most organizations have learned from the last two years of the COVID crisis and will optimize those lessons in their 2022 BC strategy and apply certain concepts to other threats as well.

Working From Home Is Likely To Stay

Some form of remote work is the new norm for many organizations. In the 2021 BCI survey, over thirty-six percent of members state they plan to incorporate it as an option into their BC response. There are important considerations for your organization’s 2022 BC plan now that WFH is not temporary :

  • Is your technology and disaster recovery plan resilient enough to prevent and respond to cybersecurity threats and data loss outside your office workplace?
  • Does your BC plan include health and safety standards for homeworkers?
  • Are staff well-being and mental health a part of your BC plan?

Supply Chain Resilience Is Key

Supply chains were heavily affected in 2021 due to weather, pandemic, and world economies. Remember the disruption that occurred when a container ship blocked the Suez Canal for six days, which cost an estimated $6-10 billion in global trade? Or what about the bottlenecks at the Ports of Los Angeles and Long Beach caused by an increase in demand for imports, alongside labor shortages, workplace restrictions, and infrastructure challenges? As supply chains have the potential to generate staggering disruptions, you should ensure your manufacturers and distributors also have a business continuity plan. You might want to consider backup vendors and alternate material sources. We published an article on Supply Chain & Third-Party Vendor Resilience that shares best practices to add to your 2022 plan.

Crisis Management & Resilience for Extreme Weather

To say that weather events were unpredictable might be the understatement of the year. In 2021, businesses and their employees had to endure record extreme weather events that had both immediate and lasting consequences. Nearly every month in 2021 had an unanticipated weather event:

  • Record cold temperatures and snowfall leading to the Texan Power Outage
  • Heatwaves and drought leading to sprawling wildfires across the globe
  • Summer flooding in Western Europe and central China
  • Devastating hurricanes across the Southeastern United States
  • Catastrophic tornadoes in the Midwest in December

In 2022, companies should ensure their supply chains and workplaces are ready to endure severe weather. As mentioned above, don’t forget to consider homeworkers when planning for weather resilience, especially if abandoning more traditional BC work area recovery sites in favor of WFH strategies.

How To Update Your BCP

If you don’t have a business continuity plan at all, this blog post on Business Continuity Planning Do’s and Don’ts is a good introduction. Going into 2022, here are a few important reminders for updating your BCP:

  • Perform a business impact analysis to gauge how threats to your business have changed since last year. Prioritize the most significant risks to your business for the upcoming plan timeframe
  • Adopt a centralized or hybrid approach for a greater chance of success. Avoid bottlenecks and silos by getting rid of purely regional or departmental-based plans.
  • Remember that people are typically an organization’s greatest asset. Use a people-first approach (burnout and lack of engagement are business risks).
  • If you haven’t before, involve the board and senior management in the process to get buy-in, increase awareness of business continuity’s importance, and better develop a centralized approach.
  • Focus on being agile and adaptive – your BCP should not be too rigid or vague.
  • Include communications and PR strategies in your plan to respond quickly and manage your reputation.
  • Ensure you have the right BC leaders in place to execute your business continuity plan and adapt if necessary.

Getting Your 2022 BC Plan Started

Prepare your business for whatever 2022 throws its way. Agility Planner is an excellent place to start if you need help preparing your business continuity plan for 2022. Our software solutions provide step-by-step guidance to build your plan and simple, actionable steps to execute. Contact our team to learn how our business continuity planning solutions will streamline, simplify, and support your organization’s business continuity management.

Our recent Business Resilience & Insights Report delves into some of the top trends in the business continuity landscape. Supply chain and vendor management has become a critical component in operational resilience as many organizations depend on critical vendors to perform or support crucial operations. A disruption in the delivery of those services can directly impact a company’s resilience and, on average, costs a large company $184 million a year. Supply chain disruptions also hurt companies’ reputations; 83% of companies reported that their firms have suffered reputational damage after a disruption.

President Biden recently issued an executive order designed to strengthen the resilience of America’s supply chain.

More resilient supply chains are secure and diverse — facilitating greater domestic production, a range of supply, built-in redundancies, adequate stockpiles, safe and secure digital networks, and a world-class American manufacturing base and workforce.
President Joe Biden, Executive Order on America’s Supply Chains

While the order directs some federal agencies to review existing supply chains and make recommendations to resolve current and future issues, it reinforces the importance for all organizations to take a proactive, end-to-end approach to supply chain resilience requiring optimization along all touchpoints of the supplier-to-customer route.

Added Focus on Vendors’ BC Plans

Organizations are performing greater due diligence on suppliers’ BC arrangements – according to the BCI Supply Chain Resilience Report 2021, 75% of organizations are ensuring their key suppliers have plans in place. During 2020, organizations performed greater levels of due diligence at the procurement stage of supplier relationships, with 38% now reporting BC checks are an integral part of the procurement process.

Though this trend was already beginning, the pandemic had a significant impact. Forty-nine percent of respondents reported management is “much more committed” to managing supply chain risk as a result of COVID-19. And according to Capgemini’s Fast Forward report, more than 80% of organizations were negatively impacted by the pandemic, with major supply chain repercussions:

  • – 74% faced a shortage of critical parts or materials
  • – 74% saw delayed shipments and longer lead times
  • – 69% faced difficulties in supply planning due to a lack of information from their suppliers
  • – 69% had trouble quickly scaling production up and down

After these significant disruptions, 55% of organizations report taking three to six months to recover, with 13% expecting recovery to take six to 12 months. These are strong signals to companies of any size and industry to reexamine relationships with suppliers and ways to build resilience within supply chains.

Ways to Increase Supply Chain Resilience

Although companies must be mindful of budgets, certain changes in operations can help to increase supply chain resilience without adding significant costs, depending on the industry. Here are just a few:

  • – Reevaluate sourcing and shift from “just-in-time” sourcing
  • – Build redundancy
  • – Shift to direct-to-consumer marketing to meet customer demand
  • – Create new revenue sources
  • – Increase visibility across the entire supply chain
  • – Shift to ecommerce
  • – Diversify your supply chain
  • – Create plans that take into account a range of possible disruptions, including:
    • Pandemics
    • Environmental change or natural disasters
    • Civil unrest
    • Regulatory changes
    • Fraud
    • Theft
    • Cyberattacks
  • – Evaluate and closely manage your vendors and suppliers (more on that below)

Best Practices to Help Regularly Assess Your Suppliers

1. Shortlist your top critical vendors.

Which vendors and suppliers does your company rely on most heavily? Those are the ones from who you should request business continuity documents in order to ensure that they, too, will maintain continuity in the face of disruption.

2. Engage with them and provide a self-assessment questionnaire or other methods to assess their susceptibility to multiple event scenarios.

These vendors should consider the same risks outlined in your organization's internal BCP(s). Ask vendors which types of disasters they've dealt with in the past and whether they recovered successfully. Just like your own company, these suppliers must have plans for many different types of unforeseen events.

3. Score your suppliers based on four essential elements.

Score suppliers based on planning (BCDR), physical recovery, approach to testing and exercising, and compliance with ISO 22302 standards.

4. Conduct scenario planning exercises and testing to ensure plans work as intended and recovery timelines are met.

Suppliers must be able to deploy their plans quickly in case of a disruption or disaster. Exercising and testing plans will help ensure that suppliers know their plans and are ready to execute them to maintain continuity. At Agility, we recommend making sure that your suppliers test their disaster recovery plans at least once a year. You can also invite suppliers to participate in your tests.

5. Regularly perform vendor due diligence.

Don't just check that vendors have everything in place when you first begin working together. Check in at least once a year to make sure that they are continuing to exercise, test, and adapt their plans based on changing threats and needs.

Read more about avoiding business disruption with supply chain resilience and maintaining operations.

Business continuity management software offers myriad benefits – rapid response to disasters, incident management, prioritization, reputation protection, and more. As new threats emerge, guidelines are revised, the needs of the organization change, and business continuity management evolves, those organizations using software will find it easier, more efficient, and more cost effective to revise their plans and programs to meet those demands as well as address and implement the various elements of BCM and crisis response. Software supports BCM frameworks and standards and focuses on making BCM easier for program managers and participants by providing things like BCM guidance, content, checklists, and templates, as well as tools for program management like tracking, monitoring, and reporting. Software also provides ways to make the program easier to maintain, like escalation and approval workflows, scheduling of alerts, reminders, and other system notifications. By adding automation to your data management, data collection and maintenance will be less time consuming and the data more reliable. Having reliable data when responding to a crisis is one of the key components of organizational resilience. As you build out your BCM software, keep these key points in mind.

What Can Business Continuity Management (BCM) Software Do for You?

  • Builds organizational resilience and eliminates duplicate efforts by being a single source for building and managing all resilience plans and activities for various teams and the areas that support those teams
  • Provides easier, more efficient, and reliable maintenance by utilizing a relational database and automated data uploads and integrations
  • Automates manual tasks such as triggering emails, approval processes, scheduling, assignments, follow-up, monitoring, and approval processes
  • Strengthens the BCM program through distributing the work, collaboration, and automated workflows
  • Provides easier program management and understanding of its effectiveness through program benchmarking, monitoring, and reporting
  • Schedules, executes, assigns, and monitors follow-up of exercises
  • Dynamically and more easily generates reports
  • Aids with audits through automated revision trails and documentation
  • Maps dependencies and interdependencies of processes, resources, functions, etc.
  • Activates incidents – have as many plans, scenarios, teams, and tasks as needed in one location for easier management and understanding of where you are in an incident
  • Creates automatic notifications and details who to contact and how for improved crisis communications
  • Removes the cost and resources of managing in-house solutions
  • Ensures easy and secure access and availability

Do:

  • Integrate multiple data feeds
  • Use your software in exercising
  • Train on BCM with your software
  • Build resilience and a stronger BCM program by distributing the work
  • Use your software to standardize your plans and program participation
  • Maintain and manage your program with software
  • Use your software to determine impacts and prioritize processes and resources
  • Use software to compare and analyze risks to determine the level of controls/treatment required and to ensure controls are enacted
  • Use to measure likelihood and impact
  • Use for plan activation
  • Use BCM software business continuity knowledge and expertise as an extension of your team
  • Use software to help mature your program and address compliance requirements

Key Takeaways of BCM Software

  • Beneficial no matter the approach, methodology, or maturity level; helps to mature BCM programs
  • Improves and builds a culture of resilience
  • More reliable data and easier upkeep to assist with the evolving BCM landscape
  • Plans are more accessible in a secure manner
  • Provides the tools and workflows for BCM and resilience program management, updating, and monitoring
  • Better crisis communications and ability to manage an incident
  • Business continuity intelligence
  • Makes plans more actionable
  • Single source for resilience

Achieving business continuity maturity presents its challenges: the volume of processes involved, the peculiarity of each business, organizational buy-in. However, the business benefits of establishing a mature business continuity program go beyond managing risk and complying with regulations, contributing to a company's unique value proposition, employee retention, and future success. Business resilience is becoming a higher priority for boards and senior management. An escalating complexity of cyberattacks, increased activity in natural and human-caused disasters , intricacy in processes and IT, reliance on third parties, data management—all these factors increase the chances for interruptions, making their impact more drastic.

Top Business Challenges in Responding to COVID-19

Disasters can happen to anyone, anywhere, which reiterates the importance for businesses to create, maintain, and test business continuity and incident management plans at least annually. Also, businesses need to have up-to-date pandemic business continuity plans that incorporate lessons learned over the past couple years. Many scientific community experts point to globalization as a driver for increasing odds of virus outbreaks in the future.

  • – The ability to respond quickly and effectively when working remote.
  • Cybersecurity issues due to employees working from home.
  • – Responding to simultaneous disruptions – the pandemic further complicated recovery efforts in the event of other business disruptions like natural disasters.
  • – Effective communication in a crisis.
  • Supporting the health and safety of employees. This finding may indicate that many businesses need to bolster their plans, testing, and BC tools to better support their people’s well-being going forward.
  • – Maintaining employee productivity and morale, which proves some companies are struggling with adapting to a work-from-home strategy.

Key Aspects of a Mature Business Continuity Model

In a continuously developing environment, the traditional reactive approach must be replaced by proactive, nimble methodologies . At Agility, we refer to a resilient approach that focuses on resilience planning, testing, and complete recovery . Resilient organizations establish alternative ways of servicing their clients as part of their business continuity and risk management strategy, including using recovery locations to provide critical business services when digital channels are down. A maturity model demonstrates if an organization can achieve continuous improvement. It explains whether a business is being stagnant and the processes that need to be revisited. Organizational growth is fueled by creating review or auditing processes that need to be applied regularly to business processes to evaluate their effectiveness, identify improvements, and implement them. Building our industry credibility is what led to creating our business continuity maturity model. We involved multiple stakeholders, customers, and prospects, analyzed our acquisition strategy, and conducted market research. A result is an impactful tool that presents a thought leadership stance, a clear and unified message with a customer-centric market approach.

Key Aspects of Mature Business Continuity Programs

Aspects  Resilient Approach Conventional Approach Administration/ Management • Direct involvement of c-suite in processes; • BC integrated into various business processes and metrics; • Continuous testing and reporting to drive improvement. • Role of senior management is reactive; • BC is not included in risk assessment or other metrics; • Compliance-type updates. Organizational Focus/Company Integration Cross-departmental assessment of the impact of disruption; • Streamlined communication; • Recognition of org interdependencies and critical assets (systems, data, processes, people). • Business units/departments are considered individually; • Communication silos. Risk Assessment and Testing • Regularly updated or new BI scenarios based on recent events and forward-looking risk assessment. • Generic BI scenarios on rotation across various departments with standard RTOs. Vendor Management/ Supply Chain • Involvement in and understanding of the third party BC processes. • No knowledge or communication with vendors regarding their resilience.

The Business Continuity Process Cycle

Establishing and maintaining the culture of preparedness in the organization is an ongoing process of improvement. The development and advancement of business continuity planning are based on new inputs, data, and findings from actual incident management and organizational response. Companies that have a central place for the incident history can manage future incidents more efficiently and incorporate this knowledge into their adaptable plans, which help them constantly improve their business continuity process. The business world has changed dramatically over the past 20 years, with the potential for disruption coming faster, more frequent, and more devastating at every turn. Climate change, cybersecurity, and workplace violence have all escalated in the past few years, and none of these were on the horizon 20 years ago. To help businesses quickly prioritize their business continuity process, we've pulled together more than three decades of knowledge and experiences over thousands of companies into a Modern Business Continuity Model. Agility has observed market and industry changes and can share this market knowledge and best practices with everyone in our community. It's the entire reason for our success and sustainability over the past 30 years. Not only can we help businesses deal with immediate incidents like the current pandemic, but we can help your organization take the best practices aggregated across numerous businesses and incorporate them into your plan. This is a unique benefit of our collective experience brought back to your organization. This feeds our mission, our entire business strategy, and is the very reason for our existence. Our team of experts, technicians, and industry professionals with thousands of recoveries under their belts continue to provide our clients and community with unmatched expertise and the knowledge that can't be acquired in any other way. We blend practical, innovational, and historical methods to address tomorrow's resilience challenges.

Your business is a continuously evolving entity. Different moving parts influence change, create an opportunity for progress, and support growth. When it comes to developing an enterprise business continuity plan (BCP), these moving parts need to mirror the changes. Whether change follows from workforce restructuring, acquisitions, or employee turnover, a BCP must be reviewed annually. However, regardless of plan reviews, some companies still overlook the most common glaring gaps in their BCPs that can lead to extensive losses. Having worked with hundreds of organizations and orchestrated a myriad of recoveries, our experts highlight the most common gaps in enterprise business continuity plans.

Unclear definition of disaster recovery success and planning by management

A cost-benefit analysis of business continuity can present its challenges.

Checklist doodle

The management may disregard a “what-if” scenario unless there are certain rules and regulations to be followed. What drives the decision-making of company leaders is based on solid financials that profit departments, stakeholders, and the bottom line. There’s always some uncertainty associated with executing an enterprise business continuity plan. However, benefits that result from BC planning efforts are everchanging and affect numerous departments and operations. That’s why it’s essential to provide managers with detailed analyses covering the impact of various business interruptions. Industry reports, such as Business Interruption Report, make a compelling case that will convince and encourage company leaders to implement a BCP.

Lack of enterprise business continuity testing and training

The limits of a business continuity plan and its processes often come to management’s attention only after a business interruption. Planning and training helps address the missing parts of the strategy. Whether it is a tabletop exercise or a simulation walk-through, testing business continuity allows you and your workforce to exercise how to approach an emergency situation. It also helps in finding gaps in the plan to address where it needs improvement. A common issue that we’ve seen over the years is businesses that have a plan, but don’t make it a priority to test regularly . Such neglect leaves your BCDR plan to get buried under more gratifying things such as profits. We recommend taking the time to thoroughly test your BCDR plan at least once a year to help you mitigate any risks before a disaster actually strikes.

Overview

Hurricane Ida hit the Louisiana coast in late August as a category 4 Atlantic hurricane. After Hurricane Katrina in 2005, Ida was the most damaging and intense hurricane to make landfall in Louisiana. Thirty-three people lost their lives in the state of Louisiana alone, most oil production along the Gulf Coast was shut down, and power outages resulting from the storm lasted for weeks. 

Hurricane Ida is the sixth most expensive hurricane on record and the fourth most expensive in the U.S. It caused at least $65.2 billion in damages, with $18 billion as insured losses in Louisiana. Many Agility customers were impacted, and the Agility Recovery Services team helped more than 60 organizations and their communities as they activated their coverage due to Hurricane Ida and the earlier Tropical Storm Henri. 

Hurricanes have impacts far beyond simple physical damage; they can knock essential services like oil refineries offline, causing a wave of problems that trickle down to every part of society. Oil and gas companies not only need backup power; they need backup power for their backup power.

Problem

After rarely having to use emergency backup generators, this oil and gas company – one of the largest in the U.S. – saw the largest disaster hit their refineries in decades. Hurricane Ida severely impacted two refineries on the Louisiana coast, knocking out power and limiting network communications. The refineries were directly supplying fuel and providing transportation efforts throughout the region including to local law enforcement, fire, and EMS. It was vital they remained online and operational.

Solution

Agility rapidly and simultaneously deployed eight generators ranging from 100kw to 2000kw, 1,950 feet of cabling, two fuel tanks, two satellite communications systems, multiple 4G LTE Cradlepoint devices, and computer equipment to ensure the refineries remained operational while the utility infrastructure was repaired and restored.  

Results

The company was able to continue with operations, providing fuel and other goods to the region. Additionally, they arranged for RVs, cots, food, and restroom facilities at the refineries for employees and their families to use in the event their homes were damaged or destroyed. Agility’s efforts contributed to powering those provisions. 

Impressed with the Agility team. Very receptive to any questions and team worked hard to get us all started.

-I/S Sourcing Manager

Thanks to the Agility team’s performance, the company is confident in us as their long-term recovery provider. Agility stepped up to the plate and delivered when it mattered most.

This week Agility welcomed a new member from the distribution industry that needed a generator solution to cover nearly 30 sites in more than a dozen states. Like most enterprise-level operations, this organization has backup power on site at many of its locations but knew that without a redundancy plan, its multi-million dollar operations were at risk.

After working with our team of experts, this beverage distributor discovered that Agility could not only meet the company’s needs by providing rapid, assured access to emergency generators and fuel but that our flexible deployment options would also save them money if even one of their distribution centers lost power over the next three years.

Whether your business has a backup generator on-site or depends on a local yard for emergency power restoration, Agility can build a risk-to-value pricing model that protects your operations and your bottom line. Connect with an Agility expert today to explore our end-to-end recovery solutions that keep your businesses running when no one else can.

Power Outage? We've Got You Covered.

Whether you lose power due to a hurricane, winter storm, or rolling blackout, nothing is more important than restoring operations and enabling critical staff to return to work. ​Let Agility keep you up and running.

Learn More