I have not always worked for a business continuity software vendor, although sometimes it seems that way. I became deeply involved in BCM (business continuity management) as a CIO, supporting services 24x7x365, and before that, I was vice president for a boutique risk consulting firm, where I relied on Excel or MS Access to build out plans. The larger the scope of work or size of the company, the more onerous managing and reporting on the data became. When I took the reins of the CIO, I had to see out a BCM solution to replace the substantial numbers of spreadsheets and documents centered on resiliency. To justify the expense, we looked at the time and effort in work hours and translated this to dollars. What was missing was the value of audit, tracking, and data analytics.
Since then, I have always looked to leverage a BCM solution for my employer or customers. Today, I am in the amazing position as the Lead Solutions Architect for a premier BCM provider, Infinite Blue. In my role, I assist prospects and clients on the journey through resilience and maturity for BCM.
How to sell a BCM solution to management
There have been innumerable times I come across a professional at a large company still using Excel. They are always looking for a way to justify a BCM solution. I learned in my role as CIO that cost savings is not the avenue to take, as the company sees the current efforts as a sunk cost. Instead, the value propositions need to resonate with leadership. Speak in the terms that reflect the focus leadership is attuned to. I have summarized the key areas that have been successful with leaders regarding implementing a BCM solution.
Key areas to focus on when selling a business continuity solution
- Operational Resilience
- Common Language and Process
- Operational Decision-Making
- External Audit
- Technology Resiliency and Disaster Recovery
- Institutional Knowledge Protection
- Data Protection
- Automation and Reduced Overhead
Operational resilience
At the core of a BCM platform is not only the creation of recovery plans but also the data, metrics, and gaps uncovered to ensure operational resiliency. By having an accurate enterprise-wide snapshot of resiliency and risk at any given point, one can mitigate gaps and identify the strategy and ability to execute.
A static plan and spreadsheets with free text fields are notoriously hard to maintain without the guardrails of a specialized relational database platform. A platform has the inherent ability to link different and complex data points and present outputs in an intuitively presentable and actionable format.
Common language and process
Risks come up all the time: in meetings, in conversations, during projects. Having a common language AND process to itemize those risks as a structured objective method, which also takes other risks’ association and rating into account, will allow for an institutionalized method to organize for actionable outcomes. A software that manages this process and facilitates the data and linkages is a significant source of administrative time-saving at scale and democratizes action/decision for self-governance.
Operational decision-making
When an organization scales through going public, mass growth, or acquisition, the demand for quick and data-based decision-making increases significantly. It is imperative to have sole source of authority for interactive, dynamic mapped data for accounts, resources, vendors, processes, and impacts to make data-based decisions, be able to support recommendations, and drive optimization. Real examples of where the BCM information provides the core data are: human capital management, vendor decisions based on process dependencies, application resiliency gaps, workload planning, revenue impacts, and clear communications and roles.
External audit
Regardless of whether a company is a public entity or within a regulated industry, an external audit will provide more scrutiny to BCP, their revisions, testing, and attestation. Boards expect to have a more robust internal process-based risk discussion, including human capital issues and process breakdown discussions as they relate to strategic roadblocks. The sheer number of touchpoints to keep every department’s information manually updated and linked is not realistically achievable and extremely hard to defend. The process of keeping BCPs up-to-date and receiving an attestation becomes unpredictable itself. Rather, an auditable trail with current information of plans with applicable attributes, is much easier to bring to audits or decision meetings and defend with data – reducing cycle time for frequent follow-ups. The sheer volume of your customers requesting vendor assessment, as they ensure their own resiliency, is already increasing at an exponential rate. Having the artifacts and responses within a platform reduces the internal effort, time, and cost needed for the influx of requests.
Technology resiliency and disaster recovery (DR)
Linking DR processes and their dependencies with business process overlay in an easy to consume manner is the cornerstone of prioritizing resources. Integration with your helpdesk software (CMDB) aligns updates and changes within recovery plans, ensuring plans remain current, relevant, and actionable. A BCM solution empowers a synchronized recovery platform that can dynamically track issues and time to completion for exercises and real-world events, as well as provides the foundation for post-exercise reporting. A platform also allows for the transition from traditional recovery into an Infrastructure as a Service recovery plan
Institutional knowledge protection
A relational BCM solution ensures common language and terminology within the guardrails of a relational database. These parameters help to preserve institutional knowledge within the organization because everyone follows a unified approach to data collection, making it universally available to ramp-up individuals shifting roles/coming in.
Data protection
It is quite common to have plans in a common share for the company. This is a liability in not isolating information on a need-to-know basis and creates the opportunity to wholesale or steal all the organization’s information on key processes and resources critical for security. This is notoriously hard to do with manual documents and spreadsheets but much easier to achieve with fit-for-purpose software that facilitates access and audit trails. In the event of an incident, there are not only direct impacts to reputational, strategic and operational harm but also disclosures and customer inquiries increase. It is highly desirable to have the resiliency plans themselves not be subject to the same exposure the incident might have caused.
Automation and reduced overhead
Integrations to applications like Workday, ServiceNow, and vendor management systems keep admin work overhead to a minimum and exponentially increase value to the core objective for resiliency. Running recurring resiliency and impact reports is automated and significantly easier. This (automation and value-driven work) is one of the primary methods to retain talent because they avoid administrative overhead for repeat/mundane tasks that would be prone to human error.
The goal is to provide those practitioners with the desire to mature their BCM program and transform from tactical to strategic in their planning and resiliency posture, using the key value points to create success for themselves and grow the organizational resilience of their own company.
To learn more ways to leverage your BCM tool, contact Chris Duffy.