Implementing BCM within different types of organization is not an easy task. It never has been and never will be. The complexity of organizations, the internal and external environments, and the threat and risk topologies among other factors contribute to BCM becoming more important and more complex. A lot depends on it and the various stakeholders keep raising their requirements and expectations related to BCM programs.
As the shape and features of organization-wide BCM disciplines started to formalize, the BCM industry was creative in designing solutions to help organizations manage their BCM demands. Among these creations was specialized BCM software, which is almost mandatory for the success of BCM programs.
As mentioned earlier, the complexity of BCM programs is continuously increasing due to different internal and external factors. Among the challenges that were previously causing headaches and utilizing a large portion of the resources of BCM professionals were the issues related to data gathering, reviewing, and validation. Related to this, there were issues concerning the version control of plans as well as the update and maintenance process for the numerous BCM documents. There were also issues of data integrity and access control. On a similar level, reporting on BCM program components was getting more complex and varied.
In the early days, organizations relied on using office productivity suites and applications like word processing, spreadsheets, and simple databases to collect and store BCM data. It was enough at that time but had some major drawbacks that have prevented them from ultimately being adopted. These drawbacks centered on the problem of ensuring updated documents were actually delivered to the users as well as the issues of accessibility, ease of use, ease of reporting, and audit trails of the data and documents.
The issues were not only related to data and documentation. There were demands to enhance the capabilities of the organization to manage crises and focus experienced resources on analysis rather than performing repetitive and less important tasks. Related to these needs were the emergency notification and emergency communication solutions. This was a new area for producing software to provide help to BCM professionals.
Modern BCM programs need integrated platforms to manage all the activities related to BCM programs before, after, and during disasters. These platforms provide the capabilities to manage data, documentation, reporting, incident management, and notifications and emergency communications. The existence and deployment of such platforms will enhance the activities of BCM programs in a way that benefits the organization and achieves the best utilization of resources.
The main objective of deploying BCM software is to enhance the activities related to BCM and help in the proper implementation of BCM polices, frameworks, and plans. Not the other way around. Thus, having all of these components in place before deciding on the software needed is highly recommended. Following this approach would implement the aforementioned objective. Selecting and deploying the software at the beginning might be a waste of resources as the BCM requirements for the organization will probably not have been formalized yet. It might also force the BCM program and its activities to accommodate the software’s capabilities thus limiting it instead of enabling and enhancing the program.
Once the software is deployed with all the required features and modules, its contribution to the BCM life cycle occurs in almost all the phases, starting from the BIA and risk assessment phases, to BCM strategy and RTPs, the implementation and documentation of plans, testing, update, and training and awareness.
It is worth mentioning that the BCM software offerings from vendors have grown in maturity and functionality. The software that is sought should be suitable for the various tasks and activities in BCM. It is beyond our scope to discuss the availability of such software. The focus is on how the software can be utilized within the various phases and stages of the BCM life cycle.
Originally, BCM software started to offer its unique contributions in this phase. Doing the BIA and risk assessment properly was exhausting and tedious. The management overhead of the BIA and risk assessment alone can sometimes become more than the effort put into the process itself.
Within the BIA process, the BCM software can be utilized to send questionnaires or requests to enter the data. Once the data are entered into the system, the system can enforce a review and validation process by sending the data provided to different levels of management to approve the requirements. It sounds like something that would be done by the BCM professional. This is correct, but this time it is done automatically in a predefined process. It will spare the BCM professionals’ precious resources in doing follow-ups and reminding others to complete the tasks required of them. Once the review and validation process is done, the software can help significantly in conducting the analysis and providing the final requirements according to the data provided. It can also perform complex calculations related to the impacts and effects of disasters on the organization.
In the risk and threat assessment phase, the BCM software can link to the critical aspects as defined in the BIA and profile their relevant threats and risks. The BCM software can act as a risk register against these threats and risks. It can also be used significantly in reporting and stress-testing the results of threat and risk assessment for different stakeholders.
BCM software’s help in BIA and threat and risk assessment is highly effective in releasing precious resources in terms of time and effort, as well as cost. It can also help in providing more accurate results in shorter times. All these benefits also come with a proper audit trail that can be a good reference for BCM audits.
In this phase of the BCM life cycle, the BCM software can provide a good reference and tracking module for the creation of the RTPs. This is its main usage in this phase. BCM strategy creation has little, if any, interaction with the BCM software. BCM strategy relies heavily on human interaction and understanding and other complex and hard-to-enumerate judgments and decisions.
Going back to the RTPs, the BCM software can help in stress-testing a plan to reach the desired level of threat and risk exposure. It can also help in reporting and presenting the results to different stakeholders.
As with the BIA and risk and threat assessment phases, the BCM software can hugely benefit the organization and the BCM professionals in this phase. The benefits are divided into three main modules, or streams:
The BCM plans should be documented and circulated to the relevant stakeholders. They should also be updated and accessible in a relatively easy manner. The BCM software can help significantly in this by having the plans stored in a central location where the relevant users of the software can access and view their plans and start actions accordingly.
In addition to being the single resource of the BCM plans, the BCM software can also provide reports on the progress of implementation and can bring the areas that are deviating from the recovery process to the attention of management in order to resolve the issues and get the recovery process back on track.
With the increasing adoption of mobile computing in the form of smart phones and tablet computers, there are software packages that can push the latest version of the plans to the employees’ smart phones and tablets, which releases the employees from the hassle of accessing the software and triggers them to perform the tasks in quicker manner.
This is the most critical phase of implementing the BCM plans as it enables the organization to take control over the course of events of the disaster. The BCM software can automate many of the crisis management tasks and can save precious time. The main input will be the CMP. The software can provide an instant dashboard of the crisis management process with sufficient information for the crisis management team and the top management to steer and direct the crisis management process as circumstances arise. Having all this information in single consistent view enables management to detect any problems and issues with the crisis management process and triggers their attention to resolve these issues and problems.
Notification and communication
This is an integral part of the BCM response to disaster. Being vital to the success of the crisis management and recovery processes, failures in doing it properly can truly undermine these processes and expose the organization to severe impacts and effects.
Notification and communication software is very effective in the management of the mass, or group, communication process with a high level of accuracy and short timescales. By using this, the organization can engage and activate many teams and groups in parallel tasks and thus make the crisis management and recovery processes swift and agile. Changes, updates, resolutions, and announcements can be dispatched to the relevant groups using many channels; e-mails, voice, short messages, Internet feeds, etc. The software can also provide an instant dashboard showing the activities and acknowledgements from recipients of messages and the progress of the notification process.
Within the testing of the BCM plans and other relevant plans, the BCM software can be utilized in two ways. The first is that it can be used as a reference for the testing process against the devised plans. The second utilization is that it can be used as a test tracking and reporting engine by providing numerous pieces of information on the test to various stakeholders.
The BCM software can be used as a focal point for the organization to obtain the information relevant to business continuity. The software can be used within the training programs as the tool to be utilized and referred to if disasters occur. It can also take part in the awareness process as it can be accessed by different teams so they can receive information related to BCM as they are using the system.
There are numerous vendors today offering software branded as a BCM solution. When acquiring such a system, the organization should understand that there can hardly be one solution to all its BCM tasks. In most cases, there will need to be more than one system to cover all of the requirements. The organization should determine to what extent it wants the BCM software to be utilized. Regardless of the function the system is to perform, effective systems should possess a set of desirable features. Some of these features are technical and some of them are related to design and usability aspects.
Effective BCM software should be easy to use for average users. It should provide a logical sequence of tasks and should allow the users to navigate easily through the different functions. The software should also provide intuitive wizards as well as sufficient help and guides without the fillers of technical jargon. Charts and visual effects are also desirable features that make the software friendlier to users.
Being easy to use should also accompany the feature of simplicity. By simple we mean conducting the required tasks with as few steps as possible. Simplicity also implies delivering the required information without auxiliary and meaningless pieces of information.
Consistent with simplicity, the BCM software should also provide rich information and meaningful data to the end-user in order to perform a task. The BCM software should accommodate all the required data and deliver it to the user when needed.
BCM software should possess a sufficient degree of customization at both the data level and the functionality level. The customization need not be done by the vendors themselves but it should also be doable by the administrators of the software. Customization is an important feature to enable the software to adapt to changing requirements and environments.
BCM software is not an isolated system. On the contrary, it should integrate with other systems via interfaces and messages to exchange information in a way that provides better functionality, generates more accurate results, and relieves the user from some of the administration overhead related to importing and exporting data or performing tedious manual tasks.
The scalability of BCM software lies on two levels; its ability to digest increasing data and more users and its ability to offer a platform to accommodate other specialized modules like the ones related to notification and crisis management. Scalability is an important feature as it helps in reducing the integration issues between different systems, thus offering smoother operations and easier integration as well as serving more users and growing along with the organization. Scalability also helps to protect the investment made in the software.
BCM software should provide different roles within its functionalities to match standards and best practices as well as the organization’s BCM model. These different roles can be matched to the various users and allow them to operate different roles within the software.
BCM software should be easy to access. In fact, almost all current offerings of BCM software are Web based. It can be accessed from virtually anywhere within its network. With integration to the adopted enterprise authentication platform, BCM software can be accessible with a single sign-on, minimizing some of the administration overhead in creating and maintaining the software’s authentication information.
For audit and tracking purposes, BCM software should have an audit trail containing information about the actions performed and the users who performed them with time and date stamps. The audit trails should be protected against unauthorized view, deletion, and removal.
BCM software should be backed up by a proper maintenance and support agreement. If the software has crisis management and notification modules, getting 24/7 support is highly recommended, with a detailed escalation procedure and service-level agreement (SLA) including resolution times and types of exclusion, if any.
After selecting suitable BCM software, the organization should plan for the deployment process. This is not an easy task and requires careful planning.
As is the case with any other software, deploying BCM software should start with the proper preparation of requirements, covering both technical and functional areas.
The BCM software should be compatible with the organization’s architecture and should support the BCM frameworks and processes, taking into consideration the aforementioned features. It is also recommended that the organization seeks external help from either consultants or other similar organizations who have already deployed and are using similar software.
After the preparation of requirements comes the step of choosing the right version. We mentioned before that it is preferable to have Web-based software. Most BCM software vendors offer two versions of the software: on-site installation and hosted versions. The on-site installation version is used where the organization installs the software on its infrastructure and servers. This is widely adopted as it offers the highest connectivity and accessibility levels for the software as well as integration with other systems and security. The drawbacks are that it has additional costs for servers and other preparations. In addition, it will be affected by wide-scale disasters along with other systems. It also needs additional maintenance and has administration overheads.
Whether the organization is changing the BCM software used or deploying a new installation, data should be prepared to be deployed and populated into the new system. In addition, data to be imported into the new system from other systems should also be prepared. Commonly, there are tools that can help in data migration and population and the organization should clarify that with the software vendor, if possible, as it is the expert for its own software and can provide the necessary help.
Before commencing operations using the BCM software, the organization should install a test environment for the software to explore its functionalities and perform the necessary customizations without affecting the existing BCM processes and data, especially before signing off the installation with the vendor.
The test environment can be populated with a copy of the prepared data that can be processed by a team comprising end-users and other stakeholders with different responsibilities and roles. The environment can also be tested against the integration requirements and under loading and usage that is close to real-life levels. The testing environment is very helpful in fixing the bugs associated with the software and can be helpful in performing the right customizations without the excessive cost of modifications and change requests after the software vendor has finished its assignment.
Now everything should be ready for the installation of the primary environment. Nevertheless, the installation of the primary environment should be done carefully as it will connect to real systems and real users and be populated with real data. The organization should work closely with the vendor to complete this task successfully.
The BCM software contains the plans and may provide extra functions like notifications and crisis management. Thus it is critical to ensure its availability as with other critical systems. It is recommended that you install another environment on the recovery site and create a mechanism for data and application synchronization between the primary and secondary environments.
Finishing the installation does not mean that the system will be always working smoothly. There may be some flaws and there may also be some changes and further customizations to be made. In that regard, and as mentioned below, the software should always be maintained and monitored to identify such flaws and changes. The software should be backed up by a solid support agreement indicating contact information, escalation procedures, and targeted resolution times.
In addition, there are often updates and upgrades offered by the vendors to correct bugs or to enhance the functionality. The proper maintenance and support process will keep these updates and upgrades reflected correctly on the environments installed in the organization.
3.15.22.202