Monthly newsletter Weekly news roundup Breaking news notification    

When planning, put people first…

Keith Pursall argues that paying more attention to the people who business continuity plans are aimed at will produce plans which are more effective in a crisis.

Business continuity plans are usually produced for a number of reasons – to ensure the survival of the business, to meet regulatory requirements, because the auditors say so etc. etc. Whatever the reasons, the end result is a set of procedures and arrangements geared to the successful recovery of the key business functions. These are usually documented (with or without the use of software) with a heavy emphasis on the IT systems required, external and internal contacts, and any alternative accommodation arrangements.
However, one aspect that is frequently overlooked is ‘the people factor’. In other words, those people who will have to use the plans when faced with an actual disaster situation.

One of the problems is the word ‘plan’. As soon as this is used, people start thinking of schedules, Gantt charts etc, and more often than not, the business continuity project proceeds from there through its various phases. Starting with a risk analysis, it progresses through business impact review and strategy selection to plan preparation and eventually to testing. But what about dealing with the disaster itself? How is the crisis going to be managed?

Before starting work on their plans business continuity managers should always ask themselves the following questions:
* When will the plans be used?
* How will the plans be used?
* Who will use the plans?

Answering these three questions will test the effectiveness of any plan and with it the organisation's ability to cope with a crisis.

When will the plans be used?
By their very nature business continuity plans will be used at a time of crisis; it is therefore important that they are designed to be effective in such scenarios. These are situations where people will be working in unfamiliar surroundings, experiencing all sorts of difficulties and almost inevitably under great pressure. All business continuity professionals should review their plans and ask themselves whether they are the sort of documents people would want to read in such traumatic circumstances. Or will they take one look at what appear to be wordy and incomprehensible documents and decide to ignore them altogether?
Because of the nature of the situation in which they will be used, any plans should be easy to read and easy to understand; and they should not be cluttered with any unnecessary information – business impact reports, risk matrices, inter-departmental memos etc.

How will the plans be used?
It is essential to think about how precisely the plans will be used. Are the plans to provide step-by-step instructions to be followed at the time of the disaster? Are they to be a source of comprehensive reference material? Or are they merely a specification of what is planned to happen, not to be used at the actual time? Or are they a combination of some or all of these? How will people use them? The answers to these questions will determine the type of plan that is produced.

Ideally, business continuity plans should form the solid basis for a successful recovery. In a disaster situation everyone needs to know exactly what to do. This means that each plan must be an ‘action document’ – providing clear instructions to each person involved.

Who will use the plans?
Who is going to read the plans? Business continuity managers? Departmental heads? IT specialists? Members of staff? Once again, the way in which these questions are answered will determine the structure and content of the plans. Too often plans are produced which try to be everything to everyone – these are invariably doomed to failure. It is impossible to produce a single document which provides everyone with everything they need, whilst at the same time remaining concise and easy to understand.

It is far better to produce documentation on the ‘need to know’ principle. Different people will need different information. In a disaster the chief executive's role will be very different from that of the IT manager. So why provide the chief executive with detailed technical information he/she does not need or, conversely, the IT manager with policy documents which will not be used?

Plans need to be modular and flexible to meet these differing requirements – not monolithic, unwieldy and, ultimately, not workable in a crisis situation. It takes a lot of time and resources to produce workable business continuity plans; therefore it must be worthwhile spending time on thinking about when, how and by whom they will be used.

Back from the future
One way to ensure that your efforts are not wasted is to start with the disaster itself and then work backwards. This can be achieved by running training sessions based on a simulated disaster and focusing the attendees' minds on the problems it causes. By starting with the crisis, they are immediately faced with deciding what they need to have in place to deal with it. This includes not only the procedures, information and alternative arrangements, but also making sure that the right people are in the right place at the right time! It is no good having your salvage team as the first people on the scene of the disaster, if the press and media are clamouring for a company statement.

In a disaster situation so much depends upon on how effectively people respond – how the chief executive handles the media, how the human resources department deals with staff problems and concerns, how the IT department recovers the computer systems. All the various back-up arrangements and technical solutions are important, but none of them will work without people. Surely, therefore, it makes sense to ‘put people first’ on your list of business continuity priorities?

Keith Pursall is managing director of Alkemi Limited.

Date: 13th June 2003 •Region: Worldwide •Type: Article •Topic: BC - plan development
Rate this article or make a comment - click here

Copyright 2005 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help