Organizations need to make BCM programs measurable to enable useful oversight and accountability. Too often, however, measuring BCM becomes unnecessarily complex, time-consuming and onerous, diverting resources and sapping engagement and commitment.
More importantly, the measurement process can evolve to focus increasingly on the implementation and management of the program, producing less actionable data that maximizes resilience.
How can you optimize and focus measuring your BCM program?
Put glibly to make a point, don’t measure the program. Measure the program’s result. Measure organizational resilience. The objective should be data that drives effective decision-making and meaningful positive change for enhanced resilience.
Of course, BCM programs can and should be measured to a reasonable extent, using quantitative criteria but avoiding marginally useful granularity. The majority of effort should be measuring resilience.
Here are some key measures you can include when measuring organizational resilience.
Each organization should subtract or add measures to align with organizational objectives and industry. All resilience measures should be quantitative, easy to compile and present in dashboards, laser-focused on quantifying resilience and identifying opportunities for resilience improvements.
Measuring resilience should be cost-effective and add to organizational value, not be a tedious, academic process.
Luck and quick thinking are great in all aspects of life, but they aren’t business recovery strategies or risk mitigations. A near miss event should be treated very seriously, not as a success, and as a warning to bolster training, revise business recovery plans and implement additional risk mitigations.
The painful reality is that our power utilities aren’t as reliable as we want to believe, and their facilities are vulnerable to attack. It’s time for organizations to actively mitigate and plan for disruptions of electricity and natural gas.
The most serious risk to your organization isn’t malware, supply chain disruption, pandemic or any other event. Ironically, your biggest risk is your inability to adequately recover from multiple simultaneous disruptions. In the past few years, business and society have adapted to various ‘new normals’, and one of those is disruptions layered one on another and another.