The ultimate measure of success for any Business Continuity programme is whether the solutions and outputs actually work in practice when required. I know from experience that many organisations create or devise materials, processes and techniques that are way more complicated than they need to be.

The problem is, the more complex something is, the more people you will lose along the way and the greater the risk of something going wrong. You are doomed to failure.

My business strapline includes the words ‘Simple and Effective’ because this is how I believe we should be thinking when undertaking our Business Continuity or Resilience work.

So here is my list of 10 aspects of your programme that you must not overcomplicate:-

  1. Plans – I do not want to see another 50+ page plan when actually the stuff that really matters can be presented on a single sheet and made device friendly so that people have it and can use it when required
  2. Jargon – forget trying to keep up with all the latest buzzwords or trends and stick to plain language that your people understand. Colleagues outside the Business Continuity Programme won’t have time in the middle of an incident to learn a new language
  3. Business Impact Analysis – I’ve seen some wickedly complex models for this stage but think about it. You want your organisation’s people to engage and support you which means they have to understand and see the sense in the process you are using as well as be able to appreciate how you arrived at the results. Completing a Business Impact Analysis does not need to involve endless questionnaires or workshops
  4. Governance Reporting – I was accused in one assignment of being a bit ‘black and white’ in my views – let me explain. The topic we were working on at the time was compliance or conversely, non-compliance with the organisation’s Business Continuity Standards. Once the standards are written and agreed everyone knows what’s required and how compliance is going to be measured so the status can only ever be compliant or non-compliant, black or white, green or red if you are using a heatmap approach. Messing about with degrees of compliance seems a waste of time to me because the aim is to be compliant so anything that is not, requires action – get on with it!
  5. Exercises – the temptation here is to put on an impressive show, after all it is one of the few chances Business Continuity managers get to show their senior team how good they are – the circus has come to town! Overly complex exercises can, and do, go wrong. Overly complex exercises also increase the chance of some participants feeling left out or bored for significant periods of time – they won’t be coming back next time. Agree and define your exercise objectives, and not too many – then focus on designing and running the exercise to meet them
  6. Testing – if your Business Continuity testing takes down the organisation by running into problems you are not going to be popular. Rather than ‘going for glory’ try a more iterative approach that builds confidence and proven capabilities. This way you can recover if things don’t go to plan. What I am saying is do not pull the plug on your primary datacentre to see what happens and hope you can find a way back
  7. IT Recovery Plans – as I said in point 1 above keep plans manageable but additionally for IT related plans make them easy to follow and use. If the language only means something to a single subject matter expert within the organisation no one else will be able to use them in their absence. Again, think practically and action based
  8. Training – keep the focus on exactly what the audience needs to know for their role in the process and don’t scare them witless with stories of tragedies and threats of Corporate Manslaughter litigation. For many people Business Continuity is only a part of their day job so get to the point and sure, explain the broader context but avoid ‘death by Power Point’ or ‘marathon’ sessions
  9. Policy – I think I have a reasonable understanding of the topics I work in but even I have to admit to struggling to make sense of policy wordings at times. Guys! This is stuff we are putting out to our own people and we want them to follow and comply with the requirements. Doh! Write your policy so that people can understand it on first view and your level of ‘buy-in’ will increase dramatically
  10. Communication – language and terminology is important as I have stated but you have got to keep the processes for issuing and receiving information lean too. You will not have time when an incident kicks off to debate how and what should be said – your stakeholders are waiting – so get simple and effective protocols, methods and messages agreed and practised in advance

Trust me. If you can apply some of these points to your Business Continuity work, not only will your organisation thank you, but your life will get a whole lot easier too. If you need any help let me know.