A Business Continuity Strategy is your CIO secret weapon in an increasingly dangerous world.

Outbreaks, disasters, and crisis – oh my!

Corporations spend millions of dollars securing their infrastructure and guarding against cyber-attacks—but what about a potential pandemic? Viral outbreaks, weather, and civil unrest are all factors that erode commerce and operations. As the Coronavirus spreads, the business implications of disrupted global commerce are significant. Without a plan in place, businesses could take longer to recover, or shut down completely!

Threats and disruptions lose revenue, increase cost, and tank profitability. It’s not enough to rely on insurance—it doesn’t cover all the costs OR customers who flock to the competition. CIOs and other leaders can avoid disaster and save the day with a well-thought-out business continuity strategy.

What’s the secret weapon to staying afloat during a crisis? A solid Business Continuity Plan (BCP). According to Investopedia, BCP/ Business Continuity Management is “the process involved in creating a system of prevention and recovery from potential threats to a company.” The plan protects personnel and assets to resume operations after a disaster. Key stakeholders and personnel give their input to create and test the BCP in advance.

How to create a Business Continuity Plan

There are many components of a solid BCP. Disaster Recovery and Business Impact Analysis are both important pieces of the puzzle. DRPs focus on restoring infrastructure and operations. BIA looks at the processes of your organization and prioritizes them in regards to cost.
After assessing the BIA, it’s time to complete the plan. Identify the scope of the plan and the key business areas: sales? Supply? HR? Pinpoint your company’s most important processes and note how they connect with the business areas.

Honestly assess how much downtime is acceptable for each of these functions. After gathering this information, your team can now create a plan and procedure to resume and maintain operations.

Test early, test often

There’s always pressing work to do, and so even the most thoughtful BCP can get shoved in a drawer years after its creation. In today’s world, your team should review, test and update the company’s BCM strategy at least once a year. Leaders and managers should review the plan and discuss potential changes with their teams. This way all personnel is aware of the process and can share any input or concerns.

Testing your BCP and DR in a controlled environment is the best way to make sure it works. It’s better to make changes ahead of time as opposed to improvising during an incident. Be sure to push the limits of your tests, and try to break the plan. Planning for the worst ensures the most effective results.

When disaster seems like a remote possibility, it’s tempting to be laissez-faire about the BCP’s importance. “Every organization should be monitoring changes and threats on a global basis,” says Quentin Cantlo, COO of Advancement Strategy. “Having a proper BCM leadership structure in place is a great start to developing the continuity management strategy for your enterprise.”

Plenty of companies and consultants provide disaster recovery solutions for corporate infrastructure. You can rely on the IT team to get the technology up and running, but profits and success rely on holistic processes. But how will you handle the rest of your business functions?

These days, the dark web isn’t the only way to spread a virus. If your business requires the development, audit or testing of a BCM or Disaster Recovery strategy, contact us. We have years of planning and executing BCMs with global corporations, and will steer your team to safety.

 

 

 

 

 

Top 5 Misconceptions CEOs have of CIOs

  • The top IT leader does not need to report to the CEO – As technology has advanced and more people use it everyday and the public has become more familiar with outsourcing, business leaders and stock exchanges have begun to take IT leaders for granted. Sometimes this manifests as the Senior IT leaders having lower ranking titles or reporting to other parts of the organization.
  • CIOs are expendable and easily replaced every 2 years (current average tenure is 18-24 months) – Building on the prior point, the tenure for CIOs has declined and when an event occurs such as a cost overrun or a security breach, often the CIO
  • CIO is a cost more than an asset – The CIO and his or her respective assets are often viewed as a cost to the business. Sometimes this is based on the perception that IT would simply be cheaper if it is all outsourced.
  • The CIO is not needed to define and implement a cloud or cloud migration strategy-This is a common oversimplification and short-sighted view that people have. Usually this results in long-term overspending or inadequate applications or services.

The IT function is tactical rather than strategic – Many organizations forget that it is well documented that the most successful, leading companies are those that most effectively use technology.  Those that value their technology leaders are also able to implement their business strategies by leveraging the latest technologies and innovations.

 

 

CIOs: Don’t get Trapped in the Matrix

CIOs not only have to juggle day-to-day responsibilities and developing strategy, but also need to be on the lookout for IT troubles that could negatively affect their company.

Unexpected tech failures can easily end up as an article in The Wall Street Journal and result in your demise:

  • Security breach
  • Application outage
  • Disaster Recovery failure

It’s imperative for you to stay one step ahead of any potential trouble. A great way to ensure you’re receiving up to date, strategic advice is to enlist a trusted consultant (like Advancement Strategy!) to assist in developing plans and procedures to mitigate these risks.

Wishing for a trusted consultant is easier than actually receiving the help you need. You might run into negative responses due to:

  • Budget problems – no money earmarked for security proofing
  • The business-oriented decision makers don’t fully understand the risks involved with operating under lax security
  • Decision-makers do not want to spend money on security
  • Political tension between departments with a desire to use the money for other organizational priorities

It’s a challenging task, but you must avoid conceding to business priorities or keeping quiet regarding IT imperatives.  Evaluate how effective your previous strategies were with respect to spend plan and use that to guide decisions for the next phase of strategy.

10 Signs You’re an IT Leader in Trouble

Are you imagining things, or is it possible your IT leadership position is on rocky footing? We’ve compiled a list of signs to watch for if you’re in trouble:

  1. Four cloud providers walk by your executive office to meet with the Business… and don’t acknowledge you.
  2. The CEO tells you she is going to create the IT strategy (over the weekend).
  3. You find out Business VPs have been running applications in the cloud for over a year without your knowledge.
  4. You (the IT leader) are invited to a business leadership meeting where the CEO presents the “new” IT strategy.
  5. The business decides to outsource the IT function without your input.
  6. The business hijacks the IT budget to fund radically experimental/skunkwork projects.
  7. You go to the CFO to inquire about next year’s IT budget; the CFO then asks “Haven’t you heard? The CEO plans to hire a consultant to develop new IT strategy for us!”
  8. A major, $10+ million IT solution needs to be vetted and you are not involved in the discussion to make the decision.
  9. The business has decided to rebrand you, “Sr. Director of IT” and you now report to the VP of HR.
  10. You find out you lost your CIO role in a press release of the incoming CIO.  (whose first order of business is to eliminate the “new” Sr. Director of IT (you).

Hopefully you never experience any of these situations—but if you do, contact us. We’ve been there and can help build a strategy to get you back on solid ground.