Business Continuity Management
Provide information to business continuity planning on the data and information that is needed to support various business functions and activities.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Business Continuity Management at each level of maturity.
- 2Basic
- Practice
- Have IT participate in business continuity planning and test teams.
- Outcome
- Business continuity planning incorporates the recovery of essential IT systems into its plans.
- Metrics
- Frequency of business continuity submissions.
- # of high priority systems included in the plan.
- 3Intermediate
- Practice
- Document and provide information on data owners and governance to business continuity planning.
- Outcome
- Business continuity planning is able to develop business recovery strategies while adhering to governance criteria.
- Metrics
- Frequency of business continuity submissions.
- # of high priority systems included in the plan.
- # of governance and business priorities encompassed in the plan.
- Practice
- Complete recovery plan reviews and critiques.
- Outcome
- A high quality recovery plan exists, to which people have buy in because they have contributed.
- Metrics
- Frequency of reviews (as appropriate).
- # of improvements based on reviews.
- Practice
- Test the effectiveness of the recovery plan by executing it.
- Outcome
- There is confidence in the effectiveness of the recovery plan.
- Metrics
- Frequency of tests (as appropriate).
- # of improvements based on tests.
- Levels of confidence in the recovery plan.
- 4Advanced
- Practice
- Use and keep up-to-date sophisticated hardware and software inventory and configuration management systems.
- Outcome
- Plans are more likely to be complete and effective when they are based on complete hardware and software inventories with appropriate configuration information.
- Metrics
- Frequency of business continuity submissions.
- # of high priority systems included in the plan.
- # of governance and business priorities encompassed in the plan.
- Practice
- Design information governance so that it can be managed from any site.
- Outcome
- The improved reach and scope of governance makes it more robust.
- Metric
- # of governance and business priorities encompassed in the plan.
- Practice
- Invite energy, telecommunications, hardware, software, and other vendors to review and contribute to the recovery planning and testing processes.
- Outcomes
- Reviews by peers and vendors improve the quality and likelihood of success.
- Lessons learned while testing improve the next iteration of plan submissions.
- Metrics
- % of planning and testing processes that involve external experts.
- % fit of their expertise to the nature of the review.
- 5Optimized
- Practice
- Design, develop, procure, test, and deploy solutions and services that are compliant with the business continuity plan.
- Outcome
- The business is confident that all its solutions and services are compliant with its ability to recover if necessary.
- Metrics
- Frequency of business continuity submissions.
- # of high priority systems included in the plan.
- # of governance and business priorities encompassed in the plan.
- # of business continuity test failures.
- # of tests of the effectiveness of the recovery plan (plan was executable as written, time to recovery was achieved, priorities were manageable, etc.).
- Practice
- Use business continuity checks in change management approval and testing.
- Outcome
- The business is confident that ongoing changes and improvements will not detract from its ability to recover if necessary.
- Metrics
- % of change management and approval processes that include business continuity checks.
- # of change-induced business continuity test failures.