A cornerstone of the implementation of a business strategy is the setting of the goals for resiliency of the business itself. Whether it is deciding that the business venture would be “operational 24x7, with full process and personnel redundancy in hours” or “available Monday through Friday with 99% availability for mission critical functions within 2-3 days," the establishment of the goals and vision for the organization’s ability to function must be set by Executive Management. The resiliency goals must be in lockstep with the business strategy. Likewise, the elements of the resiliency model must be aligned with the implementation and execution of all levels of the business strategy throughout the enterprise. Eagle Rock offers the following services, listed below, to assist in determining your risk and resiliency analysis for achieving the desired results.
Business Impact Analysis
A Business Impact Analysis (BIA) is a strategic review designed to assess the impacts associated with the loss of a critical business facility, resource or process, in the event of an unplanned outage or disaster. With a thorough BIA, it is possible for an enterprise to fully evaluate the critical metrics unique to each process within the business. A BIA should be conducted to identify the organization's required recovery timeframe and required resources.
The Eagle Rock Solution to conducting a BIA:
Our Solution is described in the process flow below:
- Quantitative review of the existing business processes and technology environment
- Determination of the critical components within each business process
- Identification of the Recovery Point Objectives (RPOs) for all systems and data
- Identification of the Recovery Time Objectives (RTOs) for all business processes, systems and data
- Identification of critical staff within a business process
- Consideration of risks to regulatory compliance, competition, market share, market value, customer loyalty and reputation
- Recommendations to strengthen, enhance, and improve resiliency strategy
Reliability and resiliency are two important hallmarks of disaster preparedness. All key internal processes and procedures, systems and equipment, must be analyzed to ensure that they will continue to operate seamlessly during times of crisis. Reliability strategies don't stop there. Determining a third-party vendor's strengths and vulnerabilities in dealing with a catastrophic event must be included in any reliability strategy, followed by service level agreement development and vendor management. Are outsourced services solidly dependable? Do critical vendors have their own business continuity and disaster recovery plans in place and are they functional?
Resiliency Strategy Development
A set of business resiliency objectives is not effective unless embedded in a strategy to achieve those objectives. The managers who will be in charge of meeting the objectives need to have a strategy in place. How to assure that key systems, data and personnel will be available to meet the objectives is critical in the overall process. Failure to develop a strategy and instruct personnel to rehearse and execute the strategy will leave the enterprise with potential excessive downtime risks, costs and loss of opportunity.
The Eagle Rock Solution for developing a resiliency strategy:
- Quantification of the processes that are considered critical to the business
- Identification of the range of cost-effective potential strategies available, both in-house and third party
- Identification of the potential business function and personnel relocation possibilities
- Identification of the potential technology recovery options
Once the strategy has been developed, the appropriate personnel can be placed in charge with the implementation. Management can achieve a high level of confidence that the resiliency of their business is being vastly improved. Risk mitigation steps are being taken. In the event of an unforeseen disruption affecting the ability to conduct business, the departments and the business will be prepared to continue to function and eliminate unacceptable and avoidable losses of revenue, profits and reputation.
Resiliency Strategy Analysis and Review
Enterprises tend to pay closer attention to their business resiliency strategy just after an unforeseen event threatens their ability to conduct business. Strategies not reviewed on an annual basis can become outdated. An old plan could provide a false sense of security and expectation. Once committed to a strategy, a firm is compelled to test, maintain and improve it with commitment and diligence.
The Eagle Rock Solution for analyzing and reviewing your resiliency strategy
An analysis and review of a business resiliency strategy can be accomplished in the following manner:
- Conduct a thorough analysis of the corporation's strategy, capability and infrastructure
- Analyze the resilience of the business processes and the technology that supports it
- Conduct a comparative analysis of current business trends and existing reliability strategy(s) in order to identify potential single points of failure created by changes in technology, organizational growth and cross-functional dependencies
- Perform a qualitative review of the original analysis performed to select the current strategies
- Perform an alternate site risk evaluation
After a complete analysis and review is performed, management will have a clear and current view of the probable resiliency of their corporation. They will know where their strategy has kept up with the latest technology developments and relocation options in the industry and where to focus attention on improvements. Management and ownership must be confident that it has identified its risks and understands what risks it needs to accept, mitigate, eliminate or insure.
Resiliency Program Assessment
All organizations have information that tells the story of how prepared they are to weather a multitude of storms. Usually, however, this information is spread out in different places, files and documents. The challenge is to gather the right data, organize and analyze it, and report on it in a manner that is useful for making decisions.
Eagle Rock’s highly trained consultants use our own proprietary assessment called ERA*360, which stands for “Enterprise Resiliency Assessment, 360° view.” The assessment process is facilitated through a series of face-to-face interviews conducted with key executives and managers from various business units. Scores measure preparedness elements on the basis of comprehensiveness, completeness, progress and commitment. Interviewees agree with interviewers on the initial scoring, after which scores are adjusted to account for data from other sources, such as internal documents. Subjectivity is minimized by limiting the granularity of scoring criteria; in this case a 3 point scale is utilized. The ability to weight scores by degree of importance is built into the ERA*360 software as an option.
The Eagle Rock Solution to assessing your program:
The ERA*360 process provides the flexibility to address the areas of business continuity that are most important for your company. The final report highlights the strengths of the preparedness posture, as well as those areas that need improvement. Executives can use the report to understand their resiliency issues, prioritize next steps in addressing those issues and compare themselves to relevant BCP standards, such as ISO 22301, FFIEC, BS 25999 or others. Business resiliency practitioners can see the full depth and detail of each element examined.
The examination points in the ERA*360 correspond to Eagle Rock’s standard, as well as the British Standards Institute BS 25999 and the ISO 22301. Under this service, reports and graphs produced using the published standards viewpoint illuminate the guidance necessary to enable the firm to meet the rigorous specifications of the standard. Trained Eagle Rock staff professionals provide the guidance and assistance required to understand and master what needs attention, with an actionable and concise project plan "Roadmap" to get it done.