Which activities and tools create the most value when building resiliency?

Elevator pitch

Presentation: Less is more

What is to come and key accomplishments

Integrated resilience program

Why we are important

Tabletop exercises and buy in

Steering Committee Quarterly Meetings

Know your operations: Critical processes

Reports that are not read

Long policy statement

Excessive reporting or unnecessary meetings

Separate BIA, BCP documents and process

Depend on tools and audience

Tabletop Exercises and Workshops (DR & BC)

Frequent  Dry Run Exercises (DR & BC)

BIA,  BCP,  DRP and Risk Management Plan

System  cataloging all resources

Training  (new leaders, members, employees, etc.)

Have  a plan, train for the plan, exercise the plan

RACI

Job  description & performance evaluation

Marketing outreach on BC

Certification & Education

Printed documentation

Misallocation of resources

Awareness Articles

Have an exercise just to do an exercise

Perform BIA’s and do nothing with them

Producing document without an audience or purpose

Know your audience/Know who should be in attendance

Clear and concise  presentations with metrics (Having data to inform and influence)

Visually impactful slides  Linking content to strategic outlook for the organization / Graphic  Tools

Having commitment from the  right audience

Build relationships and allies

Reporting and status include  any asks or issues

Using case studies of past  successes / Using engaging stories to teach the  topic  / Charismatic and disarming presenter  

MS Teams & Communication Tools

Tabletops to engage senior leadership

PowerPoint Excel Word as appropriate to the audience

Longdrawn out wordie presentations

Videoconferencing/ Team / Zoom leading to lack of engagement

Teams– zoom can be a single point of failure

Preparing materials and holding the "meeting before the meeting"

Dynamic response plan

Authority protocol in place

Situational awareness

Crisis management plan

Matrix for roles/responsibilities

Crisis management tools

Bridge lines and back up communications

Conference bridges with video and screen

Steering committee

Lack of recovery documentation

Call trees

Annual reviews are not frequent enough

Static plans

No commitment to keep up with cleansed data

Partnerships and tabletops

Monthly/Quarterly Risk meetings with appropriate stakeholders

Risk Matrix

Centralized Risk Register

Gap/Risk Attestation Tooling

Available reports (BCI Horizon Scan / Global Risk Report from World Economic Forum)

Identify teams/departments  that have a budget

Coming Leadership waiving off risk due to not clearly understanding impact to business soon

Including too much or too few or not the right stakeholders

Risk Assessments for non prioritised activities

Emergency NotificationSystem

Teams / Zoom

Communication Exercises

Email template

Tabletop Exercises /Rehearsals

Mobile App with access to plans

SOP (Standard Operating Procedures) Documents

Workforce resilience  services such as International SOS

AAR (After Action Reviews) /Post-Event  Assessment

Shared mailbox (for receiving questions, requests)

Email originated at time of incident

Too many details on text

Laminated cards

Call trees

Documentation / GeneralAuthority Policy (Do not speak to Media, etc.)

Using Industry standard technology

Clear concise and timely internal communication

Meeting Joint Commission requirements

Professional communication to the media

Paying attention to what is  going on with other organizations

Social media

Certification

Stay ahead, in healthcare

Internet monitoring Communications Plan

Lawyers cost and approach

Legal Software

Applications Chat Bots

Following of flows and questions

Industry certification of program

 Working in silos

Standard templates

BC software solution that  perform : dependency Mapping

Data privacy standards -naming convention

BC software solution that incorporates the organization’s retention policies

BC software solution that enhances  plan sharing while ensuring security of sensitive information

Clarity of the ask

BC software that performs  data imports from Corporate Systems

BC software that helps the  maintenance process

Data retention periods too long

Viability of documents, given the rate of change

Approvals - the number of required approvals and the accountability associated with approving isn't clear

Must stop segmenting storage of documents across multiple platforms. Instead centralize and consolidate documentation.

Industry certification of program

USB keys and binders

Depending on size of company you should be using tooling to manage your program

Identifying your critical assets and prioritizing them

Central Knowledge Management System Plan Reviews Asset Tiering

Plan Reviews Asset Tiering

Develop ranking of most critical systems first

Lexicon - common terms and graphics

Develop technical impact analysis and business unit impact analysis and compare the two

Useless meetings

Taking weeks to complete simple tasks

Doing things the same way you’ve always done them

Stop doing the preparation for the business unit owners. They have the experience

Centralized office to provide governance and direction

Getting buy-in from  stakeholders at all levels with clear roles and responsibilities

Centralized tool to complete  the work / Single solution housing all strategies

 Leveraging lessons  learned from actual events

Executive advocate  & Leadership buy in /Support from the top

Justification and clear communication

Strategy addressing a wide range of events with predefined responsive actions

Having cross functional  teams that are accountable for response

Understanding ROI

Modularity in strategies and solutions

Over engineering and getting analysis paralysis

Controls can overstate or understate the level of preparedness

Localized impacts may be overstated

Aiming for perfection

Multiple levels of approvals required to take action

Excessively detailed plans for extremely specific events

Dedicated specialists

Shared leadership

Centralized business continuity management platform tool

Centralized leadership that  knows what IT is doing and how that impacts the business Strong comms with  business regarding system impacting events

Aligning RTO and MTD,  address gaps Exercise with IT and business stakeholders  Dedicated  DR sites that are tested routinely

Business impact analysis

Involving business and ITduring an exercise

CMDB (like ServiceNow)

Automate system dependency tracking

Developing recovery plans just to check the box

Silos

Maintaining documents without current state accommodations

Updating in a vacuum

Cloud

AI

Biometrics for security

Multiple suppliers on in multiple locations /Multiple Vendor Supply Chain

Have an automation tool and have suppliers meet SLAs and supply chain policies

Contract Evaluation

Relationships management

Geoengineering Tools

Applications in use for mapping: Excel, BC Software

SLA management Contract Management

Suppliers mapping

Focus on all vendors

Lack of understanding of the outsourced processes

Ones that are not used

Building surveys no one will answer

Steering committee that covers all Operational Resilience disciplines

Due diligence of vendors, have them to plan if a critical function goes down, how does it affect the business unit and the business itself

BIA

People/assets

Process

DR/BCP exercises with business units

DR tests with critical vendors

Software /Hardware

Annual meeting with Plan Owners to review their plan

Office Space & Desktop space

Identifying a large number of IBS

Steering Meeting with just BC or IT (should be across function)