November 05, 2019
November 05, 2019
Recent events, such as the spread of coronavirus, demonstrate the importance of stress-testing business continuity management plans.
The spread of a severe pneumonia now known to be COVID-19 through China and into other countries offers a timely reminder of the difficulty of planning for pandemic events and natural disasters. Businesses always need robust and current continuity plans that stipulate exactly how business operations will respond to and resume after a disruption — whether it is a natural disaster or an operational disruption, such as a broken contract.
In the 2018 Gartner State of the ERM Function Survey, 78% of respondents reported having a defined response plan for a cyberrelated incident, and 76% had plans to deal with the effects of a fire or explosion
“Even just a few moments of downtime can be costly, so it is essential that firms implement sound business continuity procedures,” says Ian Beale, VP Advisory, Gartner. “In fact, more than 40% of businesses will never reopen after a major natural disaster.”
A BCM program should reduce the impact of internal and external volatility, enabling the organization to reliably and consistently meet its strategic objectives despite disruption. A comprehensive BCM program covers the response and resilience of IT operations, the supply chain, the workforce and more.
Successful BCM programs have four components:
Learn more:Invest in Innovation and Growth to Prepare for Change
Without formal processes and guidelines, ad hoc responses will likely extend downtime and business loss. Plans must be tested to ensure they will enable the organization to weather disruption.
Tabletop exercises for BCM test the effectiveness of procedures and safeguards in place to respond to — and recover from — specific continuity incidents. These exercises are an effective way to gauge organizational preparedness and awareness, but also to uncover flaws or gaps in recovery plan design.
Read more:Gartner Top 3 Priorities for Legal and Compliance Leaders
First define the threats and risks specific to your organization. Consider that a risk reported in the global news cycle doesn’t automatically make that a risk for every organization.
Prioritize relevant scenarios by considering regulatory obligations, response plan maturity, criticality to business operations and response plan complexity. From there, leaders can draft relevant and comprehensive scenarios.
Learn more:Drive Growth Through Times of Uncertainty
Assign clear roles and responsibilities for participants and facilitators in tabletop exercises, including:
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
Fundamentals of Risk: Business Continuity Management.
*Note that some documents may not be available to all Gartner clients.