We’ve been talking recently about the pursuit of business resiliency, which is rooted in the premise that organizations can and should be prepared to do more than merely react to or recover from the effects of a disaster; rather, they should strive to develop a resilience to disruptions that’s woven into the very fabric and culture of the organization. We’ve talked about following four basic principles in pursuit of business resiliency, and we’ve explored different aspects of those principles. This time, we’ll look at the role process improvement can play in following the principle of preparation—i.e., how process improvement helps organizations be prepared for disaster.
Resiliency really starts at the top, such as ensuring the organization’s strategies and business objectives are resiliency-focused and sustainable. This type of activity is driven most effectively if the organization has a “culture of resiliency”, meaning it’s a part of doing business.
To be truly resilient also requires building resilient business activities, IT systems and supporting infrastructure. For example, a critical business process can have one key supplier, but that’s not a very resilient approach. That supplier needs a backup…or two; and what about that supplier’s supplier? It’s thinking about what makes a critical process resilient before a disruption ever hits. There are a variety of approaches to ongoing process improvement available to organizations, each proposing a different path to improvement. Six Sigma, for example, aims to improve process results by using statistical analysis to minimize variability. “Lean” refers to improving processes by eliminating waste. However, the process improvement model that’s been perhaps most widely adopted for business resiliency is a four-step model popularized by Dr. W. Edwards Deming known as the plan-do-check-act (PDCA) cycle, or the Deming Cycle.
Using Deming’s model, organizations improve processes by first defining a plan for improvement, then implementing it, checking the results and making changes as needed before starting the cycle over again. This cycle of continuous improvement supports the idea of business resiliency as an ongoing discipline rather than a one-time event. This notion is at the heart of an organization’s ability to be resilient no matter how the organization itself changes or how threats to the organization evolve.
Turning to the theme of integrated business resiliency that’s the focus of this series, process improvement as part of an integrated approach means testing how well disaster recovery, business continuity and other functional teams across the organization striving for resiliency work together. No matter how successful any one team is at improving processes, if it’s working in a vacuum, the effort is going to fall short. Integrated business resiliency depends on the interrelationships between multiple disciplines, and process improvement is no exception.
Learn more about how you can prepare your organization to be more resilient by downloading Key Principles of Integrated Business Resiliency. Then watch for more posts that include practical information about putting these principles into action.
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Patrick Potter. Read the original post at: http://www.rsa.com/en-us/blog/2018-02/integrated-business-resiliency-process-improvement.html