In a truly resilient organization, everyone has visibility into the information required to do their part. Staying resilient means active participation, and that requires insight. Insight arises from visibility, which is all about people being able to see information that’s relevant to their roles in real time and to act on it quickly, making mid-course corrections. In short, it means seeing the right information, at the right time, at the right level. Achieving that goal requires putting effective measures and reporting in place so a disruptive event can always be quickly and accurately sized up and acted upon before it occurs—and progress can be objectively evaluated and improved before, during and after an event.
Because events can happen so suddenly and the status of a situation can change so fast, it’s impossible to achieve the needed level of visibility using spreadsheets and presentation decks. To be able to consistently provide people with the information they need, when they need it, automated technology tools are critical. Teams need workflows that take the guesswork out of what to do, as well as dashboards that they can access based on the type of data they need to see, and that are updated in real time to ensure everyone is acting on the latest information.
Visibility into accurate, timely information is indispensable in a crisis, as well as useful in the times between crises, when teams can use it to quickly identify gaps in business continuity planning and other activities that build resiliency. Visibility can reveal, for example, areas where it could be useful to conduct a business impact analysis or to document or test a plan as part of process improvement. After all, we learn the most about a crisis after it’s occurred, and capturing that insight is invaluable.
Here are a few examples of how visibility benefits some of the different teams that are engaged in a creating a resilient business:
The executive team needs “big picture” information when a crisis is on the horizon—data that will let them know, for example, what the potential impact to the business could be if there’s a natural disaster occurring in an area where the company has operations (wildfires in California, for example, or flooding in India). Executive teams also benefit from being able to see where a particular business unit does not have business continuity plans in place so that they can direct the planning team to work toward filling the gaps.
The crisis management team of a global organization needs to be able to see where crises are happening around the world and what the status is of each so that they can prioritize their responses. This is an area where the importance of real-time information becomes obvious: Is there a dashboard that makes it instantly clear where to focus attention immediately for maximum effectiveness? Or is the crisis team leader instead having to call people to check the status of an event, compile reports and send them via email—possibly too late to react, make decisions and minimize damage?
The business continuity planning team also benefits from having access to updated information via real-time dashboards. If they’re using spreadsheets to document plans, what happens when those plans aren’t manually updated for months – and a disaster strikes in the meantime? With up-to-date information available in real time, it’s possible to see how recently various aspects of a plan have been tested, for example, so they can have confidence the plan will work.
In our exploration of integrated business resiliency in this space, we’ve talked about tools like the BIAs and process improvement models mentioned above, explained the importance of alignment among business resiliency teams and—lastly, in this post—looked at the need for visibility in a resilient business. All these tools and concepts are necessary to weaving resiliency into the fabric of your organization. Learn more by downloading the RSA white paper Key Principles of Integrated Business Resiliency or the e-book 4 Paths to Integrated Business Resiliency.
This is a Security Bloggers Network syndicated blog post authored by Patrick Potter. Read the original post at: RSA Blog