That Business Continuity Metrics Challenge Again

As the old saying goes, if you can’t measure it, you can’t manage it. For business continuity to get the senior management attention it deserves, hard data on your BC program progress could be a good idea. But of course, there is still the question of what to measure. And then the question of what the measurements really mean. Is your BC score good, bad or indifferent – compared to what your organisation needs? Compared to other companies? Compared to what? The first step is often to crack open a business continuity standard to get an initial reading (even if it’s “yes or no”) about whether you are doing things properly. But avid BC metricians will go further.

The next step may be to assess your organisation in terms of BC metrics like organisational, program and resiliency metrics. The first category deals with risk assessment and business impact analysis (BIA). It includes totting up hazards, operational vulnerabilities, and the disruptive effect of key business resources becoming unavailable. The second is about how well you do your business continuity. It can cover your efficiency in planning, compliance with standards, and your organisation’s BC score as evaluated by internal or external auditors (or both). The third category gauges your organisation’s time to recover from disruption and the limitation of negative effects, and is naturally the most difficult category in which to make measurements – unless you happen to have “adverse circumstances” happening, just at the time you decide to measure.

These measurements already have the merit of being comparable with the same measurements of the month/quarter/year before, once you start making them on a regular basis. They can tell you how you are doing over time and whether the trend is positive or negative. But once again, the avid BC metrician wants to know more. He or she wants to know how the organisation is doing compared to the rest of the field. In a word, the BC metrician wants benchmarks. Stay tuned! Part two of this blog post will discuss that very subject…

This entry was posted in Business Continuity and tagged , , , . Bookmark the permalink.

Comments are closed.