People often say that disaster recovery and business continuity planning is like having an active insurance policy. And, I think they are right. In the business continuity planning process, you conduct a Risk Analysis to determine what could go wrong to interrupt the business process. Once you have identified risks, you can:
- Accept the Risk
- Eliminate the Risk
- Mitigate the Risk
- Transfer the Risk
Business continuity planners hate it when management decides to accept the risks – that leaves us virtually nothing to do. Where possible, the risk can be eliminated through a number of solutions ranging from moving away from the risk, installing redundant systems to remove single points of failure, or other techniques to harden facilities. Mitigating risk is what most business continuity plans are really all about, by lessening the impact of a risk through contingency plans and alternate site solutions should the threat come to pass. And then there is the traditional, old fashion way of dealing with risks, by transferring the burden of risk to insurance companies with loss of business and other related insurance policies.
In reality, most enterprise programs include all of these solutions in one form or the other. The surprising thing to me however, is that the business continuity planner and the risk management folks, i.e.: those responsible for the insurance policies, seldom work together or are even aware of what the other guy is doing.
There is a slow paradigm shift happening that, I think, will result in a closer integration of these two risk handling practices. At Safe Harbor Consulting we have aligned ourselves with Granof International Group, a consulting firm that specializes in business insurance programs for risk management and executive liability. The expertise of these two organizations provide a synergy that allows for a truly holistic Enterprise Disaster Preparedness Program ensuring the right combination of all the risk related strategies listed above.