— The following guest post was written by Tony Gimple of risk consultancy Gimple Associates
German military strategist Helmuth von Moltke sagely noted that: “No battle plan survives contact with the enemy.” Yet whilst that may be true of the field of honour, it is an aphorism that cannot be used when it comes to business continuity. To be truly effective, a business continuity plan must survive any contact with an enemy, which in this case is a denial of business resources howsoever caused.
Taking my advice above too literally may cause the BCP practitioner to think that they need a plan to cater for every imaginable scenario, but to do so would simply result in a plan the size of the Encyclopaedia Britannica. Instead, one needs a plan that recognises the fundamental commonality of such denials of access, a set of escalatable procedures, and regular third-party response testing based around real-time stress-inducing simulations rather than sterile box-ticking desktop exercises. Such testing should not be restricted to the crisis management teams, and needs to include proper invocation of internal systems as well as outside suppliers.
To many, that may seem to be overkill. But unless you’ve done it for as close to real as you can get, then you’ll never know whether your plan actually works or the people charged with implementing can really cope when the pressure is on. To close with another military adage drilled into my head during my days in the British Army: Proper Planning and Preparation Prevents P*** Poor Performance.