So how do you go about picking the best partner to develop a robust business continuity plan?
Developing a robust business continuity plan
There are ten questions you should ask any potential provider right at the start.
Here are the first five – all focused on the company as a whole. Part 2 of this series goes a bit deeper, but let’s start with the basics!
1. How long have they been around as a company?
The first question is completely quantifiable: how long has the provider been in business? And, specifically, how long have they been doing business continuity planning? (After all, a company may have been in business 18 years, but only started in the business continuity field 18 months ago.)
Can a “young” company be a good choice? Perhaps – but you should perform a lot of due diligence to be sure they know their stuff and that they’re stable enough to survive. Longevity, on the other hand, brings with it certain benefits:
- A depth of knowledge in the field
- A breadth of experience across many companies and industries
- An increased likelihood of future stability
- Proven commitment to business resiliency services
These are all crucial qualities in a business continuity partner.
2. What’s their reputation as a company?
This question looks at the provider’s reputation in the industry. Four key ways to examine reputation are:
- Look at the company’s website. Are there client testimonials available for review? Do they have case studies you can read? Sure, the company has handpicked these, but regardless, they do tell you if the company has satisfied customers.
- Browse review sites. Check out sites where both satisfied and disgruntled clients have posted comments and reviews about the company. What has been said? If there are positive and negative reviews, what does the mix look like? How is it weighted?
- Study analyst reports. See if analysts such as Gartner or Forrester have evaluated the provider. Review the details of their reports carefully, since they are objective and are comparing the provider against others in the industry.
- Ask your network. Chances are that you know someone who has had first-hand experience with the provider. Ask for their candid feedback.
3. What is the breadth of their capabilities?
Business continuity planning must encompass many factors if it is truly going to ensure overall business resiliency. You want to be sure the provider you choose has the appropriate breadth in their capabilities to deliver that resiliency.
For example, suppose you choose a provider who gives you a disaster recovery plan – a core component of business continuity planning. That’s well and good, but if they don’t also give you crisis management capabilities, your company may devolve into chaos at the next business interruption.
Instead, a business continuity provider should have capabilities that address IT concerns, business processes, crisis management, cyber security, and more. In essence, they should address the entire spectrum of resiliency enablement.
4. Do they have a holistic resiliency mindset and approach?
When you look at a provider’s capabilities, you should also look at their mindset and approach. For instance, a provider might have a large menu of services, but treat them all as separate items and passively allow you to pick and choose from among them. This can lead to a fractured program, since you could conceivably “fail to sign up” for the right services for your business.
In contrast, a provider with a holistic resiliency mindset and approach will have a wide breadth of services, but couple that with the ability to put it all together with a focus on outcomes for the solution your company needs. They will be able to advise you how to create a business continuity program that is appropriate for your business, selecting the right mix of services and support to deliver true resiliency.
5. Are they in alignment with industry standards?
In the past several years, business continuity management has been the subject of many new and helpful standards, such as ISO 22301. Any provider you consider should be familiar with the industry standards and work in alignment with them.
Additionally, if you are in an industry with unique requirements, such as HIPAA for the healthcare industry, you want a provider who can execute a business continuity plan that supports those compliance requirements.
So there are the first five questions you should ask about any potential business continuity provider. These will let you know if you are on solid ground, or if you should cross the provider’s name off your list of “possibles.” Take a look at the second five questions of our “top 10” list in Part 2!
Related Business Solution: Business Continuity