This is the second installment of a multi-part StraightTalk series on how business architecture can help an organization prepare for, respond to, recover from and build resilience for the unexpected. The unexpected may include an incident caused by an organization (e.g., an accident or data breach) or one that has happened to it (e.g., a natural disaster).
In our first installment, we covered the most urgent, response, so now we will focus on preparation. Here goes.
P.S. If you haven’t seen it yet, make sure to check out Post No. 73 on incident response because we covered some important foundational topics like why business architecture is so valuable for this type of decision-making and what to do if you don’t have a business architecture when the unexpected happens
So, what is this topic of preparing for the unexpected all about?
Let’s focus on the concept of Business Continuity Planning (BCP), which is the “process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery.” 1
So, let’s think about some activities related to preventing and preparing for an incident, such as:
- Identifying potential hazard or threat scenarios (e.g., a severe weather incident, a fire, a pandemic, etc.)
- Assessing the potential impacts of each scenario to the organization and its stakeholders
- Defining the response to each scenario (e.g., initial protective actions for life safety like taking shelter during a tornado or evacuating a building during a fire as well as longer-term responses for continuity like working remotely or shifting work for critical capabilities to employees or partners in unaffected locations)
- Training people to respond and then performing testing and exercises to evaluate recovery strategies and plans
Why is this important?
When the unexpected strikes it can be tremendously disruptive to an organization – and potentially disrupt an entire industry, community, country, or even our entire global population. In the worst cases, an incident may impact an organization’s ability to deliver products and services that are essential to human survival (think about interruptions to a government, for-profit or non-profit organization that provides healthcare, food or protection for people). In other cases, disruption to businesses (or entire industries) can lead to lost revenues or even failure, which in turn can have a vast ripple effect on unemployment, economies and even just our daily happiness to do and buy the things we enjoy.
So, the idea is to be as ready as we can for unexpected incidents, and where feasible try to prevent them from happening in the first place.
How can business architecture help organizations prepare for the unexpected?
Simply said, better decision-making. Business architecture helps organizations to make decisions that are more informed, more holistic and faster.
Here are a few ways in which business architecture can help to frame, inform and accelerate decision-making when preventing or preparing for incidents:
- As it pertains to both prevention and preparation, organizations need to define performance objectives and action items for incident mitigation, preparedness and response (e.g., to track progress of mitigation measures such as phasing out use of hazardous materials, completeness of training, response time to an incident, etc.) – Business architecture helps to:
- Capture objectives and action items and track initiatives and progress against them, framed within a value stream and capability context
- Illuminates the gap between current state abilities and target state requirements (e.g., human resource preparedeness, remote work enablement, succession plans, system backups, etc.)
- Identify impacted resources (human, assets, technology, etc.) to deliver on objectives and action items
Prevent
- Organizations need to identify and assess impact for potential hazard and threat scenarios – and take steps to mitigate them where possible – Business architecture helps to frame the full breadth of impacts for potential hazard/threat scenarios through value streams and capabilities along with all impacted aspects of the business and technology environment.
Prepare
- Organizations need to identify business-critical activities for which continuity is necessary – Business architecture helps to identify and track critical core business capabilities as well as incident scenario-specific capabilities along with the necessary aspects of business and technology required to support them (think capabilities + metrics in a value stream context to identify importance as well as their associated business units, stakeholders, information, products, policies, processes, applications, software services, etc.)
- Organizations need to define, train for and test incident response strategies and plans – Business architecture helps to:
- Perform what-if impact analysis to inform incident response strategy definition and selection
- Identify internal human resources and external partners (business units, stakeholders and locations) as well as supporting aspects of business and technology required to train and prepare for incident response
- Identify stakeholders with whom to communicate during an incident (business units, stakeholders and locations)
Here’s a handy diagram to summarize all of that.
Anything else?
Remember, never waste a good crisis. You can leverage business architecture right now to help your organization prevent and prepare for the unexpected – while simultaneously building your case for business architecture and demonstrating its value.
P.S. If you’re new to business architecture, StraightTalk has you covered. Start with Posts No. 1 (what), No. 2 (why) and No. 3 (more on why). To learn a bit more about how it’s created, check out Posts No. 17, No. 18 and No. 51. And for a bit more on how to use it and why it matters, see Posts No. 55, 56, 68 and 72.
1 “Business Continuity Planning.” Wikipedia, Wikimedia Foundation, 25 Mar. 2020, en.wikipedia.org/.
More Good Stuff…
How to Make Healthy Decisions With the COVID Perimeter Framework (Dr. Raj Ramesh and Whynde Kuehn): This animated video illustrates an approach for decision-making related to the coronavirus challenge. The authors present their COVID Perimeter Framework which helps guide healthy decision-making whether for individuals, healthcare professionals, businesses or government – based on principles of structured thinking and underpinned by business architecture. The intent of the video was not to be comprehensive but rather to provide a starting point for looking at such challenges.
Leveraging Business Architecture For Crisis Management (BrightTALK by William Ulrich): A talk on crisis response challenges at a major financial institution and the role business architecture should play in addressing a variety of related scenarios.
Business Continuity Planning (Department of Homeland Security): An excellent resource for Business Continuity Planning and much more (US-based).
Preserving Optionality: Preparing for the Unknown (Farnam Street): As the future gets harder to predict, keeping options allows us to pivot when the unexpected happens.
People (Men In Black): Just for fun. Here’s a clip from the movie Men In Black, where we are reminded of our humanness and fallibility when it comes to things we “know.”
The Next Outbreak? We’re Not Ready (TED Talk): An excellent TED Talk from Bill Gates on how we can think about and prepare for a pandemic.