Business continuity has its challenges and finding the right metrics is one of them. The difficulty is in accepting that metrics need to show there are problems or unsatisfactory performance, at least from time to time. It’s tempting to wish for an array of indicators that always show a positive result. The fact is that the longer there are no red flags, the further away you are moving from BC reality. Red flags, like microbes and cold germs for humans, are a necessary part of making an organisation more robust and better equipped to deal with threats to its continuity.
Business continuity metrics, similar to other project metrics, are likely to include performance metrics (for performance), project metrics (to understand if the business continuity project is meeting its goals) and business metrics (to measure relevant business impact). Because these metrics are shared with others in the organisation, the natural tendency is to want to make them look as good as possible. This in itself is not a bad thing. It’s just that you can have too much of a “not a bad thing”. A metric that is positive for months on end may simply mean that you are tracking the wrong metric.
The environment to which business continuity applies is a changing one. It is normal that at certain points in time business continuity plans will be out of phase with changes in the organisation, even if BC management has already identified the need to adapt and the measures to be taken. That still means a red flag. However, that red flag is useful because it demonstrates the reactivity of the BC planning process, and inspires the confidence of stakeholders and other observers. The only other condition attached is naturally that the red flag has to be effectively handled and removed in a timely way.