“Putting your money where your mouth is” is as true of business continuity planning as of anything else. Government agencies often set an example in this respect, making their BC plans readily available and free of charge. That doesn’t mean that there’s no need for constructive criticism. Some of the plans are well thought-out and comprehensive, while others may have “underdeveloped strengths” (meaning apparent weaknesses or omissions). So it’s interesting to see a private-sector company like IT networking vendor Cisco also making information on its BC planning public and the points it emphasises.
Business continuity planning in Cisco is done by the “safety, security, and business resiliency” team, working with other BC professionals in other business departments. This team is likely to be close to the company’s internal auditors, because it forms part of the finance department in Cisco (see our earlier post on internal auditors as the BC professional’s ally). The business continuity planning process means that BC plans are tested annually. If that works for Cisco, then that’s what counts. As we’ve also mentioned before, required frequency of testing has to be determined for each organisation individually.
Cisco hints at the possibility of sharing fuller details of its business continuity planning with business partners under non-disclosure, a reminder of the importance of extending BCP to both upstream and downstream aspects of an organisation’s supply chain. It is more forceful in its statement that key vendors and suppliers to Cisco are required to prove their own capabilities for business continuity. The information in the Q&A section of the Cisco corporate web site is too brief to allow for detailed assessment. However, it gives some idea about what a company like this considers to be key points in its business continuity planning – or at least, what it considers key for its audience to know.