Practice all you like, but if you can’t see measurable results in terms of your organisation, then you can’t guarantee that business continuity plan best practice is of benefit. True, in some cases, it seems intuitively obvious. Or perhaps a sufficient number of relevant case histories exist for the probability to be high enough that you to will stand to gain. However, assessing the effectiveness of business continuity practices can be challenging when there are no problems. Borrowing the following ideas from another business area may help in measuring impact and readiness.
For example, take information security. The similarity between this and business continuity plan best practice is that the end objective is to achieve a certain attitude and behaviour in an organisation. Where information security wants employees to take due care about the confidentiality of information, BC wants them to be ready to implement certain procedures to ensure that they and the organisation continue to function correctly if confronted by change or adversity. In both cases however people have to know what is expected of them and how they should act, and maintain that knowledge on a continuing basis.
To do this, information security tactics include poster and email awareness campaigns, as well as questionnaires and surveys to measure attitude and preparedness. Questions in the surveys may be “multiple choice”, where participants indicate one of several levels of agreement or disagreement with given statements, including ones about daily routines, responses to given situations, and examples set by line managers. Similar possibilities exist to measure the degree to which employees not only understand, but also internalise end results from business continuity plan best practices, especially when this is vital to the continuing wellbeing of the organisation, its members and the people it serves.