One of the most difficult parts of getting a Business Continuity or Disaster Recovery plan in place is convincing business stakeholders that these protocols are worthwhile. Although boards are well aware of regulations that govern important data, it is commonplace for management to overlook the importance of deploying such policies while citing shortcomings in funding, lack of expertise, or even little interest. A recent post in CU Insight outlines this very topic, and I thought it would be worthwhile to summarize that article while providing my own thoughts and opinions.
If you are one of the many struggling to get support from leadership teams, the three following steps just may be the way to get your Business Continuity initiatives pushed through:
Determine the risk tolerance of management
Business stakeholders are typically trained in risk in management, and Disaster Recovery is a part of this. The first step in garnering support for any proposal should be to find out exactly where board members sit on this scale. This way, each member can agree on where that tolerance has impacted business operations and would impact a possible continuity deployment. Once a consensus is reached, it becomes easier for stakeholders to understand one another and appropriately decide where to spend vital time, money and other organizational resources.
Discover the ROI on having a tested, proven plan
Without a proven ROI plan in place, it is near impossible to sell stakeholders or board members on a plan that shows no real potential for profit. At the end of the day, business leaders need hard numbers in order to understand how the time, money and human hours invested in such a program will impact the bottom line.
Present a program, not a project
When you’ve developed a Business Continuity strategy that can make an impact, it’s important to describe it to the stakeholders inside your organization as a program, not just as an idea or project that needs working on. When presenting your case, don’t ask them for a testing of your strategy, ask them to implement it. You should start with an overview of the plan, highlighting the key factors. How will the plan remain current and relevant with ever-changing data, regulations and systems? What’s the bottom line? How will a continuity plan impact ROI, both up front and in the event of a disaster scenario?
- Data Protection Officer Job Description by Solutions Review - January 31, 2023
- What to Expect at Solutions Review’s Tactical Roundtable: Ransomware: Prevention and Response on January 26 - January 18, 2023
- Solutions Review Names 5 Data Protection Vendors to Watch, 2023 - December 13, 2022