This update outlines some of the key features of our soon to be released “Agile Business Continuity Planning” software. A Platform as a Service (to be offered through AgileBCP Pty Ltd and available at
If you have had a chance to follow our story, you might recall this venture started a few months ago from a shared recognition between four of us (two “risk managers” and two “software engineers”) that helping people come through the current business impacts of the Corona Virus could be a worthy venture.
We recognised we had the experience and capabilities to develop an agile tool to help people to both reimagine their business and make it more resilient against future shocks.
Further, the offering would be easy and straightforward to use – and for small “Mom and Pop” businesses it will be made available at little or no cost.
Focusing on Business Continuity
Business Continuity used to be a dry topic struggling for traction. The focus was on occasional disruptions to a few businesses for a short period.
Our collective Corona virus experience has changed that … with the very survival of many organizations tested for an extended period of time. As we come out the other side of any extreme event there are opportunities to reimagine our businesses – from aims and objectives to the products and services we use to achieve those aims and objectives. At the detailed level of implementation, this means mapping the minimum necessary resources needed to support required activities .
In future, we will think more about the meaning of our exposures. Where are we – geographically and socially – in relation to risk exposure to various hazards?
How might the hazards impact us – especially in relation to the effect on achieving our objectives? We now better appreciate these impacts could vary between seconds and months.
The aim – or purpose – of Business Continuity Planning is to build our capabilities to mitigate impact. The aim is to pull the impact curve “back” so that we are affected for less time than otherwise; and to pull the curve up so that we reduce the level of impact.
Time sensitivity of our products and services will vary – context is crucial to considerations around “ how soon is your soon?” – “ how long is your while?” Rigid plans categorise – adaptive approaches appreciate context. Again, a key Corona reminder has been the need to appreciate context and be agile.
This depiction has been the traditional framework we have focused on. Responses to sudden impact disruption – with priority to “emergency response”.
Contexts such as climate change and pandemics have made us recalibrate our thinking to embrace more intricate considerations. Considerations of greater complexity and uncertainty.
Our approach focuses on before and after “action planning” opportunities. Opportunities to act identified by asking the right questions, collecting the right information and applying agreed criteria to decisions both before impact to prevent and after impact to mitigate. Before impact, these criteria focus on what is critical, and how susceptible the critical things are in the circumstances and under the conditions we are considering. After impact, these criteria focus on what is critical, and how badly those critical things have been impacted. Two workflows – each with three key steps enhanced by feedback and refinement, and displayed in logical workflows.
We depict these logical workflows using a technique derived from “Business Process Modelling Notation” and seek to communicate these in an accessible way by using “cartoon characters”.
Establishing context before impact relies on mapping the resource profiles for each critical activity. Resources are defined in various standards. To support a comprehensive and balanced approach we use a heuristic device called “The Five Ps”. People … Premises … Processes … Providers … and last, but not least, Profile. Developed initially in England’s local government sector early this century, it has become a tried and trusted approach globally, for both stimulating conversations and for collecting data.
The area within the AgileBCP “Platform as a Software” used to collect information – including resource profiles – is the Mitigation Framework.
Under each of these five Ps (Resource Types) are three key “consideration” prompts. These are depicted on a matrix in the “paper plan” (in the AgileBCP Workbook) located under the “help tab” of the software.
… and they are addressed in “drop downs” within the Mitigation Framework of the software. The text boxes allow for information to advise top management of any aspects requiring consideration.
The information is used to attribute an appropriate “score” according to agreed criteria around (a) criticality and (b) susceptibility. The Before Impact Vulnerability of the entity is a function of these two attributes – Criticality and Susceptibility.
“Traffic lights” are used to draw attention to what the current level of vulnerability might mean.
The level of commitment to address the identified vulnerability should be based on considering, challenging and validating the traffic light scores – and the attributions around Criticality and Susceptibility. Once validated, the higher the percentage (Red … Orange … Yellow …down to Green) the greater the weight that should be afforded considerations around resourcing and committing to contingency and mitigation plans.
What is recorded in Contingency and Resilience Initiatives “boxes” in the Mitigation Framework will come out of further conversations – prompted by scenarios and consideration of the “Tips Tables” in the AgileBCP Workbook.
Reporting covers the four key areas within the two workflows First – Before Impact Vulnerability Assessment Second – Contingency and Mitigation Action Plans Third – After Impact Vulnerability Assessment Fourth – Response and Recovery Action Plans All reports have exploratory capabilities such as filtering and ranking columns.
From the Reports, specific lines can be selected to bring up a pdf of all fields for the prioritized activity. This can be moved or manipulated by editing – which takes you to the record in the Mitigation Framework. It is a great page to drive the conversation.
As you can see here, heads may not roll, but … at minimum there will be issues addressed. Starting with, “ Let’s Talk”. The fields in the Framework allow for a comprehensive approach including feedback and refinement.
Developed and adapted from a diagram published on LinkedIn by Dr Carl Gibson (hat tip), this depiction reflects our Mitigation Framework capturing the right questions – including challenging current aims and objectives – through to implementing a range of action plans to address vulnerability.
When an event does impact the organization you have two advantages. First you are resilient due to your Before impact workflow which addressed contingencies and mitigated vulnerabilities.
Second – your baseline data is – or ought to be – up to date. Therefore all you need to do is assess after impact vulnerability by attributing an impact score to the resources underpinning prioritized activities.
In the example we are following through with from Workflow 1 we see that the vulnerability previously ignored has now spilled over into a significant consequence.
Which is addressed by informing the Crisis Management Team which will review and endorse action plans to be implemented.
The reports should not be passive documents. They are interrogatable documents which groups should use to discuss improvement opportunities.
Top Management and their supporting teams should also spend time exploring the powerful capabilities of the Refinement and Feedback page
The two workflows actually work hand in glove to form a comprehensive and integrated framework. A framework which characterised by informed decisions to prevent, prepare, respond and recover.