Contingency alternatives can range from having backup response plans to alternative sources of supply. Once the connected risk themes are identified and evaluated, actions to address consistent themes throughout the procurement process can be taken. Identification of consistent risk themes across a number of risk dimensions can help to determine where a company should place significant effort to mitigate the risk exposure.
Disruptive events need to be classified by their level of severity in order to determine the potential impact they may have. A classification system can provide a consistent framework for evaluation; enhance the communication process, allowing ease of communication between internal and external groups; and can facilitate response, management, recovery and restoration efforts.
In addition to the event classification system, a company should incorporate an event assessment form to determine the event classification level and facilitate discussion within a company and with the affected vendor(s). The less prepared an organization is for service disruption the longer it takes the organization to recover its operations and restore service levels; therefore, having a classification system can enhance the ability to identify potentially disruptive situations early and determine how to respond effectively to minimize the level of service impacts.
Early detection, classification and response can lead to less of a drop in service, a potential reduction in the chaos associated with a disruptive event, and shorter recovery and restoration timeframes. Figure 3 depicts the typical functions performed at various levels within an organization as it moves from response to restoration. The figure also depicts the focus for an organization at the tactical, grand tactical and strategic levels.
At the tactical level the focus is generally on event response and mitigation. The focus at the tactical level should be on response and mitigation while the need at the tactical level is for support from the next level (grand tactical). At the grand tactical level, the focus should be on support for the tactical response.
Additionally, at the grand tactical level the focus should be on the prevention of cascade and containment of cascade effects on the organization. At the strategic level the focus should be on management oversight, coordination and facilitation of restoration of services. It is important to note that a key element in this vertical and horizontal process of detection, classification, response, management, recovery and restoration is seamless communications. Seamless communication is based on the adoption of common terminology and in the functions represented at each level.
Phased Development and Integration
With any large-scale project, such as the integration of vendor business continuity criteria into the procurement process, attempting to implement on a grand scale can lead to chaotic results. A phased approach to implementation and integration can eliminate confusion and generally consists of five phases:
- Phase 1: Assessment & Vendor Continuity Questionnaire deliverable: letter report with executive summary that will include discussion and recommendations based on the results of the review of essential elements of analysis (report)
- Phase 2: Procurement Integration (vertical/horizontal) deliverables: procurement management system, vendor business continuity management program and plan integration criteria guide (tools); and procurement management system, vendor business continuity management program and plan integration criteria guide training program materials (knowledge transfer)
- Phase 3: Monitoring & Enforcement deliverable: procurement management system, vendor business continuity management program and continuity plan integration criteria guide maintenance criteria (sustainability)
- Phase 4: Sustainability deliverable: periodic metrics, event response reports
- Phase 5: Maturity Model Evaluation deliverable: metrics for maintaining the process, change management procedures
Today, business leaders have the responsibility to protect their organizations by facilitating continuity planning and preparedness efforts. Using their status as leaders, senior management and board members can and must deliver the message that survivability depends on being able to find the opportunity within the crisis.