Monday, 14 November 2011

BCM Tools

One of the most important decisions when establishing a Business Continuity program is the fact that if an automation tool is necessary or not, which involves the election of the tool if so. The use of any tool will condition both maintenance procedures and actions to be taken in case of activation of your business continuity plan.

There are different theories about the suitability of using automation tools to manage continuity, depending on the program maturity, the company size and the scope of the program. However, as we're going to see below, there are different types of tools and each type can be useful in different environments.

In general terms, there are two main types of business continuity tools:
  • pre-event tools, are tools that can be use to grant the preparation in the organization. In this set of tools we can find a lot of options, because of the different types of activities related with it: risk analysis and management, impact analysis, compliance management, workforce assessment, suppliers management, documental management, and so on. Some examples of this kind of tools are: eBRP suite , myCOOP by COOP, CMS by SunGard, ShadowPlanner by ICM, RecoveryPlanner.com. All this tolls are specific continuity tools; Apart from this tools, there are others more close to the Information Security world, like RSA-Archer and others oriented to the document management, for example PCN by Ecija, although companies usually develop their own solutions to solve this functionality using SharePoint by Microsoft or Lotus Notes. Finally, there are some tools oriented to manage infrastructure technology continuity, likeRecoverGuard by ContinuitySoftware for data recovery, or CMDB modules, like the one from BMC Atrium
  • post-event tools, are used when a disruption has occurred. In this way, we have two different types of tools: notification tools (Fact24, MIR3 Intelligent Notification, imodus or notifind, etc)and incident management tools (Incident Manager by SunGard and ESi). For this kind of tools is required a reliable, intuitive and quick access and has to be reached from any location.
In this picture can be seen the use of the different kind of tools, depending on the time frame in which we should use it, taking as a reference an event or disruption.
In Spain, due to the traditional approach to Business Continuity from Information Security perspective, the BC providers have developed tools around risk management, compliance management and impact analysis. In many cases, customers have developed their own BC tools, based in Sharepoint or Lotus, with limited scope and scalability.

A really effective tool from a BC point of view has to be a unique database, or synchronized with other sources. This way is the only that can assurance than the effort of managing the tool will not be greater than the effort of managing the whole program of BC.