By Linda Hanwacker, MBA, MSCS, CBCP
- What is Business Continuity Planning (BCP) software? What are its advantages?
- Does your organization need BCP software?
- What are your options, what features should you consider?
A well-developed BCP software package makes generating and maintaining plans significantly more efficient by guiding BC planners through the process. BCP software can be an invaluable tool for any size organization as it provides a snapshot of the organization’s current state of readiness in the event of a disaster. The selection of the wrong software can outweigh the cost and benefit only to be trashed within a year or two of implementation.
This white paper is designed to assist you in sorting and evaluating important criteria in the selection process of BCP software to meet your organization’s requirements and budget. The criteria are presented in a checklist format developed from a user perspective, not a vendor’s.
A multitude of BCP software packages are available; each package has unique characteristics. Some provide a total solution for all business continuity initiatives including “What if” scenarios, while others are subject matter or industry specific. Some packages incorporate third party vendors.
This checklist has been developed for organizations that must organize and track their Business Continuity programs. Organizations will want to analyze essential features as well as ease of implementation, total functionality, performance and support.
There are fifteen categories to consider when in the BCP Software selection process – General Features, Security, Risk Assessment/Management, Business Impact Assessment, Plan Creation, Plan Maintenance, Incident/Crisis Management & Recovery Site, Benchmarking/Compliance, Reporting/Approvals, Ease of Use, Flexibility, Emergency/Mass Notification, Education/Training, Availability and Mobile.
Category 1: General Features
There are several factors that impact how you use the BCP software. For example, is it a Software as a Service (SaaS) solution? SaaS is a way of delivering an application as a service via the internet. It allows the end user access that does not require installing and maintaining the software. The SaaS application runs on the provider’s servers whose security, availability and performance they maintain as well. If it is SaaS, then, where is it hosted – in the US or elsewhere?
Some other general considerations include:
- Support for industry standard practices
- Ability to access information from smart mobile devices
- Ability to import data from external sources such as a Microsoft Excel spreadsheet
- Multi-user application
Category 2: Security
Does it provide encryption, login and permission for access? If it does, what security features does it provide?
Category 3: Risk Assessment/Management
It is important that it provides an area to document threats and maybe the ability to preload threats for your industry or preload threats based on your Business Impact Analysis.
Category 4: Business Impact Assessment
This feature should support surveys and interviews. This can include a variety of features that allow creation of assessment surveys with responses, the capture of critical business functions, visual mapping of dependencies, gap analysis and what-if scenarios to name a few.
Category 5: Plan Creation
It should allow a customizable plan that supports other plans and identifies the goals of the organization. Does it provide customizable templates? Does it allow sharing of data and documents?
Category 6: Plan Maintenance
It should cover a revision history, log changes and record testing of the plans. It should be able to maintain documentation on recovery needs and requirements, capture restoration and recovery information, add attachments to plans, and track and validate tests that have been conducted.
Category 7: Incident/Crisis Management & Recovery Site
It should capture key contacts for staff and vendors, notification/escalation of call lists, utilize NIMS-ICS structure and produce appropriate forms for recouping personnel and equipment costs.
Category 8: Benchmarking/Compliance
This important feature allows you to understand where your organization fits in the maturity model of planning and also understand the likelihood of recovery.
Category 9: Reporting/Approvals
What formats are required, who has the authorization to approve and how do they access these reports for approval? Reporting should be made simple. Do I have a single button plan generation? What type of reporting capabilities are there?
Category 10: Ease of Use
How intuitive and easy is this software application to use? How much training is required to use it?
Category 11: Flexibility
Can I change the terminology or do I have to use what is there and make notes to adapt to my organization?
Category 12: Emergency/Mass Notification
Is the notification robust enough to handle your organization? Does the software application have its own mass notification or do I need a third party? If I require a third party does it work with the software I am considering? Does it have the ability to notify people via phone, email or text and log if the information was received?
Category 13: Education & Training
How many hours of training are required? Does it have a user support group and if so, how often do they meet?
Category 14: Availability
What are the guarantees for availability? Is there a redundant system architecture and daily data backups to ensure reliability?
Category 15: Mobile
What is needed? What is supported?
In summary, the BCP Software Evaluation checklist can help you identify your organization’s needs and evaluate how they are met by various software vendors. This checklist will organize the most important criteria required in the selection of BCP Software. It intuitively organizes your requirements and helps you analyze what you need to move forward in the selection process.
Detailed questions help you prioritize the BCP software offerings in light of your organization’s priorities. You can add additional criteria. In the “Need” column, enter “Must” or “Nice” to have. Copy this checklist for each BCP software vendor that you want to evaluate and place a check mark if the BCP software vendor meets that need.
Link to the checklist….
About the Author
Linda Hanwacker is the CEO and founder of The LSH Group, LLC. She is an experienced executive with 25+ years working in the disciplines of information technology, business continuity and disaster recovery. Linda has worked closely with companies and institutions to mitigate disruptions, avoid losses and negative publicity. Under Linda’s leadership, The LSH Group has been shortlisted in “The Top 20 Most Promising Government Tech Consulting Service Providers” by CIO Review. Linda may be reached via email, hanwacker@TheLSHGroup.com
The LSH Group, LLC is an independent provider of Information Technology, Business Continuity, Continuity of Operations, Emergency Managment and Disaster Recovery Planning Services, established in 2006 and based in Fort Myers, Florida. www.thelshgroup.com
Prior to The LSH Group, Linda was the Director of BC/DR Professional Services at AT&T that included managing and planning for all core AT&T network operations. Her team played a major role in the 9/11 crisis recovery effort for NYC.