Document Your Cloud Strategy

Get ready for the cloudy future with a consistent, proven strategy.

Analyst perspective

Any approach is better than no approach

Moving to the cloud is a big, scary transition, like moving from gas-powered to electric cars, or from cable to streaming, or even from the office to working from home. There are some undeniable benefits, but we must reorient our lives a bit to accommodate those changes, and the results aren’t always one-for-one. A strategy helps you make decisions about your future direction and how you should respond to changes and challenges. In Document Your Cloud Strategy we hope to help you accomplish just that: clarifying your overall mission and vision (as it relates to the cloud) and helping you develop an approach to changes in technology, people management, and, of course, governance. The cloud is not a panacea. Taken on its own, it will not solve your problems. But it can be an important tool in your IT toolkit, and you should aim to make the best use of it – whatever “best” happens to mean for you.

Jeremy Roberts

Research Director, Infrastructure and Operations

Info-Tech Research Group

Executive Summary

Your Challenge

The cloud is multifaceted. It can be complicated. It can be expensive. Everyone has an opinion on the best way to proceed – and in many cases has already begun the process without bothering to get clearance from IT. The core challenge is creating a coherent strategy to facilitate your overall goals while making the best use of cloud technology, your financial resources, and your people.

Common Obstacles

Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

• Inconsistent understanding of what the cloud means
• Inability to come to a consensus on key decisions
• Ungoverned decision making
• Unclear understanding of cloud roles and responsibilities

Info-Tech’s Approach

A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

1. Vision and alignment
2. People
3. Governance
4. Technology

The answers might be different, but the questions are the same

Every organization will approach the cloud differently, but they all need to ask the same questions: When will we use the cloud? What forms will our cloud usage take? How will we manage governance? What will we do about people? How will we incorporate new technology into our environment? The answers to these questions are as numerous as there are people to answer them, but the questions must be asked.

Your challenge

This research is designed to help organizations that are facing these challenges or looking to:

• Ensure that the cloud strategy is complete and accurately reflects organizational goals and priorities.
• Develop a consistent and coherent approach to adopting cloud services.
• Design an approach to mitigate risks and challenges associated with adopting cloud services.
• Create a shared understanding of the expected benefits of cloud services and the steps required to realize those benefits.

Grappling with a cloud strategy is a top initiative: 43% of respondents report progressing on a cloud-first strategy as a top cloud initiative.

Source: Flexera, 2021.

Definition: Cloud strategy

A document providing a systematic overview of cloud services, their appropriate use, and the steps that an organization will take to maximize value and minimize risk.

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• The cloud means different things to different people, and creating a strategy that is comprehensive enough to cover a multitude of use cases while also being written to be consumable by all stakeholders is difficult.
• The incentives to adopt the cloud differ based on the expected benefit for the individual customer. User-led decision making and historically ungoverned deployments can make it difficult to reset expectation and align with a formal strategy.
• Getting all the right people in a room together to agree on the key components of the strategy and the direction undertaken for each one is often difficult.

Info-Tech’s approach

Info-Tech’s approach

Your cloud strategy will comprise the elements listed under “vision and alignment,” “technology,” “governance,” and “people.” The Info-Tech methodology involves breaking the strategy down into subcomponents and going through a three-step process for each one. Start by reviewing a standard set of questions and understanding the goal of the exercise: What do we need to know? What are some common considerations and best practices? Once you’ve had a chance to review, discuss your current state and any gaps: What has been done? What still needs to be done? Finally, outline how you plan to go forward: What are your next steps? Who needs to be involved?

Review

• What questions do we need to answer to complete the discussion of this strategy component? What does the decision look like?
• What are some key terms and best practices we must understand before deciding?

Discuss

• What steps have we already taken to address this component?
• Does anything still need to be done?
• Is there anything we’re not sure about or need further guidance on?

Go forward

• What are the next steps?
• Who needs to be involved?
• What questions still need to be asked/answered?
• What should the document’s wording look like?

Info-Tech’s methodology for documenting your cloud strategy

Insight summary

Separate strategy from tactics

Separate strategy from tactics! A strategy requires building out the framework for ongoing decision making. It is meant to be high level and achieve a large goal. The outcome of a strategy is often a sense of commitment to the goal and better communication on the topic.

The cloud does not exist in a vacuum

Your cloud strategy flows from your cloud vision and should align with the broader IT strategy. It is also part of a pantheon of strategies and should exist harmoniously with other strategies – data, security, etc.

People problems needn’t preponderate

The cloud doesn’t have to be a great disruptor. If you handle the transition well, you can focus your people on doing more valuable work – and this is generally engaging.

Governance is a means to an end

Governing your deployment for its own sake will only frustrate your end users. Articulate the benefits users and the organization can expect to see and you’re more likely to receive the necessary buy-in.

Technology isn’t a panacea

Technology won’t solve all your problems. Technology is a force multiplier, but you will still have to design processes and train your people to fully leverage it.

Key deliverable

Cloud Strategy Document template

Inconsistency and informality are the enemies of efficiency. Capture the results of the cloud strategy generation exercises in the Cloud Strategy Document template.

• Record the results of the exercises undertaken as part of this blueprint in the Cloud Strategy Document template.
• It is important to remember that not every cloud strategy will look exactly the same, but this template represents an amalgamation of best practices and cloud strategy creation honed over several years of advisory service in the space.
• You know your audience better than anyone. If you would prefer a strategy delivered in a different way (e.g. presentation format) feel free to adapt the Cloud Vision Executive Presentation into a longer strategy presentation.
• Emphasis is an area where you should exercise discretion as well. A cost-oriented cloud strategy, or one that prioritizes one type of cloud (e.g. SaaS) at the exclusion of others, may benefit from more focus on some areas than others, or the introduction of relevant subcategories. Include as many of these as you think will be relevant.
• Parsimony is king – if you can distill a concept to its essence, start there. Include additional detail only as needed. You want your cloud strategy document to be read. If it’s too long or overly detailed, you’ll encounter readability issues.

Blueprint benefits

Measure the value of this blueprint

Don’t take our word for it:

• Document Your Cloud Strategy has been available for several years in various forms as both a workshop and as an analyst-led guided implementation.
• After each engagement, we send a survey that asks members how they benefited from the experience. Those who have worked through Info-Tech’s cloud strategy material have given overwhelmingly positive feedback.
• Additionally, members reported saving between 10 and 20 days and an average of $46,499.
• Measure the value by calculating the time saved as a result of using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

8.8/10 Average reported satisfaction

13 Days Average reported time savings

$46,499 Average cost savings

Executive Brief Case Study

INDUSTRY: Pharmaceuticals

SOURCE: Info-Tech workshop

Pharmaceutical company

The unnamed pharmaceutical company that is the subject of this case study was looking to make the transition to the cloud. In the absence of a coherent strategy, the organization had a few cloud deployments with no easily discernable overall approach. Representatives of several distinct functions (legal, infrastructure, data, etc.) all had opinions on the uses and abuses of cloud services, but it had been difficult to round everyone up and have the necessary conversations. As a result, the strategy exercise had not proceeded in a speedy or well-governed way. This lack of strategic readiness presented a roadblock to moving forward with the cloud strategy and to work with the cloud implementation partner, tasked with execution.

Results

The company engaged Info-Tech for a four-day workshop on cloud strategy documentation. Over the course of four days, participants drawn from across the organization discussed the strategic components and generated consensus statements and next steps. The team was able to formalize the cloud strategy and described the experience as saving 10 days.

Example output: Document your cloud strategy workshop exercise

Anything in green, the team was reasonably sure they had good alignment and next steps. Those yellow flags warranted more discussion and were not ready for documentation.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 4 to 6 calls over the course of 1 to 3 months

Workshop Overview

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Phase 1

Document Your Vision and Alignment

This phase will walk you through the following activities:

1. Record your cloud mission and vision
2. Document your cloud strategy’s alignment with other strategic plans
3. Record your cloud guiding principles
4. Define success

This phase has the following outcome:

• Documented strategy: vision and alignment

Record your mission and vision

Build on the work you’ve already done

Before formally documenting your cloud strategy, you should ensure that you have a good understanding of your overall cloud vision. How do you plan to leverage the cloud? What goals are you looking to accomplish? How will you distribute your workloads between different cloud service models (SaaS, PaaS, IaaS)? What will your preferred delivery model be (public, private, hybrid)? Will you support your cloud deployment internally or use the services of various consultants or managed service providers?

The answers to these questions will inform the first section of your cloud strategy. If you haven’t put much thought into this or think you could use a deep dive on the fundamentals of your cloud vision and cloud archetypes, consider reviewing Define Your Cloud Vision, the companion blueprint to this one.

Once you understand your cloud vision and what you’re trying to accomplish with your cloud strategy, this phase will walk you through aligning the strategy with other strategic initiatives. What decisions have others made that will impact the cloud strategy (or that the cloud strategy will impact)? Who must be involved/informed? What callouts must be involved at what point? Do users have access to the appropriate strategic documentation (and would they understand it if they did)?

You must also capture some guiding principles. A strategy by its nature provides direction, helping readers understand the decisions they should make and why those decisions align with organizational interests. Creating some top-level principles is a useful exercise because those principles facilitate comprehension and ensure the strategy’s applicability.

Finally, this phase will walk you through the process of measuring success. Once you know where you’d like to go, the principles that underpin your direction, and how your cloud strategy figures into the broader strategic pantheon, you should record what success actually means. If you’re looking to save money, overall cost should be a metric you track. If the cloud is all about productivity, generate appropriate productivity metrics. If you’re looking to expand into new technology or close a datacenter, you will need to track output specific to those overall goals.

Review: mission and vision

The overall organizational mission is a key foundational element of the cloud strategy. If you don’t understand where you’re going, how can you begin the journey to get there? This section of the strategy has four key parts that you should understand and incorporate into the beginning of the strategy document. If you haven’t already, review Define Your Cloud Vision for instructions on how to generate these elements.

Understand key cloud concepts: Archetype

Once you understand the value of the cloud, your workloads’ general suitability for the cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype. Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes. After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders. The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

Build a Better Manager

Support IT success with a solid management foundation.

Analyst Perspective

Training that delivers results.

Ninety-eight percent of managers say they need more training, but 93% of managers already receive some level of manager training. Unfortunately, the training typically provided, although copious, is not working. More of the same will never get you better outcomes. How many times have you sat through training that was so long, you had no hope of implementing half of it? How many times have you been taught best practices, with zero guidance on how to apply them? To truly support our managers, we need to rethink manager training. Move from fulfilling an HR mandate to providing truly trainee-centric instruction. Teach only the right skills – no fluff – and encourage and enable their application in the day to day.

Jane Kouptsova Research Director, People & Leadership Info-Tech Research Group

Executive Summary

Info-Tech Insight

When it comes to manager training, more is not more. Attending training is not equal to being trained. Even good information is useless when it doesn’t get applied. If your role hasn’t required you to use your training within 48 hours, you were not trained on the most relevant skills.

Effective managers drive effective departments by engaging their teams

Engaged teams are: 52% more willing to innovate* 70% more likely to be at the organization a year from now** 57% more likely to exceed their role’s expectations** Engaged teams are driven by managers: 70% of team-level engagement is accounted for by managers***

*McLean & Company; N=3,395; **McLean & Company; N=5,902; ***Gallup, 2018

Despite the criticality of their role, IT organizations are failing at supporting new managers

87% of middle managers wish they had more training when they were first promoted

98% of managers say they need more training

Source: Grovo, 2016

IT must take notice:

IT as an industry tends to promote staff on the basis of technical skill. As a result, new managers find themselves suddenly out of their comfort zone, tasked with leading teams using management skills they have not been trained in and, more often than not, having to learn on the job. This is further complicated because many new IT managers must go from a position of team member to leader, which can be a very complex transition.

The truth is, many organizations do try and provide some degree of manager training, it just is not effective

*Grovo, 2016; **Chief Executive, 2016

Info-Tech’s Management & Governance Diagnostic, N=337 CIOs

There are three key reasons why manager training fails

1. Information Overload

Seventy-five percent of managers report that their training was too long to remember or to apply in their day to day (Grovo, 2016). Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.

2. Limited Implementation

Thirty-three percent of managers find that their training had insufficient follow-up to help them apply it on the job (Grovo, 2016). Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.

3. Lack of departmental alignment

Implementing training without a clear link to departmental and organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving departmental effectiveness.

Overcome those common training pitfalls with tactical solutions

This research combats common training challenges by focusing on building habits, not just learning ideas

Info-Tech Insight

When it comes to manager training, stop thinking about learning, and start thinking about practice. In difficult situations, we fall back on habits, not theoretical knowledge. If a manager is only as good as their habits, we need to support them in translating knowledge into practice.

This research focuses on building good management habits to drive enterprise success

Set up your first-time managers for success by leveraging Info-Tech’s training to focus on three key areas of management:

• Managing people as a team
• Managing people as individuals
• Managing yourself as a developing leader

Each of these areas:

• Is immediately important for a first-time manager
• Includes practical, tactical skills that can be implemented quickly
• Translates to departmental and organizational benefits

Info-Tech Insight

There is no such thing as “effective management training.” Various topics will be effective at different times for different roles. Delivering only the highest-impact learning at strategic points in your leadership development program will ensure the learning is retained and translates to results.

This blueprint covers foundational training in three key domains of effective management

Effective Managers

• Self
  • Conflict & Difficult Conversations
  • Your Role in the Organization
  • Your Role in Decisions
• Team
  • Communication
  • Feedback & Coaching
  • Performance Management
• People
  • Master Time
  • Delegate
  • Accountability

Each topic corresponds to a module, which can be used individually or as a series in any order.

Choose topics that resonate with your managers and relate directly to their day-to-day tasks. Training on topics that may be useful in the future, while interesting, is less likely to generate lasting skill development.

Info-Tech Best Practice

This blueprint is not a replacement for formal leadership or management certification. It is designed as a practical, tactical, and foundational introduction to key management capabilities.

Info-Tech’s training tools guide participants through successful skill building

Measure the effectiveness of your manager training with outcomes-focused metrics

Linking manager training with measurable outcomes allows you to verify that the program is achieving the intended benefits, course correct as needed, and secure buy-in from stakeholders and participants by articulating and documenting value.

Use the metrics suggested below to monitor your training program’s effectiveness at three key stages:

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series

of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 1 to 3 calls over the course of several months, depending on training schedule.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Pool of topics:

• Master Time
• Accountability
• Your Role in the Organization
• Your Role in Decision Making
• Manage Conflict Constructively
• Effective Communication
• Performance Management
• Coaching & Feedback

Phase 1

Prepare to facilitate training

Outcomes of this phase:

• Training facilitation deck customized to organizational norms
• Training workbook distributed to participants
• Training dates and facilitator finalized

1.1 Select training modules

1-3 hours

1. Review the module descriptions on the following slides.
2. Identify modules that will address managers’ most pressing development needs.
   To help make this decision, consult the following:
   • Trainees’ development plans
   • Trainees’ supervisors

Effective Communication

Effective communication is the cornerstone of good management

Effective communication can make or break your IT team’s effectiveness and engagement and a manager’s reputation in the organization. Effective stakeholder management and communication has a myriad of benefits – yet this is a key area where IT leaders continue to struggle.

There are multiple ways in which you communicate with your staff. The tactics you will learn in this section will help you to:

1. Understand communication styles. Every staff member has a predisposition in terms of how they give, receive, and digest information. To drive effective communication new managers need to understand the profiles of each of their team members and adjust their communicate style to suit.
2. Understand what your team members want communicated to them and how. Communication is highly personal, and a good manager needs to clearly understand what their team wants to be informed about, their desired interactions, and when they need to be involved in decision making. They also must determine the appropriate channels for communication exchanges.
3. Make meetings matter. Many new managers never receive training on what differentiates a good and bad meeting. Effective meetings have a myriad of benefits, but more often than not meetings are ineffective, wasting both the participants’ and organizer’s time. This training will help you to ensure that every team meeting drives a solid outcome and gets results.

Benefits:

• Better buy-in, understanding, and communication.
• Improved IT reputation with the organization.
• Improved team engagement.
• Improved stakeholder satisfaction.
• Better-quality decision making.
• Improved transparency, trust, and credibility.
• Less waste and rework.
• Greater ability to secure support and execute the agenda.
• More effective cooperation on activities, better quality information, and greater value from stakeholder input.
• Better understanding of IT performance and contribution.

Effective Communication

Effective manager communication has a direct impact on employee engagement

35% Of organizations say they have lost an employee due to poor internal communication (project.co, 2021).

59% Of business leaders lose work time to mistakes caused by poor communication (Grammarly, 2022).

$1.2 trillion Lost to US organizations as a result of poor communication (Grammarly, 2022).

Effective Communication

Effective communication is crucial to all parts of the business

Effective Communication

The Communicate Effectively Facilitation Guide covers the following topics:

• Understand Communication Styles
• Tailor Communication Methods to Activities
• Make Meetings Matter

Learning outcomes:

Main goal: Become a better communicator across a variety of personal styles and work contexts.

Key objectives:

• Reaffirm why effective communication matters.
• Work with people with different communication styles.
• Communicate clearly and effectively within a team.
• Make meetings more effective.

Info-Tech Insight

First-time IT managers face specific communication challenges that come with managing people for the first time: learning to communicate a greater variety of information to different kinds of people, in a variety of venues. Tailored training in these areas helps managers focus and fast-track critical skill development.

Performance Management

Meaningful performance measures drive employee engagement, which in turn drives business success

Meaningful performance measures help employees understand the rationale behind business decisions, help managers guide their staff, and clarify expectations for employees. These factors are all strong predictors of team engagement:

Performance Management

Clear performance measures benefit employees and the organization

Performance Management

The Performance Management Facilitation Guide covers the following topics:

• Develop Meaningful Goals
• Set Meaningful Metrics

Learning outcomes:

Main goal: Become proficient in setting, tracking, and communicating around performance management goals.

Key objectives:

• Understand the role of managers and employees in the performance management process.
• Learn to set SMART, business-aligned goals for your team.
• Learn to help employees set useful individual goals.
• Learn to set meaningful, holistic metrics to track goal progression.
• Understand the relationship between goals, metrics, and feedback.

Info-Tech Insight

Goal and metric development holds special significance for first-time IT managers because it now impacts not only their personal performance, but that of their employees and their team collectively. Training on these topics with a practical team- and employee-development approach is a focused way to build these skills.

Coaching & Feedback

Coaching and feedback are effective methods to influence employees and drive business outcomes

1. Administrative Sciences, 2022

2. International Review of Management and Marketing, 2020

3. Current Psychology, 2021

4. Quantum Workplace, 2021

5. Issues and Perspectives in Business and Social Sciences, 2022

6. Sustainability, 2021

Coaching & Feedback

The Coaching & Feedback Facilitation Guide covers the following topics:

• The 4 A’s of Coaching
• Effective Feedback

Learning outcomes:

Main goal: Get prepared to coach and offer feedback to your staff as appropriate.

Key objectives:

• Understand the difference between coaching and feedback and when to apply each one.
• Learn the importance of a coaching mindset.
• Learn effective coaching via the 4 A’s framework.
• Understand the actions that make up feedback and the factors that make it successful.
• Learn to deal with resistance to feedback.

Info-Tech Insight

First-time managers often shy away from giving coaching and feedback, stalling their team’s performance. A focused and practical approach to building these skills equips new managers with the tools and confidence to tackle these challenges as soon as they arise.

Your Role in the Organization

IT managers who understand the business context provide more value to the organization

Managers who don’t understand the business cannot effect positive change. The greater understanding that IT managers have of business context, the more value they provide to the organization as seen by the positive relationship between IT’s understanding of business needs and the business’ perception of IT value.

Source: Info-Tech Research Group

Your Role in the Organization

Knowing your stakeholders is key to understanding your role in the business and providing value to the organization

To understand your role in the business, you need to know who your stakeholders are and what value you and your team provide to the organization. Knowing how you help each stakeholder meet their wants needs and goals means that you have the know-how to balance experience and outcome-based behaviors. This is the key to being an attentive leader.

The tactics you will learn in this section will help you to:

1. Know your stakeholders. There are five key stakeholders the majority of IT managers have: management, peers, direct reports, internal users, and external users or customers. Managers need to understand the goals, needs, and wants of each of these groups to successfully provide value to the organization.
2. Understand the value you provide to each stakeholder. Stakeholder relationship management requires IT managers to exhibit drive and support behaviors based on the situation. By knowing how you drive and support each stakeholder, you understand how you provide value to the organization and support its mission, vision, and values.
3. Communicate the value your team provides to the organization to your team. Employees need to understand the impact of their work. As an IT manager, you are responsible for communicating how your team provides value to the organization. Mission statements on how you provide value to each stakeholder is an easy way to clearly communicate purpose to your team.

Benefits:

• Faster and higher growth.
• Improved team engagement.
• Improved stakeholder satisfaction.
• Better quality decision making.
• More innovation and motivation to complete goals and tasks.
• Greater ability to secure support and execute on goals and tasks.
• More effective cooperation on activities, better quality information, and greater value from stakeholder input.
• Better understanding of IT performance and contribution.

Your Role in the Organization

The Your Role in the Organization Facilitation Guide covers the following topics:

• Know Your Stakeholders
• Understand the Value You Provide to the Organization
• Develop Learnings Into Habits

Learning outcomes:

Main goal: Understand how your role and the role of your team serves the business.

Key objectives:

• Learn who your stakeholders are.
• Understand how you drive and support different stakeholder relationships.
• Relate your team’s tasks back to the mission, vision, and values of the organization.
• Create a mission statement for each stakeholder to bring back to your team.

Info-Tech Insight

Before training first-time IT managers, take some time as the facilitator to review how you will serve the wants and needs of those you are training and your stakeholders in the organization.

Decision Making

Bad decisions have tangible costs, so managers must be trained in how to make effective decisions

To understand your role in the decision-making process, you need to know what is expected of you and you must understand what goes into making a good decision. The majority of managers report they have no trouble making decisions and that they are good decision makers, but the statistics say otherwise. This ease at decision making is due to being overly confident in their expertise and an inability to recognize their own ignorance.1

The tactics you will learn in this section will help you to:

1. Effectively communicate decisions. Often, first-time managers are either sharing their decision recommendations with their manager or they are communicating a decision down to their team. Managers need to understand how to have these conversations so their recommendations provide value to management and top-down decisions are successfully implemented.
2. Provide valuable feedback on decisions. Evaluating decisions is just as critical as making decisions. If decisions aren’t reviewed, there is no data or feedback to discover why a decision was a success or failure. Having a plan in place before the decision is made facilitates the decision review process and makes it easier to provide valuable feedback.
3. Avoid common decision-making mistakes. Heuristics and bias are common decision pitfalls even senior leaders are susceptible to. By learning what the common decision-making mistakes are and being able to recognize them when they appear in their decision-making process, first-time managers can improve their decision-making ability.

20% Of respondents say their organizations excel at decision making (McKinsey, 2018).

87% “Diverse teams are 87% better at making decisions” (Upskillist, 2022).

86% of employees in leadership positions blame the lack of collaboration as the top reason for workplace failures (Upskillist, 2022).

Decision Making

A decision-making process is imperative, even though most managers don’t have a formal one

1. Identify the Problem and Define Objectives
2. Establish Decision Criteria
3. Generate and Evaluate Alternatives
4. Select an Alternative and Implement
5. Evaluate the Decision

Managers tend to rely on their own intuition which is often colored by heuristics and biases. By using a formal decision-making process, these pitfalls of intuition can be mitigated or avoided. This leads to better decisions.

First-time managers are able to apply this framework when making decision recommendations to management to increase their likelihood of success, and having a process will improve their decisions throughout their career and the financial returns correlated with them.

Decision Making

Recognizing personal heuristics and bias in the decision-making process improves more than just decision results

Employees are able to recognize bias in the workplace, even when management can’t. This affects everything from how involved they are in the decision-making process to their level of effort and productivity in implementing decisions. Without employee support, even good decisions are less likely to have positive results. Employees who perceive bias:

Decision Making

The Decision Making Facilitation Guide covers the following topics:

• Effectively Communicate Decisions
• Provide Valuable Feedback on Decisions
• Avoid Common Decision-Making Mistakes

Learning outcomes:

Main goal: Understand how to successfully perform your role in the decision process.

Key objectives:

• Understand the decision-making process and how to assess decisions.
• Learn how to communicate with your manager regarding your decision recommendations.
• Learn how to effectively communicate decisions to your team.
• Understand how to avoid common decision-making errors.

Info-Tech Insight

Before training a decision-making framework, ensure it is in alignment with how decisions are made in your organization. Alternatively, make sure leadership is on board with making a change.

Manage Conflict Constructively

Enable leaders to resolve conflicts while minimizing costs

If you are successful in your talent acquisition, you likely have a variety of personalities and diverse individuals within your IT organization and in the business, which means that conflict is inevitable. However, conflict does not have to be negative – it can take on many forms. The presence of conflict in an organization can actually be a very positive thing: the ability to freely express opinions and openly debate can lead to better, more strategic decisions being made.

The effect that the conflict is having on individuals and the work environment will determine whether the conflict is positive or counterproductive.

As a new manager you need to know how to manage potential negative outcomes of conflict by managing difficult conversations and understanding how to respond to conflict in the workplace.

The tactics you will learn in this section will help you to:

1. Apply strategies to prepare for and navigate through difficult conversations.
2. Expand your comfort level when handling conflict, and engage in constructive conflict resolution approaches.

Benefits:

• Relieve stress for yourself and your co-workers.
• Save yourself time and energy.
• Positively impact relationships with your employees.
• Improve your team dynamic.
• Remove roadblocks to your work and get things done.
• Save the organization money.
• Improve performance.
• Prevent negative issues from reoccurring.

Manage Conflict Constructively

Addressing difficult conversations is beneficial to you, your people, and the organization

When you face a difficult conversation you…

• Relieve stress on you and your co-workers.
• Save yourself time and energy.
• Positively impact relationships with your employees.
• Improve your team dynamic.
• Remove roadblocks to your work
• Save the organization money.
• Improve performance.
• Prevent negative issues from reoccurring.

40% Of employees who experience conflict report being less motivated as a result (Acas, 2021).

30.6% Of employees report coming off as aggressive when trying to resolve a conflict
(Niagara Institute, 2022).

Manage Conflict Constructively

The Manage Conflict Constructively Facilitation Guide covers the following topics:

• Know Your Ideal Time Mix
• Calendar Diligence
• Effective Delegation
• Limit Interruptions

Learning outcomes:

Main goal: Effectively manage your time and know which tasks are your priority and which tasks to delegate.

Key objectives:

• Understand common reasons for difficult conversations.
• Learn Info-Tech’s six-step process to best to prepare for difficult conversations.
• Follow best practices to approach difficult conversations.
• Learn the five approaches to conflict management.
• Practice conflict management skills.

Info-Tech Insight

Conflict does not have to be negative. The presence of conflict in an organization can actually be a very positive thing: the ability to freely express opinions and openly debate can lead to better, more strategic decisions being made.

Master Time

Effective leaders spend their time in specific ways

Source: Info-Tech, N=85

Master Time

Signs you struggle with time management

Master Time

The Master Time Facilitation Guide covers the following topics:

• Understand Communication Styles
• Tailor Communication Methods to Activities
• Make Meetings Matter

Learning outcomes:

Main goal: Become a better communicator across a variety of personal styles and work contexts.

Key objectives:

• Understand how you spend your time.
• Learn how to use your calendar effectively.
• Understand the actions to take to successfully delegate.
• Learn how to successfully limit interruptions.

Info-Tech Insight

There is a right and wrong way to manage your calendar as a first-time manager and it has nothing to do with your personal preference.

Accountability

Accountability creates organizational and team benefits

Source: Forbes, 2019

Accountability

Accountability increases employee empowerment

Employee empowerment is the number one driver of employee engagement. The extent to which you can hold employees accountable for their own actions and decisions is closely related to how empowered they are and how empowered they feel; accountability and empowerment go hand in hand. To feel empowered, employees must understand what is expected of them, have input into decisions that affect their work, and have the tools they need to demonstrate their talents.

Source: McLean & Company Engagement Database, 2018; N=71,794

Accountability

The Accountability Facilitation Guide covers the following topics:

• Create Clarity and Transparency
• Articulate Expectations and Evaluation
• Help Your Team Remove Roadblocks
• Clearly Introduce Accountability to Your Team

Learning outcomes:

Main goal: Create a personal accountability plan and learn how to hold yourself and your team accountable.

Key objectives:

• Understand why accountability matters.
• Learn how to create clarity and transparency.
• Understand how to successfully hold people accountable through clearly articulating expectations and evaluation.
• Know how to remove roadblocks to accountability for your team.

Info-Tech Insight

Accountability is about focusing on the results of a task, rather than just completing the task. Create team accountability by keeping the team focused on the result and not “doing their jobs.” First-time managers need to clearly communicate expectations and evaluation to successfully develop team accountability.

Use the Build a Better Manager Participant Workbooks to help participants set accountabilities and track their progress

A key feature of this blueprint is built-in guidance on transferring your managers’ new knowledge into practical skills and habits they can fall back on when their job requires it.

The Participant Workbooks, one for each module, are structured around the three key principles of learning transfer to help participants optimally structure their own learning:

• Track your learning. This section guides participants through conducting self-assessments, setting learning goals, recording key insights, and brainstorming relapse-prevention strategies
• Establish your personal commitment. This section helps participants record the actions they personally commit to taking to continually practice their new skills
• Secure organizational support. This section guides participants in recording the steps they will take to seek out support from their supervisor and peers.

Info-Tech Insight

Participants should use this workbook throughout their training and continue to review it for at least three months after. Practical skills take an extended amount of time to solidify, and using the workbook for several months will ensure that participants stay on track with regular practice and check-ins.

Set your trainees up for success by reviewing these training best practices

Info-Tech Insight

Participants should use this workbook throughout their training and continue to review it for at least three months after. Practical skills take an extended amount of time to solidify, and using the workbook for several months will ensure that participants stay on track with regular practice and check-ins.

1.2 Customize the facilitation guides

1-3 hours

Prior to facilitating your first session, ensure you complete the following steps:

1. Read through all the module content, including the speaker’s notes, to familiarize yourself with the material and ensure the tactics presented align with your department’s culture and established best practices.
2. Customize the slides with a pencil icon with information relevant to your organization.
3. Ensure you are comfortable with all material to be presented and are prepared to answer questions. If you require clarification on any of the material, book a call with your Info-Tech analyst for guidance.
4. Ensure you do not delete or heavily customize the self-assessment activities and the activities in the Review and Action Plan section of the module. These activities are structured around a skill building framework and designed to aid your trainees in applying their new knowledge in their day to day. If you have any concerns about activities in these sections, book a call with your Info-Tech analyst for guidance.

1.3 Prepare to deliver training

1-3 hours

Complete these steps in preparation for delivering the training to your first-time managers:

1. Select a facilitator.
   • The right person to facilitate the meeting depends on the dynamics within your department. Having a senior IT leader can lend additional weight to the training best practices but may not be feasible in a large department. In these cases, an HR partner or external third party can be asked to facilitate.
2. Distribute the workbooks to attendees before the first training session.
   • Change the header on the workbook templates to your own organization’s, if desired.
   • Email the workbooks to attendees prior to the first session. There is no pre-work to be completed.

Phase 2

Deliver training

Outcomes of this phase:

• Training delivered
• Development goals set by attendees
• Action plan created by attendees

2.1 Deliver training

3 hours

When you are ready, deliver the training. Ensure you complete all activities and that participants record the outcomes in their workbooks.

Tips for activity facilitation:

• Encourage and support participation from everyone. And be sure no one on the team dismisses anyone’s thoughts or opinions – they present the opportunity for further discussion and deeper insight.
• Debrief after each activity, outlining any lessons learned, action items, and next steps.
• Encourage participants to record all outcomes, key insights, and action plans in their workbooks.

Phase 3

Enable long-term skill development

Outcomes of this phase:

• Attendees reminded of action plan and personal commitment
• Supervisors reminded of the need to support trainees' development

3.1 Email trainees with action steps

0.5 hours

After the training, send an email to attendees thanking them for participating and summarizing key next steps for the group. Use the template below, or write your own:

“Hi team,

I want to thank you personally for attending the Communicate Effectively training module. Our group led some great discussion.

A reminder that the next time you will reconvene as a group will be on [Date] to discuss your progress and challenges to date.

Additionally, your manager is aware and supportive of the training program, so be sure to follow through on the commitments you’ve made to secure the support you need from them to build your new skills.

I am always open for questions if you run into any challenges.

Regards,

[Your name]”

3.2 Secure support from trainees’ supervisors

0.5 hours

An important part of the training is securing organizational support, which includes support from your trainees’ supervisors. After the trainees have committed to some action items to seek support from their supervisors, it is important to express your support for this and remind the supervisors of their role in guiding your first-time managers. Use the template below, or write your own, to remind your trainees’ supervisors of this at the end of training (if you are going through all three modules in a short period of time, you may want to wait until the end of the entire training to send this email):

“Hi team,

We have just completed Info-Tech’s first-time manager training with our new manager team. The trainees will be seeking your support in developing their new skills. This could be in the form of coaching, feedback on their progress, reviewing their development plan, etc.

Supervisor support is a crucial component of skill building, so I hope I can count on all of you to support our new managers in their learning. If you are not sure how to handle these requests, or would like a refresher of the material our trainees covered, please let me know.

I am always open for questions if you run into any challenges.

Regards,

[Your name]”

Contributors

Brad Armstrong, Senior Engineering Manager, Code42 Software I am a pragmatic engineering leader with a deep technical background, now focused on building great teams. I'm energized by difficult, high-impact problems at scale and with the cloud technologies and emerging architectures that we can use to solve them. But it's the power of people and organizations that ultimately lead to our success, and the complex challenge of bringing all that together is the work I find most rewarding.

We thank the expert contributors who chose to keep their contributions anonymous.

Bibliography

360Solutions, LLC. “The High Cost of Poor Communication: How to Improve Productivity and Empower Employees Through Effective Communication.” 360Solutions, 2009. Web.

Ali, M., B. Raza, W. Ali, and N. Imtaiz. Linking Managerial Coaching with Employees’ Innovative Work Behaviors through Affective Supervisory Commitment: Evidence from Pakistan. International Review of Management and Marketing, vol. 10, no. 4, 2020, pp. 11-16.

Allen, Frederick E. “The Terrible Management Technique That Cost Microsoft Its Creativity.” Forbes.com, 3 July 2012. Web.

Allen, Renee. “Generational Differences Chart.” West Midland Family Center, n.d. Web.

American Management Association. “Leading the Four Generations at Work.” American Management Association, Sept. 2014. Web.

Aminov, Iskandar, Aaron De Smet, Gregor Jost, and David Mendelsohn. “Decision making in the age of urgency.” McKinsey & Company, 30 April 2019. Web.

AON Hewitt. “Aon Hewitt Study Reveals Strong Link Between Employee Engagement and Employee Perceptions of Total Rewards. Honest Leader Communication Also Influences Engagement.” PR Newswire, 8 April 2015. Web.

Armstrong, Brad. “How to Fail as a New Engineering Manager.” Noteworthy - The Journal Blog, 19 Feb. 2018. Web.

Asmus, Mary Jo. “Coaching vs. Feedback.” Aspire-CS, 9 Dec. 2009. Web.

Baldwin, Timothy T., et al. “The State of Transfer of Training Research: Moving Toward More Consumer-Centric Inquiry.” Human Resource Development Quarterly, vol. 28, no. 1, March 2017, pp. 17-28. Crossref, doi:10.1002/hrdq.21278.

Batista, Ed. “Building a Feedback-Rich Culture from the Middle.” Ed Batista, April 2015. Web.

Bilalic, Merim, Peter McLeod, and Fernand Gobet. Specialization Effect and Its Influence on Memory and Problem Solving in Expert Chess Players. Wiley Online Journal, 23 July 2009, doi: https://doi.org/10.1111/j.1551-6709.2009.01030.x

Blume, Brian D., et al. “Transfer of Training: A Meta-Analytic Review.” Journal of Management, vol. 36, no. 4, July 2010, pp. 1065-105. Crossref, doi:10.1177/0149206309352880.

BOH Training Guide. Wild Wing, Jan. 2017. Web.

Bosler, Shana. “9 Strategies to Create Psychological Safety at Work.” Quantum Workplace, 3 June 2021. Web.

Building Communication Skills. ACQUIRE Project/EngenderHealth, n.d. Web.

Bucaro, Frank C. “The real issue in conflict is never about things…” Frank Bucaro blog, 7 March 2014. Web.

Burke, Lisa A., and Holly M. Hutchins. “Training Transfer: An Integrative Literature Review.” Human Resource Development Review, vol. 6, no. 3, Sept. 2007, pp. 263-96. Crossref, doi:10.1177/1534484307303035.

Caprino, Kathy. “Separating Performance Management from Compensation: New Trend for Thriving Organizations.” Forbes, 13 Dec. 2016. Web.

Caprino, Kathy. “Why the Annual Review Process Damages Employee Engagement.” Forbes, 1 March 2016. Web.

Carpineanu, Silvana. “7 Mistakes You Might Be Making When Writing A Meeting Agenda.” Time Doctor, 12 January 2021. Web.

Cecchi-Dimeglio, Paola. “How Gender Bias Corrupts Performance Reviews, and What to Do About It.” Harvard Business Review, 12 April 2017. Web.

Chartered Institute of Personnel and Development (CIPD). “PESTLE Analysis.” Chartered Institute of Personnel and Development, 2010. Web.

Chiaburu, Dan S., et al. “Social Support in the Workplace and Training Transfer: A Longitudinal Analysis: Social Support and Training Transfer.” International Journal of Selection and Assessment, vol. 18, no. 2, June 2010, pp. 187-200. Crossref, doi:10.1111/j.1468-2389.2010.00500.x.

Christensen, Ulrik Juul. “How to Teach Employees Skills They Don’t Know They Lack.” Harvard Business Review, 29 Sept. 2017. Web.

CIPD. “Rapid evidence assessment of the research literature on the effect of goal setting on workplace performance.” Charted Institute of Personnel and Development, Dec. 2016. Web.

CIPD. Annual Survey Report: Learning & Development 2015. Charted Institute of Personnel and Development, 2015. Web.

Communication and Organizational Skills: NPHW Training Manual. Population Health Research Institute (PHRI), 17 Sept. 2015. Web.

Cookson, Phil. “It’s time to see performance management as a benefit, not a burden.” CIPD. 17 March 2017. Web.

Communication Statistics 2021. Project.co, 2021. Web.

Connors, Roger. “Why Accountability?” The Oz Principle, Partners In Leadership, 2014.

Coutifaris, Constantinos G. V., and Adam M. Grant “Taking Your Team Behind the Curtain: The Effects of Leader Feedback-Sharing and Feedback-Seeking on Team Psychological Safety.” Organization Science, vol. 33,
no. 4, 2021, pp. 1574-1598. https://doi.org/10.1287/orsc.2021.1498

Coy, Charles. “Peer Feedback: 6 Tips for Successful Crowdsourcing.” Rework, 25 June 2014. Web.

“CQ Learn What Really Matters.” CQ Evidence-Based Management Learning Platform, n.d. Web.

Darwant, Sarah. Coaching Training Course Book. Elite Training, 2012. Web.

De Smet, Aaron, et al. How Companies Manage the Front Line Today: McKinsey Survey Results. McKinsey, Feb. 2010. Web.

DeNault, Charles. “Employee Coaching Survey Results: Important and Engaging.” Saba, 22 April 2015. Web.

Dermol, Valerij, and Tomaž Čater. “The Influence of Training and Training Transfer Factors on Organisational Learning and Performance.” Personnel Review, vol. 42, no. 3, April 2013, pp. 324–48. Crossref, doi:10.1108/00483481311320435.

dgdotto. “Fail to Plan, Plan to Fail.” visual.ly, 30 April 2013. Web.

Duggan, Kris. “Why the Annual Performance Review is Going Extinct.” Fast Company, 20 Oct. 2015. Web.

Duhigg, Charles. “What Google Learned From Its Quest to Build the Perfect Team.” The New York Times, 25 Feb. 2016. Web.

Earley, P. Christopher, and Randall S. Peterson. “The Elusive Cultural Chameleon: Cultural Intelligence as a New Approach to Intercultural Training for the Global Manager.” Academy of Management Learning & Education, vol. 3, no. 1, March 2004, pp. 100-15. Crossref, doi:10.5465/amle.2004.12436826.

Edmondson, Amy. “Psychological Safety and Learning Behavior in Work Teams.” Administrative Science Quarterly, vol. 44, no. 2, June 1999, pp. 350-383. Web.

“Effective Employee Communications Fosters Corporate Reputation.” The Harris Poll, 10 June 2015. Web.

Eichenwald, Kurt. “How Microsoft Lost its Mojo: Steve Ballmer and Corporate American’s Most Spectacular Decline.” Vanity Fair, 24 July 2012. Web.

Essential Supervisory Skills. University of Washington, 2016. Web.

“Estimating the Costs of Workplace Conflict.” Acas, 11 May 2021. Web.

Falcone, Paul. “Viewpoint: How to Redesign Your Performance Appraisal Template.” Society for Human Resource Management, 7 June 2017. Web.

Fermin, Jeff. “Statistics On The Importance Of Employee Feedback.” Officevibe, 7 Oct. 2014. Web.

Filipkowski, Jenna, et al. Building a Coaching Culture with Millennial Leaders. Human Capital Institute, 18 Sept. 2017. Web.

First Time Manager Training to Help New Managers Develop Essential Skills. The Ken Blanchard Companies, n.d. Web.

Fisher, Dan. Feedback vs. Coaching, What’s the Difference? Menemsha Group, 28 June 2018. Web.

Freedman, Erica. “How to Build an Internal Leadership Development Program.” Chief Executive, 2016. Web.

"Futureproof Your Organization with These 8 Manager Effectiveness Metrics.” Visier Inc., 8 Aug. 2017. Web.

Gallo, Amy. “How to Manage Your Former Peers.” Harvard Business Review, Dec. 2012. Web.

Gandhi, Vipula. “Want to Improve Productivity? Hire Better Managers.” Gallup, 3 Aug. 2018. Web.

Gallup. State of the Global Workplace. 1st edition, Gallup Press, 2017. Web.

Global Workplace Analytics. “Latest Telecommuting Statistics.” Global Workplace Analytics. Sept. 2013. Web.

Goldsmith, Marshall. “Try Feedforward Instead of Feedback.” Leader to Leader Institute, 5 April 2011. Web.

Goldsmith, Marshall. "11 Guidelines for Influencing Top Decision Makers." Marshall Goldsmith, n.d. Web.

Goldsmith, Marshall. "I Know Less Than You Do – and It’s Okay!" Marshall Goldsmith, n.d. Web.

Goldsmith, Marshall. "Is It Worth It to Add Value? Not Always." Marshall Goldsmith, n.d. Web.

Goler, L., J. Gale, and A. Grant. “Let’s Not Kill Performance Evaluations Yet.” Harvard Business Review, Nov. 2016. Web.

Good Manager, Bad Manager. Grovo, 2016. Web.

Google People Operations. “Guide: Understand Team Effectiveness.” Google, n.d. Web.

Google’s New Manager Student Workbook. re:Work with Google, n.d. Web.

Google’s New Manager Training Facilitator Guide. re:Work with Google, n.d. Web.

Gossen, Paul. A Coaching Culture Transformation ~ Case Study. Athena Training and Consulting, 1 April 2011. Web.

Goudreau, Jenna. “How to Communicate in the New Multi-Generational Office.” Forbes Magazine, Feb. 2013. Web.

Govaerts, Natalie, and Filip Dochy. “Disentangling the Role of the Supervisor in Transfer of Training.” Educational Research Review, vol. 12, June 2014, pp. 77-93. Crossref, doi:10.1016/j.edurev.2014.05.002.

Grenchus, Gabrielle. “Keep employees engaged with clear priorities and crowdsourced recognition.” IBM thinkLeaders. 8 June 2015. Web.

Grossman, Rebecca, and Eduardo Salas. “The Transfer of Training: What Really Matters: The Transfer of Training.” International Journal of Training and Development, vol. 15, no. 2, June 2011, pp. 103-20. Crossref, doi:10.1111/j.1468-2419.2011.00373.x.

Grote, Dick. “3 Popular Goal-Setting Techniques Managers Should Avoid.” Harvard Business Review. 2 Jan. 2017. Web.

Hall, John. “Why Accountability Is Vital To Your Company.” Forbes, 6 Oct. 2019. Web.

Hancock, Bryan, et al. “The Fairness Factor in Performance Management.” McKinsey, 5 April 2018. Web.

Harkins, Phil. “10 Leadership Techniques for Building High-Performing Teams.” Linkage Inc., 2014. Web.

HCI. Building a Coaching Culture with Managers and Leaders. Human Capital Institute, 2016. Web.

Heathfield, Susan M. “Tips to Create Successful Performance Appraisal Goals.” The Balance, Aug. 2016. Web.

Hills, Jan. Brain-Savvy Business: 8 Principles From Neuroscience and How to Apply Them. Head Heart + Brain, 2016. Print.

Hoffman, Mitchell, and Steven Tadelis. People Management Skills, Employee Attrition, and Manager Rewards: An Empirical Analysis. p. 96.

“How to Create an Effective Feedback Culture.” eXplorance Inc. Feb. 2013. Web.

“Importance of Performance Management Process & Best Practices To Optimize Monitoring Performance Work Reviews/Feedback and Goal Management.” SAP Success Factors, n.d. Web.

Jacobson, Darcy. “How Bad Performance Management Killed Microsoft’s Edge.” Globoforce Blog, 5 July 2012. Web.

Jaidev, Uma Pricilda, and Susan Chirayath. Pre-Training, During-Training and Post-Training Activities as Predictors of Transfer of Training. no. 4, 2012, p. 18.

Jensen, Michael C. “Paying People to Lie: The Truth about the Budgeting Process.” European Financial Management, vol. 9, no. 3, 2003, pp. 379-406. Print.

Kahneman, Daniel, and Ram Charan. HBR's 10 Must Reads on Making Smart Decisions. Harvard Business Review, 26 March 2013. Ebook.

Kirkpatrick, J., and W. Kirkpatrick. “The Kirkpatrick Four Levels: A Fresh Look After 50 Years 1959-2009.” Kirkpatrickpartners.com, 2009. Web.

Kirwan, Cyril. Improving Learning Transfer. Routledge, 2016.

Kline, Theresa J.B., and Lorne M. Sulsky. “Measurement and Assessment Issues in Performance Appraisal.” Canadian Psychology, vol. 50, no. 3, 2009, pp. 161-171. Proquest. Web.

Kowalski, Kyle. “Create a Daily Routine with Calendar Time Blocking (+ 7 Pro Tips).” Sloww, 29 May 2018. Web.

Krentz, Susanna E., et al. ”Staying on Course with Strategic Metrics.” Healthcare Financial Management, vol. 60, no. 5, 2006, pp. 86-94. Proquest. Web.

Kuligowski, Kiely. Tips for First-Time Managers. 15 Feb. 2019. Web.

Laker, Dennis R., and Jimmy L. Powell. “The Differences between Hard and Soft Skills and Their Relative Impact on Training Transfer.” Human Resource Development Quarterly, vol. 22, no. 1, March 2011, pp. 111-22. Crossref, doi:10.1002/hrdq.20063.

Lawrence, Paul. “Managerial coaching – A literature review.” International Journal of Evidence Based Coaching and Mentoring, vol. 15, no. 2, 2017, pp. 43-66. Web.

Ledford, Gerald E. Jr., George Benson, and Edward E. Lawler III. “Cutting-Edge Performance Management.” WorldatWork Research, Aug. 2016. Web.

Lee, W.R.; Choi, S.B.; Kang, S.-W. How Leaders’ Positive Feedback Influences Employees’ Innovative Behavior: The Mediating Role of Voice Behavior and Job Autonomy. Sustainability, vol. 13, no. 4, 2021, pp. 1901. https://doi.org/10.3390/su13041901

Leopold, Till Alexander, Vesselina Ratcheva, and Saadia Zahidi. The Future of Jobs. World Economic Forum, 2016. Web.

Levy, Dan. “How to Build a Culture That Embraces Feedback.” Inc. Magazine, March 2014. Web.

Lighthouse Research & Advisory. “Insights from the CHRO Panel at Workhuman 2017.” Lighthouse Research & Advisory, June 2017. Web.

Lipman, Victor. “For New Managers, Boundaries Matter (A Lot).” Forbes, 19 March 2018. Web.

Lipman, Victor. “The Hardest Thing For New Managers.” Forbes, 1 June 2016. Web.

Lipman, Victor. “The Move To New Manager May Be The Hardest Transition In Business.” Forbes, 2 Jan. 2018. Web.

Lyons, Rich. “Feedback: You Need To Lead It.” Forbes, 10 July 2017. Web.

“Managing Email Effectively.” MindTools, n.d. Web.

Managing Performance Workbook. Trainer Bubble, 16 Feb. 2013. Web.

Mayfield, Clifton, et al. “Psychological Collectivism and Team Effectiveness: Moderating Effects of Trust and Psychological Safety.” Journal of Organizational Culture, Communications and Conflict, vol. 20, no. 1, Jan. 2016, pp. 78-94. Web.

McAlpin, Kevin and Hans Vaagenes. “Critical Decision Making.” Performance Coaching International. 17 Nov. 2017. Web.

McCoy, Jim. “How to Align Employee Performance with Business Strategy.” Workforce Management, vol. 86, no. 12, 2007, pp. S5. Proquest. Web.

“Measuring Time-To-Full Productivity.” FeverBee, n.d. Web.

Meister, Jeanne. The 2020 Workplace: How Innovative Companies Attract, Develop, and Keep Tomorrow's Employees Today. HarperBusiness, 2010. Print.

Meyer, Erin. “The Four Keys To Success With Virtual Teams.” Forbes Magazine, 19 Aug. 2010. Web.

Morris, Donna. “Death to the Performance Review: How Adobe Reinvented Performance Management and Transformed Its Business.” WorldatWork, 2016, p. 10. Web.

Myers-Briggs Company. “New Research: Time Spent on Workplace Conflict Has Doubled Since 2008.” Yahoo! Finance, 18 Oct. 2022. Web.

Murdoch, Elisabeth. “Elisabeth Murdoch's MacTaggart lecture: full text.” The Guardian, 23 Aug. 2012. Web.

NASA Governance and Strategic Management Handbook (NPD 1000.0B). NASA, June 2014. Web.

NASA Space Flight Program and Project Management Handbook (NASA/SP-2014-3705). NASA, Sept. 2014. Web.

New Manager Training: Management & Leadership Skills. Schulich School of Business, n.d. Web.

O’Hanlon, Margaret. “It’s a Scandal! Manager Training Exposed! [Implementation Part 4].” Compensation Cafe, 16 Feb. 2012. Web.

Ordonez, Lisa D., et al. “Goals Gone Wild: The Systematic Side Effects of Over-Prescribing Goal Setting.” Social Science Research Network. Harvard Business School, 11 Feb. 2009. Web.

Paczka, Nina. “Meeting in the Workplace | 2023 Statistics.” LiveCareer, 25 July 2022. Web.

Pavlou, Christina. “How to Calculate Employee Turnover Rate | Workable.” Recruiting Resources: How to Recruit and Hire Better, 13 July 2016. Web.

Performance Management 101 Workbook. Halogen Software, 2015. Web.

Personal Development and Review. Oxford Learning Institute, n.d. Web.

Personal Development Plan. MindTools, 2014. Web.

Porath, Christine, et al. “The Effects of Civility on Advice, Leadership, and Performance.” Journal of Applied Psychology, vol. 44, no. 5, Sept. 2015, pp. 1527-1541. Web.

Project Management Institute. “PMI’s Pulse of The Profession: In-Depth Report.” PMI, May 2013. Web. June 2015.

Quay, C. C., and A. Yusof. “The influence of employee participation, rewards and recognition, job security, and performance feedback on employee engagement.” Issues and Perspectives in Business and Social Sciences, vol. 2, no. 1, 2022, pp. 20. https://doi.org/10.33093/ipbss.2022.2.1.3

Quinn, R. E., and J. Rohrbaugh. “A spatial model of effectiveness criteria: Towards a competing values approach to organizational analysis.” Management Science, vol. 29, 1983, pp. 363–377.

Re:Work Guide: Develop and Support Managers. re:Work with Google, n.d. Web.

Reardon, Kathleen Kelley. “7 Things to Say When a Conversation Turns Negative.” Harvard Business Review, 11 May 2016. Web.

Reh, F. John. “Here Is a List of Mistakes New Managers Make and How to Avoid Them.” The Balance Careers, 30 Dec. 2018. Web.

Richards, Leigh. “Why Is Employee Empowerment a Common Cornerstone of Organizational Development & Change Programs?” Houston Chronicle, Hearts Newspapers, LLC. 5 July 2013. Web.

Robson, Fiona. Southwood School – A Case Study: Performance Management Systems. Society for Human Resource Management, 2009. Crossref, doi:10.4135/9781473959552.

Rock, David, and Beth Jones. “Why More and More Companies are Ditching Performance Ratings.” Harvard Business Review, 8 Sept. 2015. Web.

Rock, David. “SCARF: A Brain-Based Model for Collaborating With and Influencing Others.” NeuroLeadership Journal, 2008. Web..

Romão, Soraia, Neuza Ribeiro, Daniel Roque Gomes, and Sharda Singh. “The Impact of Leaders’ Coaching Skills on Employees’ Happiness and Turnover Intention.” Administrative Sciences, vol. 12, no. 84, 2022. https://doi.org/10.3390/ admsci12030084

Romero, Joseluis. “Yes - you can build a feedback culture.” Skills 2 Lead, Aug. 2014. Web.

Runde, Craig E., and Tim A. Flanagan. “Conflict Competent Leadership.” Leader to Leader, Executive Forum, Winter 2008. PDF.

Saks, Alan M., and Lisa A. Burke-Smalley. “Is Transfer of Training Related to Firm Performance?: Transfer and Firm Performance.” International Journal of Training and Development, vol. 18, no. 2, June 2014, pp. 104–15. Crossref, doi:10.1111/ijtd.12029.

Saks, Alan M., et al. “The Transfer of Training: The Transfer of Training.” International Journal of Training and Development, vol. 18, no. 2, June 2014, pp. 81–83. Crossref, doi:10.1111/ijtd.12032.

Salomonsen, Summer. Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018. Grovo, 2018. Web.

Schwartz, Dan. “3 Topics Every New Manager Training Should Include.” Training Industry, 12 April 2017. Web.

Scott, Dow, Tom McMullen, and Mark Royal. “Retention of Key Talent and the Role of Rewards.” WorldatWork, June 2012. Web.

“Seeking Agility in Performance Management.” Human Resource Executive, 2016. Web.

“Should You Always Involve Your Team in Decision Making?” Upskillist, 25 April 2022. Web.

“SHRM Workplace Forecast.” The Top Workplace Trends According to HR Professionals, May 2013. Web.

Singhal, Nikhyl. “Eight Tips for First Time Managers.” Medium, 20 Aug. 2017. Web.

Singhania, Prakriti, et al. “2020 Global Marketing Trends.” Deloitte, 2019. Web.

SMART Goals: A How to Guide. University of California, n.d. Web.

Smith, Benson, and Tony Rutigliano. “Scrap Your Performance Appraisal System.” Gallup, 2002. Article.

“State of the Modern Meeting 2015.” BlueJeans, Aug. 2015. Web.

Sternberg, Larry, and Kim Turnage. “Why Make Managers A Strategic Priority?” Great Leadership, 12 Oct. 2017. Web.

Sullivan, Dr. John. “Facebook’s Difference: A Unique Approach For Managing Employees.”TLNT, Sept. 2013. Web.

Tal, David. “A 'Culture of Coaching' Is Your Company's Most Important Ingredient for Success.” Entrepreneur, 27 Sept. 2017. Web.

Tenut, Jeff. “How Management Development Training Reduces Turnover.” DiscoverLink, 3 July 2018. Web.

“The 5 Biggest Biases That Affect Decision-Making.” NeuroLeadership Institute, 2 August 2022. Web.

“The Different Impact of Good and Bad Leadership.” Barna Group, 2015. Web.

“The Engaged Workplace.” Gallup, 2017. Web.

“The Individual Development Plan Guide.” Wildland Fire Leadership Development Program, April 2010, p. 15.

The State of Business Communication. Grammarly, 2022. Web.

Thomas, Kenneth. “Conflict and Conflict Management.” The Handbook of Industrial and Organizational Psychology, Rand McNally, 1976. In “The Five Conflict-Handling Modes.” The Myers Briggs Company, n.d. PDF.

Thompson, Rachel. “What Is Stakeholder Management?” MindTools, n.d. Web.

Tollet, Francoise. “Distracted? Learn how to (re)focus.” Business Digest, 12 July 2021. Podcast.

Tonhauser, Cornelia, and Laura Buker. Determinants of Transfer of Training: A Comprehensive Literature Review, p. 40.

Towers Watson. “Clear Direction in a Complex World: How Top Companies Create Clarity, Confidence and Community to Build Sustainable Performance.” Change and Communication ROI Study Report, 2011-2012. Web.

Trudel, Natalie. “Improve Your Coaching Skills by Understanding the Psychology of Feedback.” TLNT, 12 July 2017. Web.

“Understanding When to Give Feedback.” Harvard Business Review, Dec. 2014. Web.

Vacassin, Daniel. “There are no 'good' performance management systems – there are just good line managers.” LinkedIn, 4 Oct. 2016. Web.

van der Locht, Martijn, et al. “Getting the Most of Management Training: The Role of Identical Elements for Training Transfer.” Personnel Review, vol. 42, no. 4, May 2013, pp. 422–39. Crossref, doi:10.1108/PR-05-2011-0072.

Vaughan, Liam. “Banks Find New Ways to Measure Staff.” Financial News, 10 Jan. 2011. Web.

Watkins, Michael, et al. “Hit the Ground Running:Transitioning to New Leadership Roles.” IMD Business School, May 2014. Web.

Whitney, Kelley. “Kimberly-Clark Corp.: Redesigning Performance Management.” Talent Management Magazine, vol. 2, no. 1, 2006. Web.

“Whole Foods 2015 Report.” The Predictive Index, n.d. Web.

“Whole Foods Market Reports Fourth Quarter and Fiscal Year 2016 Results.” Whole Foods, 2 Feb. 2016. Web.

Wisniewski, Dan. “Here's why everybody hates meetings.” HR Morning, 14 Dec. 2012. Web.

Woolum, Janet, and Brent Stockwell. Aligning Performance Measurement to Mission, Goals, and Strategy Workbook. Arizona State University, Jan. 2016. Web.

Worall, Les, et al. The Quality of Working Life. Chartered Management Institute, 2016. Web.

“Workplace Conflict Statistics: How We Approach Conflict at Work.” Niagara Institute, 11 Aug. 2022. Web.

“You Waste a Lot of Time at Work Infographic.” Atlassian, 23 August 2012. Web.

Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015. Web.

Zuberbühler, P., et al. “Development and validation of the coaching-based leadership scale and its relationship with psychological capital, work engagement, and performance.” Current Psychology, vol. 42, no. 10, 2021, pp. 1-22.

Develop a Business Continuity Plan

Streamline the traditional approach to make BCP development manageable and repeatable.

Analyst Perspective

A BCP touches every aspect of your organization, making it potentially the most complex project you’ll take on. Streamline this effort or you won’t get far.

None of us needs to look very far to find a reason to have an effective business continuity plan.

From pandemics to natural disasters to supply chain disruptions to IT outages, there’s no shortage of events that can disrupt your complex and interconnected business processes. How in the world can anyone build a plan to address all these threats?

Don’t try to boil the ocean. Use these tactics to streamline your BCP project and stay on track:

• Focus on one business unit at a time. Keep the effort manageable, establish a repeatable process, and produce deliverables that provide a starting point for the rest of the organization.
• Don’t start with an extensive risk analysis. It takes too long and at the end you’ll still need a plan to resume business operations following a disruption. Rather than trying to predict what could cause a disruption, focus on how to recover.
• Keep your BCP documentation concise. Use flowcharts, checklists, and diagrams instead of traditional manuals.

No one can predict every possible disruption, but by following the guidance in this blueprint, you can build a flexible continuity plan that allows you to withstand the threats your organization may face.

Frank Trovato

Research Director,
IT Infrastructure & Operations Practice
Info-Tech Research Group

Andrew Sharp

Senior Research Analyst,
IT Infrastructure & Operations Practice
Info-Tech Research Group

Executive Summary

Your Challenge

• Recent crises have increased executive awareness and internal pressure to create a BCP.
• Industry- and government-driven regulations require evidence of sound business continuity practices.
• Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.

IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

Common Obstacles

• IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
• BCP requires input from multiple departments with different and sometimes conflicting objectives.
• Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.

Info-Tech’s Approach

• Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP from becoming an overwhelming project.
• Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
• Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

Info-Tech Insight

As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but you must enable business leaders to own their department’s BCP practices and outputs. They know their processes and, therefore, their requirements to resume business operations better than anyone else.

Use this research to create business unit BCPs and structure your overall BCP

A business continuity plan (BCP) consists of separate but related sub-plans, as illustrated below. This blueprint enables you to:

• Develop a BCP for a selected business unit (as a pilot project), and thereby establish a methodology that can be repeated for remaining business units.
• Through the BCP process, clarify requirements for an IT disaster recovery plan (DRP). Refer to Info-Tech’s Disaster Recovery Planning workshop for instructions on how to create an IT DRP.
• Implement ongoing business continuity management to govern BCP, DRP, and crisis management.

Overall Business Continuity Plan

IT Disaster Recovery Plan

A plan to restore IT application and infrastructure services following a disruption.

Info-Tech’s disaster recovery planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

BCP for Each Business Unit

A set of plans to resume business processes for each business unit. This includes:

• Identifying business processes and dependencies.
• Defining an acceptable recovery timeline based on a business impact analysis.
• Creating a step-by-step recovery workflow.

Crisis Management Plan

A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

IT leaders asked to develop a BCP should start with an IT Disaster Recovery Plan

It’s a business continuity plan. Why should you start continuity planning with IT?

1. IT services are a critical dependency for most business processes. Creating an IT DRP helps you mitigate a key risk to continuity quicker than it takes to complete your overall BCP, and you can then focus on other dependencies such as people, facilities, and suppliers.
2. A BCP requires workarounds for IT failures. But it’s difficult to plan workarounds without a clear understanding of the potential IT downtime and data loss. Your DRP will answer those questions, and without a DRP, BCP discussions can get bogged down in IT discussions. Think of payroll as an example: if downtime might be 24 hours, the business might simply wait for recovery; if downtime might be a week, waiting it out is not an option.
3. As an IT manager, you can develop an IT DRP primarily with resources within your control. That makes it an easier starting point and puts IT in a better position to shift responsibility for BCP to business leaders (where it should reside) since essentially the IT portion is done.

Create a Right-Sized Disaster Recovery Plan today.

Modernize the BCP

If your BCP relies heavily on paper-based processes as workarounds, it’s time to update your plan.

Back when transactions were recorded on paper and then keyed into the mainframe system later, it was easier to revert to deskside processes. There is very little in the way of paper-based processes anymore, and as a result, it is increasingly difficult to resume business processes without IT.

Think about your own organization. What IT system(s) are absolutely critical to business operations? While you might be able to continue doing business without IT, this requires regular preparation and training. It’s likely a completely offline process and won’t be a viable workaround for long even if staff know how to do the work. If your data center and core systems are down, technology-enabled workarounds (such as collaboration via mobile technologies or cloud-based solutions) could help you weather the outage, and may be more flexible and adaptable for day-to-day work.

The bottom line:

Technology is a critical dependency for business processes. Consider the role IT systems play as process dependencies and as workarounds as part of continuity planning.

Info-Tech’s approach

The traditional approach to BCP takes too long and produces a plan that is difficult to use and maintain.

The Problem: You need to create a BCP, but don’t know where to start.

• BCP is being demanded more and more to comply with regulations, mitigate business risk, meet customer demands, and obtain insurance.
• IT leaders are often asked to lead BCP.

The Complication: A traditional BCP process takes longer to show value.

• Traditional consultants don’t usually have an incentive to accelerate the process.
• At the same time, self-directed projects with no defined process go months without producing useful deliverables.
• The result is a dense manual that checks boxes but isn’t maintainable or usable in a crisis.

The Info-Tech difference:

Use Info-Tech’s methodology to right-size and streamline the process.

• Reduce required effort. Keep the work manageable and maintain momentum by focusing on one business unit at a time; allow that unit to own their BCP.
• Prioritize your effort. Evaluate the current state of your BCP to identify the steps that are most in need of attention.
• Get valuable results faster. Functional deliverables and insights from the first business unit’s BCP can be leveraged by the entire organization (e.g. communication, assessment, and BC site strategies).

Expedite BCP development

Info-Tech’s Approach to BCP:

• Start with one critical business unit to manage scope, establish a repeatable process, and generate deliverables that become a template for remaining business units.
• Resolve critical gaps as you identify them, generating early value and risk mitigation.
• Create concise, practical documentation to support recovery.

Embed training and awareness throughout the planning process.

BCP for Business Unit A:

Scope → Pilot BIA → Response Plan → Gap Analysis

→ Lessons Learned:

• Leverage early results to establish a BCM framework.
• Take action to resolve critical gaps as they are identified.
• BCP for Business Units B through N.
• Scope→BIA→Response Plan→Gap Analysis

= Ongoing governance, testing, maintenance, improvement, awareness, and training.

By comparison, a traditional BCP approach takes much longer to mitigate risk:

• An extensive, upfront commitment of time and resources before defining incident response plans and mitigating risk.
• A “big bang” approach that makes it difficult to predict the required resourcing and timelines for the project.

Organizational Risk Assessment and Business Impact Analysis → Solution Design to Achieve Recovery Objectives → Create and Validate Response Plans

Case Study

Continuity Planning Supports COVID-19 Response

Industry: Non-Profit
Source: Info-Tech Advisory Services

A charitable foundation for a major state university engaged Info-Tech to support the creation of their business continuity plan.

With support from Info-Tech analysts and the tools in this blueprint, they worked with their business unit stakeholders to identify recovery objectives, confirm recovery capabilities and business process workarounds, and address gaps in their continuity plans.

Results

The outcome wasn’t a pandemic plan – it was a continuity plan that was applicable to pandemics. And it worked. Business processes were prioritized, gaps in work-from-home and business process workarounds had been identified and addressed, business leaders owned their plan and understood their role in it, and IT had clear requirements that they were able and ready to support.

“The work you did here with us was beyond valuable! I wish I could actually explain how ready we really were for this…while not necessarily for a pandemic, we were ready to spring into action, set things up, the priorities were established, and most importantly some of the changes we’ve made over the past few years helped beyond words! The fact that the groups had talked about this previously almost made what we had to do easy.“ -- VP IT Infrastructure

Download the BCP Case Study

Project Overview: BCP

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

BCP Business Impact Analysis Tool: Conduct and document a business impact analysis using this document.

BCP Recovery Workflows Example: Model your own recovery workflows on this example.

BCP Project Roadmap: Use this tool to prioritize projects that can improve BCP capabilities and mitigate gaps and risks.

BCP Relocation Checklists: Plan for and manage a site relocation – whether to an alternate site or work from home.

Key deliverable:

BCP Summary Document

Summarize your organization's continuity capabilities and objectives in a 15-page, easy-to-consume template.

This document consolidates data from the supporting documentation and tools to the right.

Download Info-Tech’s BCP Summary Document

Insight summary

Focus less on risk, and more on recovery

Avoid focusing on risk and probability analysis to drive your continuity strategy. You never know what might disrupt your business, so develop a flexible plan to enable business resumption regardless of the event.

Small teams = good pilots

Choose a small team for your BCP pilot. Small teams are better at trialing new techniques and finding new ways to think about problems.

Calculate downtime impact

Develop and apply a scoring scale to develop a more-objective assessment of downtime impact for the organization. This will help you prioritize recovery.

It’s not no, but rather not now…

You can’t address all the organization’s continuity challenges at once. Prioritize high value, low effort initiatives and create a long-term roadmap for the rest.

Show Value Now

Get to value quickly. Start with one business unit with continuity challenges, and a small, focused project team who can rapidly learn the methodology, identify continuity gaps, and define solutions that can also be leveraged by other departments right away.

Lightweight Testing Exercises

Outline recovery capabilities using lightweight, low risk tabletop planning exercises. Our research shows tabletop exercises increase confidence in recovery capabilities almost as much as live exercises, which carry much higher costs and risks.

Blueprint benefits

Demonstrate compliance with demands from regulators and customers

• Develop a plan that satisfies auditors, customers, and insurance providers who demand proof of a continuity plan.
• Demonstrate commitment to resilience by identifying gaps in current capabilities and projects to overcome those gaps.
• Empower business users to develop their plans and perform regular maintenance to ensure plans don’t go stale.
• Establish a culture of business readiness and resilience.

Leverage your BCP to drive value (Business Benefits)

• Enable flexible, mobile, and adaptable business operations that can overcome disruptions large and small. This includes making it easier to work remotely in response to pandemics or facility disruptions.
• Clarify the risk of the status quo to business leaders so they can make informed decisions on where to invest in business continuity.
• Demonstrate to customers your ability to overcome disruptions and continue to deliver your services.

Info-Tech Advisory Services lead to Measurable Value

Info-Tech members told us they save an average of $44,522 and 23 days by working with an Info-Tech analyst on BCP (source: client response data from Info-Tech's Measured Value Survey).

Why do members report value from analyst engagement?

1. Expert advice on your specific situation to overcome obstacles and speed bumps.
2. Structure the project and stay on track.
3. Review project deliverables and ensure the process is applied properly.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostic and consistent frameworks are used throughout all four options.

Guided Implementation

Your Trusted Advisor is a call away.

A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between eight to twelve calls over the course of four to six months.

Scoping

Call 1: Scope requirements, objectives, and stakeholders. Identify a pilot BCP project.

Business Processes and Dependencies

Calls 2 - 4: Assess current BCP maturity. Create business process workflows, dependencies, alternates, and workarounds.

Conduct a BIA

Calls 5 – 7: Create an impact scoring scale and conduct a BIA. Identify acceptable RTO and RPO.

Recovery Workflow

Calls 8 – 9: Create a recovery workflow based on tabletop planning.

Documentation & BCP Framework

Call 10: Summarize the pilot results and plan next steps. Define roles and responsibilities. Make the case for a wider BCP program.

Workshop Overview

Contact your account representative for more information.

workshops@infotech.com | 1-888-670-8889

Phase 1

Identify BCP Maturity and Document Process Dependencies

Phase 1

1.1 Assess Current BCP Maturity

1.2 Establish the pilot BCP team

1.3 Identify business processes, dependencies, and alternatives

Insights & Outcomes

Define the scope for the BCP project: assess the current state of the plan, create a pilot project team and pilot project charter, and map the business processes that will be the focus of the pilot.

Participants

• BCP Coordinator
• BCP Executive Sponsor
• Pilot Business Unit Manager & Process SMEs

Step 1.1

Assess current BCP Maturity

This step will walk you through the following activities:

• Complete Info-Tech’s BCP Maturity Scorecard

This step involves the following participants:

• Executive Sponsor
• BCP Coordinator

You'll use the following tools & templates:

• BCP Maturity Scorecard

Outcomes & Insights

Establish current BCP maturity using Info-Tech’s ISO 22301-aligned BCP Maturity Scorecard.

Evaluate the current state of your continuity plan

Use Info-Tech’s Maturity Scorecard to structure and accelerate a BCP maturity assessment.

Conduct a maturity assessment to:

• Create a baseline metric so you can measure progress over time. This metric can also drive buy-in from senior management to invest time and effort into your BCP.
• Understand the scope of work to create a complete business continuity plan.
• Measure your progress and remaining gaps by updating your assessment once you’ve completed the activities in this blueprint.

This blueprint primarily addresses the first four sections in the scorecard, which align with the creation of the core components of your business continuity plan.

Info-Tech’s BCP Maturity Scorecard

Info-Tech’s maturity scorecard is aligned with ISO 22301, the international standard that describes the key elements of a functioning business continuity management system or program – the overarching set of documents, practices, and controls that support the ongoing creation and maintenance of your BCP. A fully functional BCMS goes beyond business continuity planning to include crisis management, BCP testing, and documentation management.

Audit tools tend to treat every bullet point in ISO 22301 as a separate requirement – which means there’s almost 400 lines to assess. Info-Tech’s BCP Maturity Scorecard has synthesized key requirements, minimizing repetition to create a high-level self-assessment aligned with the standard.

A high score is a good indicator of likely success with an audit.

Download Info-Tech's BCP Maturity Scorecard

Tool: BCP Maturity Scorecard

Assess your organization’s BCP capabilities.

Use Info-Tech’s BCP Maturity Scorecard to:

• Assess the overall completeness of your existing BCP.
• Track and demonstrate progress towards completion as you work through successive planning iterations with additional business units.

1. Download a copy of the BCP Maturity Scorecard. On tab 1, indicate the percent completeness for each item using a 0-10 scale (0 = 0% complete, 10 = 100% complete).
2. If you anticipate improvements in a certain area, make note of it in the “Comments” column.
3. Review a visual representation of your overall scores on tab 2.

Download Info-Tech's BCP Maturity Scorecard

"The fact that this aligns with ISO is huge." - Dr. Bernard Jones MBCI, CBCP

Step 1.2

Establish the pilot BCP team

This step will walk you through the following activities:

• Assign accountability, responsibility, and roles.
• Develop a project charter.
• Identify dependencies and alternates for those dependencies.

This step involves the following participants:

• Executive Sponsor
• BCP Coordinator

In this step, you’ll use these tools and templates:

• BCP Pilot Project Charter Template

Outcomes & Insights

Assign roles and responsibilities for the BCP pilot project. Set milestones and timelines for the pilot.

Take a pilot approach for BCP

Limit the scope of an initial BCP project to get to value faster.

Pilot Project Goals

• Establish a repeatable methodology that fits your organization and will accelerate BCP development, with tangible deliverables that provide a template for the rest of the business.
• Identify high-priority business continuity gaps for the pilot business unit, many of which will also apply to the overall organization.
• Identify initiatives to start addressing gaps now.
• Enable business users to learn the BCP methodology and toolset so they can own and maintain their business unit BCPs.

Accomplishments expected:

• Define key business processes and process dependencies, and alternatives if dependencies are not available.
• Classify key business processes by criticality for one business unit, using an objective impact scoring scale.
• Set recovery objectives for these key processes.
• Document workarounds and recovery plans.
• Identify gaps in recovery plans and list action items to mitigate risks.
• Develop a project plan to structure a larger continuity project.

What not to expect from a pilot project:

• A complete organizational BCP (the pilot is a strong starting point).
• Implemented solutions to all BCP gaps (proposed solutions will need to be evaluated first).

Structure IT’s role in continuity planning

Clearly define IT’s role in the pilot BCP project to deliver a successful result that enables business units to own BCP in the future.

Though IT is a critical dependency for most processes, IT shouldn’t own the business continuity plan. IT should be an internal BCP process consultant, and each business unit must own their plan.

IT should be an internal BCP consultant.

• IT departments interact with all business units, which gives IT leaders at least a high-level understanding of business operations across the organization.
• IT leaders typically also have at least some knowledge of disaster recovery, which provides a foundation for tackling BCP.
• By contrast, business leaders often have little or no experience with disaster recovery, and don’t have the same level of experience as IT when it comes to working with other business units.

Why shouldn’t IT own the plan?

• Business unit managers have the authority to direct resources in their department to participate in the BCP process.
• Business users are the experts in their processes, and are in the best position to identify dependencies, downtime impacts, recovery objectives, and viable solutions (e.g., acceptable alternate sites or process workarounds).
• Ultimately, business unit managers and executives must decide whether to mitigate, accept, or transfer risks.

Info-Tech Insight

A goal of the pilot is to seed success for further planning exercises. This is as much about demonstrating the value of continuity planning to the business unit, and enabling them to own it, as it is about implementing the methodology successfully.

Create a RACI matrix for the pilot

Assemble a small, focused team for the pilot project empowered to discover, report, and present possible solutions to continuity planning challenges in your organization.

Outline roles and responsibilities on the pilot team using a “RACI” exercise. Remember, only one party can be ultimately accountable for the work being completed.

Example Pilot BCP Project RACI

R: Responsible for doing the work.

A: Accountable to ensure the activity/work happens.

C: Consulted prior to decision or action.

I: Informed of the decision/action once it’s made.

"Large teams excel at solving problems, but it is small teams that are more likely to come up with new problems for their more sizable counterparts to solve." – Wang & Evans, 2019

Info-Tech Insight

Small teams tend to be better at trialing new techniques and finding new ways to think about problems, both of which are needed for a BCP pilot project.

Choose one business unit for the pilot

Many organizations begin their BCP project with a target business unit in mind. It’s still worth establishing whether this business unit meets the criteria below.

Good candidates for a pilot project:

• Business processes are standardized and documented.
• Management and staff are motivated to improve business continuity.
• The business unit is sufficiently well resourced to spare time (e.g. a few hours a week) to dedicate to the BCP process.

• If the business unit doesn’t meet these criteria, consider addressing shortfalls before the pilot (e.g. via stakeholder management or business process analysis) or selecting another unit.
• Many of the decisions will ultimately require input and support from the business unit’s manager(s). It is critical that they are bought into and engaged with the project.
• The leader of the first business unit will be a champion for BCP within the executive team.
• Sometimes, there’s no clear place to start. If this is the case for you, consider using Info-Tech’s Business Unit BCP Prioritization Tool to determine the order in which business units should undergo BCP development.

Create role descriptions for the pilot project

Use these role descriptions and your RACI chart to define roles for the pilot.

These short descriptions establish the functions, expectations, and responsibilities of each role at a more granular level.

The Board and executives have an outsized influence on the speed at which the project can be completed. Ensure that communication with these stakeholders is clear and concise. Avoid involving them directly in activities and deliverable creation, unless it’s required by their role (e.g. as a business unit manager).

Identify a suitable BCP Coordinator

A skilled and committed coordinator is critical to building an effective and durable BCP.

• Coordinating the BC planning effort requires a perspective that’s informed by IT, but goes beyond IT.
• For example, many IT professionals only see business processes where they intersect with IT. The BCP Coordinator needs to be able to ask the right questions to help the business units think through dependencies for critical processes.
• Business analysts can thrive in this role, which requires someone effective at dissecting business processes, working with business users, identifying requirements, and managing large projects.

Structure the role of the BCP Coordinator

The BCP Coordinator works with the pilot business unit as well as remaining business units to provide continuity and resolve discrepancies as they come up between business units.

Specifically, this role includes:

• Project management tasks (e.g. scheduling, assigning tasks, coordinating resources, and reporting progress).
• Learning the BCP methodology (through the pilot) so that this person can lead remaining business units through their BCP process. This enables the IT leader who had been assigned to guide BCP development to step back into a more appropriate consulting role.
• Managing the BCP workflow.

"We found it necessary to have the same person work with each business unit to pass along lessons learned and resolve contingency planning conflicts for common dependencies." – Michelle Swessel, PM and IT Bus. Analyst, Wisconsin Compensation Rating Bureau (WCRB)

Template: Pilot Project Charter

Formalize participants, roles, milestones, risks for the pilot project.

Your charter should:

1. Define project parameters, including drivers, objectives, deliverables, and scope.
2. Identify the pilot business unit.
3. Assign a BCP pilot team, including a BCP Coordinator, to execute the methodology.
4. Define before-and-after metrics to enable the team to measure pilot success.
5. Set achievable, realistic target dates for specific project milestones.
6. Document risks, assumptions, and constraints.

Download Info-Tech’s BCP Pilot Project Charter Template

Step 1.3

Identify business processes, dependencies, and alternatives

This step will walk you through the following activities:

• Identify key business processes.
• Document the process workflow.
• Identify dependencies and alternates for those dependencies.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• Expert Business Unit Staff

You'll use the following tools & templates:

• BCP Business Impact Analysis Tool

Outcomes & Insights

Documented workflows, process dependencies, and workarounds when dependencies are unavailable.

Flowchart business processes

Workflows help you visually identify process dependencies and optimization opportunities.

• Business continuity planning is business process focused. You need to document business processes, dependencies, and downtime workarounds.
• Process documentation is a basic BCP audit requirement, but it will also:
  • Keep discussions about business processes well-scoped and focused – by documenting the process, you also clarify for everyone what you’re actually talking about.
  • Remind participants of process dependencies and workarounds.
  • Make it easier to spot possible process breakdowns or improvements.
  • Capture your work, which can be used to create or update SOP documentation.
• Use flowcharts to capture process workflows. Flowcharts are often quicker to create, take less time to update, and are ultimately more usable than a dense manual.

Info-Tech Insight

Process review often results in discovering informal processes, previously unknown workarounds or breakdowns, shadow IT, or process improvement opportunities.

1.3.1 Prioritize pilot business unit processes

Input

• List of key business unit processes.

Output

• List of key business unit processes, now prioritized (at a high-level)

Materials

• Whiteboard/flip charts
• BCP Business Impact Analysis Tool

Participants

• BCP Coordinator (leads the discussion)
• Pilot Business Unit Manager

30 minutes

1. Create a list of all formal and informal business processes executed by the pilot business unit.
2. Discuss the impact of process downtime, and do a quick assessment whether impact of downtime for each process would be high, medium, or low across each of these criteria:
   • Revenue or costs (e.g. supports sales, billing, or productivity)
   • Goodwill (e.g. affects internal or external reputation)
   • Compliance (e.g. affects legal or industry requirements)
   • Health or safety (e.g. affects employee/public health & safety)

Note: A more in-depth analysis will be conducted later to refine priorities. The goal here is a high-level order of priority for the next steps in the planning methodology (identify business processes and dependencies).

3. In the BCP Business Impact Analysis Tool, Processes and Dependencies tab, record the following:
   • The business processes in rough order of criticality.
   • For each process, provide a brief description that focuses on purpose and impact.
   • For each process, name a process owner (i.e. accountable for process completion – could be a manager or senior staff, not necessarily those executing the process).

1.3.2 Review process flows & identify dependencies

Input

• List of key business unit processes (prioritized at a high level in Activity 1.3.1).
• Business process flowcharts.

Output

• Business process flowcharts

Materials

• Whiteboard/flip charts
• Microsoft Visio, or other flowcharting software
• BCP Business Impact Analysis Tool

Download Info-Tech’s Business Process Workflows Example

1.5 hours

1. Use a whiteboard to flowchart process steps. Collaborate to clarify process steps and dependencies. If processes are not documented, use this as an opportunity to create standard operating procedures (SOPs) to drive consistency and process optimization, as described in the Info-Tech blueprint, Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind.
2. Record the dependencies in tab 1 of the BCP Business Impact Analysis Tool in the appropriate columns:
   • People – Anyone involved in the process, from providing guidance to executing the steps.
   • IT Applications – Core IT services (e.g. ERP, CRM) required for this process.
   • End-user devices & equipment – End-user devices, locally-installed apps, IoT, etc.
   • Facility – Any special requirements beyond general office space.
   • Suppliers & Service Providers – Third-parties who support this process.

Info-Tech Insight

Policies and procedures manuals, if they exist, are often out of date or incomplete. Use these as a starting point, but don’t stop there. Identify the go-to staff members who are well versed in how a process works.

1.3.3 Document workarounds

Input

• Business process flowcharts.
• List of process dependencies.

Output

• Workarounds and alternatives in the event dependencies aren’t available.

Materials

• BCP Business Impact Analysis Tool

Participants

• BCP Coordinator (facilitates the activity)
• Pilot Business Unit Manager
• Business Process Subject Matter Experts (SMEs)

1.5 hours

Identify alternatives to critical dependencies to help you create contingency plans.

1. For each business process, identify known alternatives for each primary dependency. Ignore for the moment how long the workaround or alternate would be feasible.
2. Record alternatives in the Business Continuity Business Impact Analysis Tool, Processes and Dependencies tab, Alternatives columns (a separate column for each category of dependency):
   • People – Can other staff execute the process steps? (Example: managers can step in if needed.)
   • IT Applications – Is there a manual workaround or other alternative while enterprise technology services are unavailable? (Example: database is down, but data is stored on physical forms.)
   • End-User Devices and Equipment – What alternatives exist to the usual end-user technologies, such as workstations and desk phones? (Example: some staff have cell phones.)
   • Facility Location and Requirements – Is there an alternate location where this work can be conducted? (Example: work from home, or from another building on the campus.)
   • Suppliers and External Services – Is there an alternative source for key suppliers or other external inputs? (Example: find alternate suppliers for key inputs.)
   • Additional Inputs or Requirements – What workarounds exist for additional artifacts that enable process steps (e.g. physical inventory records, control lists)? (Example: if hourly pay information is missing, run the same payroll as the previous run and reconcile once that information is available.)

Phase 2

Conduct a BIA to Determine Acceptable RTOs and RPOs

Phase 2

2.1 Define an objective impact scoring scale

2.2 Estimate the impact of downtime

2.3 Determine acceptable RTO/RPO targets

Insights & Outcomes

Assess the impact of business process downtime using objective, customized impact scoring scales. Sort business processes by criticality and by assigning criticality tiers, recovery time, and recovery point objectives.

Participants

• BCP Coordinator
• Pilot Business Unit Manager
• Business Process SMEs

Step 2.1

Define an objective scoring scale

This step will walk you through the following activities:

• Identify impact criteria that are relevant to your business.
• Create a scale that defines a range of impact for relevant criteria.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• Expert Business Unit Staff

In this step, you’ll use these tools and templates:

• BCP Business Impact Analysis Tool

Outcomes & Insights

Define an impact scoring scale relevant to your business, which allows you to more-objectively assess the impact of business process downtime.

Set appropriate recovery objectives

Recovery time and recovery point objectives should align with business impact.

The activities in Phase 2 will help you set appropriate, acceptable recovery objectives based on the business impact of process downtime.

• The recovery time objective (RTO) and recovery point objective (RPO) are the recovery goals set for individual processes and dependencies to ensure your business unit meets its overall acceptable recovery timeline.

For example:

• An RTO of four hours means staff and other required resources must be available to support the business processes within four hours of an incident (e.g. relocate to an alternate worksite if necessary, access needed equipment, log-in to needed systems, get support for completing the process from alternate staff, etc.)
• An RPO of four hours for a customer database means the most recent secondary copy of the data must never be more than four hours old – e.g. running a backup every four hours or less.

Conduct a Business Impact Analysis (BIA)

Create Impact Scoring Scales→Assess the impact of process downtime→Review overall impact of process downtime→Set Criticality Tiers→Set Recovery Time and Recovery Point Objectives

Create financial impact scales

Identify maximum cost and revenue impacts to build financial impact scales to measure the financial impact of process downtime.

Work with the Business Unit Manager and Executive Sponsor to identify the maximum impact in each category to the entire business. Use a worst-case scenario to estimate the maximum for each scale. In the future, you can use this scoring scale to estimate the impact of downtime for other business units.

• Loss of Revenue: Estimate the upper bound for this figure from the previous year, and divide that by the number of business days in the year. Note: Some organizations may choose to exclude revenue as a category where it won’t be lost (e.g. public-sector organizations).
• Loss of Productivity: Proxy for lost workforce productivity using payroll numbers. Use the fully loaded payroll for the company, divided by the number of working days in the year as the maximum.
• Increased Operating Costs: Isolate this to known additional costs resulting from a disruption. Does the interruption itself increase operating costs (e.g. if using timesheets for hourly/contract employees and that information is lost or unavailable, do you assume a full work week)?
• Financial Penalties: If there are known financial penalties (e.g. due to failure to meet SLAs or other contractual obligations), include those values in your cost estimates.

Info-Tech Insight

Cost estimates are like hand grenades and horseshoes: you don’t need to be exact. It’s much easier to get input and validation from other stakeholders when you have estimates. Even weak estimates are far better than a blank sheet.

Create goodwill, compliance, and safety impact scales

Create a quantitative, more-objective scoring scale for goodwill, compliance and safety by following the guidance below.

• Impact on Customers: By default, the customer impact scale is based on the percent of your total customer base impacted. You can also modify this scale to include severity of impact or alter it to identify the maximum number of customers that would be impacted.
• Impact on Staff: Consider staff that are directly employed by the organization or its subsidiaries.
• Impact on Business Partners: Which business partners would be affected by a business disruption?
• Impact on Health & Safety: Consider the extent to which process downtime could increase the risk of the health & safety of staff, customers, and the general public. In addition, degradation of health & safety services should be noted.
• Impact on Compliance: Set up the scale so that you can capture the impact of any critical regulatory requirements that might not be met if a particular process was down for 24 hours. Consider whether you expect to receive leeway or a grace period from the governance body that requires evidence of compliance.

Info-Tech Best Practice

Use just the impact scales that are relevant to your organization.

Tool: Impact Scoring Scales

• Define 4-point scoring scales in the BCP business impact analysis tool for a more objective assessment than gut-feel rankings.
• You don’t need to include every category, if they aren’t relevant to your organization.
• Refine the scoring scale as needed through the pilot project.
• Use the same scoring scale for impact analyses with additional business units in the future.

Step 2.2

Estimate the impact of downtime

This step will walk you through the following activities:

• Apply the scoring scale developed in step 2.1 to assess the impact of downtime for specific business processes.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• Expert Business Unit Staff

In this step, you’ll use these tools and templates:

• BCP Business Impact Analysis Tool

Outcomes & Insights

Develop an objective view of the impact of downtime for key business processes.

2.2.1 Estimate the impact of downtime

1.5 hours

Input

• List of business processes, dependencies, and workarounds, all documented in the BIA tool.

Output

• Impact of downtime scores for key business unit processes.

Materials

• BCP Business Impact Analysis Tool

Participants

• BCP Coordinator (facilitates the discussion)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

1. Print a copy of the Scoring Criteria tab to use as a reference, or have it open on another screen. In tab 3 of the BCP Business Impact Analysis Tool use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the Scoring Criteria tab.
2. Work horizontally across all categories for a single process. This will set a benchmark, familiarize you with the scoring system, and allow you to modify any scoring scales if needed. In general, begin with the process that you know to be most critical.
   • For example, if call center sales operations are down:
     • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 2 or 3 depending on the proportion of sales generated through the call center.
     • The Impact on Customers might be a 1 or 2 depending on the extent that existing customers might be using the call center to purchase new products or services.
     • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0.
3. Next, work vertically across all processes within a single category. This will allow you to compare scores within the category as you create them.

Tool: Impact Analysis

• The goal of the exercise is to arrive at a defensible ranking of process criticality, based on the impact of downtime.
• Make sure participants can see the scores you’re assigning during the exercise (e.g. by writing out the scores on a whiteboard, or displaying the tool on a projector or screen) and can reference the scoring scales tab to understand what the scores mean.
• Take notes to record the rationale behind the impact scores. Consider assigning note-taking duties to one of the participants.

2.2.2 Sort processes into Criticality Tiers

30 minutes

Input

• Processes, with assigned impact scores (financial impact, goodwill impact, compliance and safety impact).

Output

• Business processes sorted into criticality tiers, based on the impact of downtime.

Materials

• BCP Business Impact Analysis Tool

Participants

• BCP Coordinator (facilitates the discussion)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

1. In general, consider the Total Impact on Goodwill, Compliance, and Safety first.
   • An effective tactic to start the process is to assign a tier 1 rating to all processes with a Goodwill, Compliance, and Safety score that’s 50% or more of the highest total score, tier 2 where scores are between 25% and 50%, and tier 3 where scores are below 25% (see table below for an example).
   • In step 2.3, you’ll align recovery time objectives with the criticality tiers. So, Tier 1 processes will target recovery before Tier 2 processes, and Tier 2 processes will target recovery before Tier 3 processes.
2. Next, consider the Total Cost of Downtime.

• The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the estimates in the BIA.
• Consider whether the total cost impact justifies changing the criticality rating. “Smoke test” categorization with participants. Are there any surprises (processes more or less critical than expected)?

Example: Highest total Goodwill, Compliance, and Safety impact score is 18.

Step 2.3

Determine acceptable RTO and RPO targets

This step will walk you through the following activities:

• Identify acceptable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for business processes.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• Expert Business Unit Staff

In this step, you’ll use these tools and templates:

• BCP Business Impact Analysis Tool

Outcomes and Insights

Right-size recovery objectives based on business impact.

Right-size recovery objectives

Acceptable RTOs and RPOs must be right-sized to the impact of downtime.

Rapid recovery typically requires more investment.

The impact of downtime for most business processes tends to look something like the increasing impact curve in the image to the right.

In the moments after a disruption, impact tends to be minimal. Imagine, for example, that your organization was suddenly unable to pay its suppliers (don’t worry about the reason for the disruption, for the moment). Chances are, this disruption wouldn’t affect many payees if it lasted just a few minutes, or even a few hours. But if the disruption were to continue for days, or weeks, the impact of downtime would start to spiral out of control.

In general, we want to target recovery somewhere between the point where impact begins, and the point where impact is intolerable. We want to balance the impact of downtime with the investment required to make processes more resilient.

Info-Tech Insight

Account for hard copy files as well as electronic data. If that information is lost, is there a backup? BCP can be the driver to remove the last resistance to paperless processes, allowing IT to apply appropriate data protection.

Set recovery time objectives and recovery point objectives in the “Debate Space”

2.3.1 Define process-level recovery objectives

1 hour

Input

• Processes, ranked by criticality.

Output

• Initial business-defined recovery objectives for each process.

Materials

• BCP Business Impact Analysis Tool

Participants

• BCP Coordinator (facilitates the discussion)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

1. Review the “Debate Space” diagram (shown in previous section) with all participants.
2. Ask business participants for each process: how much downtime is tolerable, acceptable, or appropriate? How much data loss is tolerable?
   • If participants aren’t yet comfortable setting recovery objectives, identify the point at which downtime and data loss first becomes noticeable and the point at which downtime and data loss becomes intolerable.
   • Choose an RTO and RPO for each process that falls within the range set by these two extremes.

RTOs and RPOs are business-defined, impact-aligned objectives that you may not be able to achieve today. It may require significant investments of time and capital to enable the organization to meet RTO and RPO.

2.3.2 Align RTOs within and across criticality tiers

1 hour

Input

• Results from pilot BCP impact analysis.

Output

• Initial business-defined recovery objectives for each process.

Materials

• BCP Business Impact Analysis Tool
• Whiteboard/ flipchart

Participants

• BCP Coordinator
• BCP Project Sponsor
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager (optional)

Set a range for RTO for each Tier.

1. Start with your least critical/Tier 3 processes. Use the filter in the “Criticality Rating” column in the Impact Analysis tab of the BIA tool to show only Tier 3 processes.
   • What range of RTOs did the group assign for processes in this Tier? Does the group agree that these targets are appropriate for these processes?
   • Record the range of RTOs on the whiteboard or flipchart.
2. Next, look at Tier 2 processes. Use the same filter to show just Tier 2 processes.
   • Record the range of RTOs, confirm the range with the group, and ensure there’s no overlap with the Tier 3 range.
   • If the RTOs in one Tier overlap with RTOs in another, you’ll need to adjust RTOs or move processes between Tiers (if the impact analysis justifies it).

Phase 3

Document the Recovery Workflow and Projects to Close Gaps

3.1 Determine current recovery procedures

3.2 Identify and prioritize projects to close gaps

3.3 Evaluate business continuity site and command center options

Insights & Outcomes

Outline business recovery processes. Highlight gaps and risks that could hinder business recovery. Brainstorm ideas to address gaps and risks. Review alternate site and business relocation options.

Participants

• BCP Coordinator
• Pilot Business Unit Manager
• Business Process SMEs

Step 3.1

Determine current recovery procedures

This step will walk you through the following activities:

• Create a step-by-step, high-level recovery workflow.
• Highlight gaps and risks in the recovery workflow.
• Test the workflow against multiple scenarios.

This step involves the following participants:

• BCP Coordinator
• Crisis Management Team
• Pilot Business Unit Manager
• Expert Business Unit Staff

In this step, you’ll use these tools and templates:

• BCP Tabletop Planning Template

Outcomes & Insights

Establish steps required for business recovery and current recovery timelines.

Identify risks & gaps that could delay or obstruct an effective recovery.

Conduct a tabletop planning exercise to draft business recovery plans

Tabletop exercises are the most effective way to test and increase business confidence in business recovery capabilities.

Why is tabletop planning so effective?

• It enables you play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
• It is non-intrusive, so it can be executed more frequently than other testing methodologies.
• It provides a thorough test of your recovery workflow since the exercise is, essentially, paper-based.
• After you have a BCP in place, this exercise can continue to be a valuable testing exercise for BCP to capture changes in your recovery process.

Step 2 - 2 hours
Establish command center.

Step 2: Risks

• Command center is just 15 miles away from primary site.

Step 2: Gaps

• Confirm what’s required to set up the command center.
• Who has access to the EOC?
• Does the center have sufficient bandwidth, workstations, phones, telephone lines?

3.1.1 Choose a scenario for your first tabletop exercise

30 minutes

Input

• List of past incidents.
• Risks to business continuity that are of high concern.

Output

• Scenario for the tabletop exercise.

Materials

• N/A

Participant

• BCP Coordinator (facilitates the exercise)
• Business Process Subject Matter Experts (SMEs)
• Pilot business unit manager

At the business unit level, the goal is to define a plan to resume business processes after an incident.

A good scenario is one that helps the group focus on the goal of tabletop planning – to discuss and document the steps required to recover business processes. We suggest choosing a scenario for your first exercise that:

• Disrupts many process dependencies (i.e. facilities, staff, IT services, suppliers).
• Does not result in major property damage, harm, or loss of life. Business resumption is the focus of this exercise, not emergency response.
• Has happened in the past, or is of concern to the business.

An example: a gas leak at company HQ that requires the area to be cordoned off and power to be shut down. The business must resume processes from another location without access to materials, equipment, or IT services at the primary location.

A plan that satisfies the gas leak scenario should meet the needs of other scenarios that affect your normal workspace. Then use BCP testing to validate that the plan meets a wider range of incidents.

3.1.2 Define the BCP activation process

1 hour

Input

• Any existing crisis management, incident response or emergency response plans.
• BC Scenario.

Output

• High level incident notification, assessment, and declaration workflow.

Materials

• Cue cards, sticky notes, whiteboard and markers, or Visio template.

Participants

• BCP Coordinator
• Crisis Management Team (if one exists)
• Business Process SMEs
• Pilot Business Unit Manager

Answer the questions below to structure your notification, assessment, and BCP activation procedures.

Notification

How will you be notified of a disaster event? How will this be escalated to leadership? How will the team responsible for making decisions coordinate (if they can’t meet on-site)? What emergency response plans are in place to protect health and safety? What additional steps are involved if there’s a risk to health and safety?

Assessment

Who’s in charge of the initial assessment? Who may need to be involved in the assessment? Who will coordinate if multiple teams are required to investigate and assess the situation? Who needs to review the results of the assessment, and how will the results of the assessment be communicated (e.g. phone bridge, written memo)? What happens if your primary mode of communication is unavailable (e.g. phone service is down)?

Declaration

Who is responsible today for declaring a disaster and activating business continuity plans? What are the organization’s criteria for activating continuity plans, and how will BCP activation be communicated? Establish a crisis management team to guide the organization through a wide range of crises by Implementing Crisis Management Best Practices.

3.1.3 Document the business recovery workflow

1 hour

Input

• Pilot BIA.
• Any existing crisis management, incident response, or emergency response plans.
• BC Scenario

Output

• Outline of your BCP declaration and business recovery plan.

Materials

• Cue cards, sticky notes, whiteboard and markers, or Visio template.

Participants

• BCP Coordinator (facilitates the exercise)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

Do the following:

1. Create separate flows for facility, IT, and staff disruptions. Include additional workflows as needed.
   • We suggest you outline the recovery process at least to the point where business processes are restored to a minimum viable functional level.
2. On white cue cards:
   1. Record the step.
   2. Indicate the task owner.
   3. Estimate how long the step will take.
3. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
4. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

Info-Tech Best Practice

Tabletop planning is most effective when you keep it simple.

• Be focused; stay on task and on time.
• Revisit each step and record risks and mitigation strategies.
• Discuss each step from start to finish.
• Revise the plan with key task owners.
• Don’t get weighed down by tools.
• Simple tools, like cue cards or whiteboards, can be very effective.

Tool: BCP Recovery Workflow

Document the steps you identified in the tabletop to create your draft recovery workflow.

Why use a flowchart?

• Flowcharts provide an at-a-glance view, are ideal for crisis scenarios where pressure is high and effective, and where timely communication is necessary.
• For experienced managers and staff, a high-level reminder of process flows or key steps is sufficient.
• Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation/contracts, other flowcharts, etc.)

Create one recovery workflow for all scenarios.

Traditional planning calls for separate plans for different “what-if” scenarios. This is challenging not just because it’s a lot more documentation – and maintenance – but because it’s impossible to predict every possible incident. Use the template, aligned to recovery of process dependencies, to create one recovery workflow for each business unit that can be used in and tested against different scenarios.

Download Info-Tech’s BCP Recovery Workflow Example

"We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director-IT Operations, Healthcare Industry

"Very few business interruptions are actually major disasters. It’s usually a power outage or hardware failure, so I ensure my plans address ‘minor’ incidents as well as major disasters."- BCP Consultant

3.1.4 Document achievable recovery metrics (RTA/RPA)

30 minutes

Input

• Pilot BCP BIA.
• Draft recovery workflow.

Output

• RTA and RPA for each business process.

Materials

• Pilot BCP BIA.

Participants

• BCP Coordinator (facilitates the exercise)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

Add the following data to your copy of the BCP Business Impact Analysis Tool.

1. Estimate the recovery time achievable (RTA) for each process based on the required time for the process to be restored to a minimum acceptable functional level. Review your recovery workflow to identify this timeline. For example, if the full process from notification, assessment, and declaration to recovery and relocation would take a full day, set the RTA to 24 hours.
2. Estimate the recovery point achievable (RPA) for each process based on the maximum amount of data that could be lost. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and the achievable RPO is 24 hours. Note: Enter a value of 9999 to indicate that data is unrecoverable.

Info-Tech Insight

Operating at a minimum acceptable functional level may not be feasible for more than a few days or weeks. Develop plans for immediate continuity first, then develop further plans for long-term continuity processes as required. Recognize that for longer term outages, you will evolve your plans in the crisis to meet the needs of the situation.

3.1.5 Test the workflow of other scenarios

1 hour

Input

• Draft recovery workflow.

Output

• Updated draft recovery workflow.

Materials

• Draft recovery workflow.
• Projector or screen.

Participants

• BCP Coordinator (facilitates the exercise)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

Work from and update the soft copy of your recovery workflow.

1. Would any steps change if the scenario changes? If yes, capture the different flow with a decision diamond. See the example Recovery Workflow for a workflow that uses decision diamonds. Identify any new gaps or risks you encounter with red and yellow cards.
2. Make sure the decision diamonds are as generalized as possible. For example, instead of creating a separate response plan for each scenario that would require you to relocate from your existing building, create one response plan for relocation and one response plan for remaining in place.
3. See the next section for some examples of different types of scenarios that you may include in your recovery workflow.

Info-Tech Insight

Remember that health and safety risks must be dealt with first in a crisis. The business unit recovery workflow will focus on restoring business operations after employees are no longer at risk (e.g. the risk has been resolved or employees have been safely relocated). See Implement Crisis Management Best Practices for ideas on how to respond to and assess a wide range of crises.

Not all scenarios will have full continuity plans

Risk management is a business decision. Business continuity planning can help decision makers understand and decide on whether to accept or mitigate high impact, low probability risks.

For some organizations, it’s not practical or possible to invest in the redundancy that would be necessary to recover in a timely manner from certain major events.

Leverage existing risk management practices to identify key high impact events that could present major business continuity challenges that could cause catastrophic disruptions to facility, IT, staffing, suppliers, or equipment. If you don’t have a risk register, review the scenarios on the next slide and brainstorm risks with the working group.

Work through tabletop planning to identify how you might work through an event like this, at a high level. In step 3.2, you can estimate the effort, cost, and benefit for different ideas that can help mitigate the damage to the business to help decision makers choose between investment in mitigation or accepting the risk.

Document any scenarios that you identify as outside the scope of your continuity plans in the “Scope” section of your BCP Summary document.

For example:

A single location manufacturing company is creating a BCP.

The factory is large and contains expensive equipment; it’s not possible to build a second factory for redundancy. If the factory is destroyed, operations can’t be resumed until the factory is rebuilt. In this case, the BCP outlines how to conduct an orderly business shutdown while the factory is rebuilt.

Contingency planning to resume factory operations after less destructive events, as well as a BCP for corporate services, is still practical and necessary.

Considerations for other BCP scenarios

Step 3.2

Identify and prioritize projects to close gaps

This step will walk you through the following activities:

• Brainstorm solutions to identified gaps and risks.
• Prioritize projects and action items to close gaps and risks.
• Assess the impact of proposed projects on the recovery workflow.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• Expert Business Unit Staff

In this step, you’ll use these tools and templates:

• BCP Project Roadmap

Outcomes & Insights

Identify and prioritize projects and action items that can improve business continuity capabilities.

3.2.1 Brainstorm solutions to address risks and gaps

1 hour

Input

• Draft recovery workflow.
• Known continuity risks and gaps.

Output

• Ideas for action items and projects to improve business continuity.

Materials

• Flipchart

Participants

• BCP Coordinator (facilitates the exercise)
• Business Process Subject Matter Experts (SMEs)
• Pilot Business Unit Manager

1. Review each of the risk and gap cards from the tabletop exercise.
2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip chart paper. The solutions can range from quick-wins and action items to major capital investments. The following slides can help you seed ideas to support brainstorming and idea generation.

Info-Tech Best Practice

Try to avoid debates about feasibility at this point. The goal is to get ideas on the board.

When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution – other ideas can expand on it and improve it.

Step 4: No formal process to declare a disaster and invoke business continuity.

Step 7: Alternate site could be affected by the same regional event as the main office.

Step 12: Need to confirm supplier service-level agreements (SLAs).

1. Continue to create BCP documentation.
2. Identify a third location for regional disasters.
3. Contact suppliers to confirm SLAs and validate alignment with RTOs/RPOs.
4. Add BCP requirements collection to service procurement process?

Discuss your remote work capabilities

With COVID-19, most organizations have experience with mass work-from-home.

Review the following case studies. Do they reflect your experience during the COVID-19 pandemic?

Unacceptable risk

• A small insurance company provided laptops to staff so they could work remotely.
• Complication: Cheque and print stock is a dependency and no plan was made to store check stock offsite in a secure fashion.

Key dependencies missing

• A local government provided laptops to key staff so they could work remotely.
• Complication: The organization didn’t currently own enough Citrix licenses for every user to be online concurrently.

Unable to serve customers

• The attestation and land services department of a local government agency provided staff with remote access to key apps.
• Complication: Their most critical business processes were designed to be in-person – they had no plan to execute these processes from home.

Consider where your own work-from-home plans fell short.

• Were your collaboration and communication solutions too difficult for users to use effectively?
• Did legacy infrastructure affect performance or limit capabilities? Were security concerns appropriately addressed?
• What challenges did IT face supporting business users on break-fix and new requests?
• Were there logistical needs (shipping/receiving, etc.) that weren’t met?
• Develop an updated plan to support work-from-home using Info-Tech’s BCP Relocation Checklists and Home Office Survey template, and integrate these into your overall BCP documentation. Stakeholders can easily appreciate the value of this plan since it’s relevant to recent experience.

Identify opportunities to improve continuity plans

What gaps in your continuity response could be addressed with better planning?

People

• Alternates are not identified
• Roles in a disaster are not formalized
• No internal/external crisis comm. strategy

→

• Identify people dependencies and alternates.
• Create response and management teams.
• Implement Crisis Management Best Practices.

Site & Facilities

• No alternate place of business or command center identified
• No formal planning or exercises to test alternate site viability

→

• Identify a viable secondary site and/or work-from-home plan, and develop a schedule for testing activities. Review in Step 3.3 of the Develop a Business Continuity Plan blueprint.

External Services & Suppliers

• Contingency plans for a disruption not planned or formalized
• No formal review of service-level agreements (SLAs)

→

• Contact key suppliers and vendors to establish SLAs, and ensure they meet requirements.
• Review supplier continuity plans.

Technology & Physical Assets

• No secondary site or redundancy for critical IT systems
• No documented end-to-end IT DR plan

→

• Create a Right-Sized DR Plan.
• Verify SLAs with key IT infrastructure and service providers and review their DRP.

Tool: BCP Project Roadmap

Prioritize and visualize BCP projects to present options to decision makers.

Not all BCP projects can be tackled at once. Enable decision makers to defer, rather than outright reject, projects that aren’t feasible at this time.

1. Configure the tool in Tab 1. Setup. Adjust criteria and definitions for criteria. Note that shaded columns are required for reporting purposes and can’t be modified.
2. Add projects and action items in Tab 2. Data Entry. Fields highlighted in red are all required for the dashboard to populate. All other fields are optional but will provide opportunities to track more detailed data on project ideas.
3. To generate the dashboard in Tab 3. Roadmap, open the Data ribbon and under Queries and Connections click Refresh All. You can now use the slicers on the right of the sheet.

Download Info-Tech’s BCP Project Roadmap Tool

Demonstrate BCP project impacts

Illustrate the benefits of proposed projects.

1. Review your recovery workflow.
2. Make updates to a second copy of the high-level outline to illustrate how the business response to a disaster scenario will change once proposed projects are complete.

• Remove steps that have been made unnecessary.
• Remove any risks or gaps that have been mitigated or addressed.
• Verify that proposed projects close gaps between acceptable and achievable recovery capabilities in the BIA tool.

Step 3.3

Evaluate business continuity site and command center options

This step will walk you through the following activities:

• Take a deep dive on the requirements for working from an alternate location.
• Assess different options for an alternate location.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• Expert Business Unit Staff

In this step, you’ll use these tools and templates:

• BCP Relocation Checklists

Outcomes & Insights

Identify requirements for an alternate business site.

Tool: Relocation Checklists

An alternate site could be another company building, a dedicated emergency operations center, or work-from-home. Use this tool to guide and prepare for any relocation exercise.

• Coordinate your response with the pre-populated checklists in Tabs 1 & 2, identify who’s responsible for items on the checklists, and update your recovery workflows to reflect new steps. When reviewing the checklist, consider what can be done to prepare ahead of a crisis.
  • For example, you may wish to create crisis communication templates to streamline crisis communications during a disaster.
• Calculate the effort required to provision equipment for relocated users in Tabs 3 & 4.
• Evaluate your options for alternate sites with the requirements matrix in Tab 5. Use your evaluation to identify how the organization could address shortcomings of viable options either ahead of time or at the time of an incident.

Download Info-Tech’s BCP Relocation Checklists

Create a checklist of requirements for an alternate site

Leverage the roll-up view, in tab 3, of dependencies required to create a list of requirements for an alternate site in tab 4.

1. The table on Tab 5 of the relocation checklists is pre-populated with some common requirements. Modify or replace requirements to suit your needs for an alternate business/office site. Be sure to consider distance, transportation, needed services, accessibility, IT infrastructure, security, and seating capacity at a minimum.
2. Don’t assume. Verify. Confirm anything that requires permissions from the site owner. What network providers have a presence in the building? Can you access the site 24/7 and conduct training exercises? What facilities and services are available? Are you guaranteed the space if needed?

"There are horror stories about organizations that assumed things about their alternate site that they later found out they weren’t true in practice." – Dr. Bernard Jones, MBCI CBCP

Info-Tech Insight

If you choose a shared location as a BCP site, a regional disaster may put you in competition with other tenants for space.

Identify a command center

For command center and alternate worksite selection, remember that most incidents are local and short term. Identify an onsite and an offsite command center.

1. For events where the building is not compromised, identify an onsite location, ideally with remote conferencing capabilities and planning and collaboration tools (projectors, whiteboards, flipcharts). The onsite location can also be used for BCM and crisis management meetings. Remember, most business continuity events are not regional or massively destructive.
2. For the offsite command center, select a location that is sufficiently far away from your normal business location to maintain separation from local incidents while minimizing commute time. However, consider a geographically distant option (e.g. more than 50 miles away) identified for those scenarios where it is a regional disaster, or plan to leverage online tools to create a virtual command center (see the Insight box below).
3. The first members of the Emergency Response Team to be notified of the incident will determine which location to use or whether a third alternative is required.

Info-Tech Insight

For many organizations, a dedicated command center (TVs on the wall, maps and charts in filing cabinets) isn’t necessary. A conference bridge and collaboration tools allowing everyone to work remotely can be an acceptable offsite command center as long as digital options can meet your command center requirements.

Create a plan for a return to normal

Operating in continuity mode for an extended period of time tends to result in higher costs and reduced business capabilities. It’s important to restore normal operations as soon as possible.

Advance planning can minimize risks and delays in returning to normal operations.

Leverage the methodology and tools in this blueprint to define your return to normal (repatriation) procedures:

1. Repeat the tabletop planning exercise to determine the repatriation steps and potential gaps. How will you return to the primary site from your alternate site? Does data need to be re-entered into core systems if IT services are down? Do you need to transfer job duties back to primary staff?
2. What needs to be done to address the gaps in the return to normal workflow? Are there projects or action items that could make return to normal easier?

For more on supporting a business move back to the office from the IT perspective, see Responsibly Resume IT Operations in the Office

Potential business impacts of ongoing operations at a failover site

• The cost of leasing alternate business worksites.
• Inability to deliver on strategic initiatives while in emergency/interim operations mode, resulting in lost business opportunities.
• A growing backlog of work that falls outside of emergency operations mode.
• Travel and accommodation costs if the alternate site is geographically remote.
• Additional vendor licensing and contract costs.

Phase 4

Extend the Results of the Pilot BCP and Implement Governance

Phase 4

4.1 Consolidate BCP pilot insights to support an overall BCP project plan

4.2 Outline a business continuity management (BCM) program

4.3 Test and maintain your BCP

Insights & Outcomes

Summarize and consolidate your initial insights and documentation. Create a project plan for overall BCP. Identify teams, responsibilities, and accountabilities, and assign documentation ownership. Integrate BCP findings in DR and crisis management practices. Set guidelines for testing, plan maintenance, training, and awareness.

Participants

• BCP Coordinator
• Pilot Business Unit Manager
• BCP Executive Sponsor

Step 4.1

Consolidate BCP pilot insights to support an overall BCP project plan

This step will walk you through the following activities:

• Summarize and consolidate outputs and key insights from the BCP pilot.
• Identify outputs from the pilot that can be re-used for the overall BCP.
• Create a project charter for an overall BCP.

This step involves the following participants:

• BCP Coordinator
• Pilot Business Unit Manager
• BCP Executive Sponsor

In this step, you’ll use these tools and templates:

• BCP Pilot Results Presentation
• BCP Summary

Outcomes & Insights

Present results from the pilot BCP, and outline how you’ll use the pilot process with other business units to create an overall continuity program.

Structure the overall BCP program.

Template: BCP Pilot Results Presentation

Highlight key findings from the BCP pilot to make the case for next steps.

• Highlight critical gaps or risks identified, any potential process improvements, and progress made toward improving overall BCP maturity through the pilot project. Summarize the benefits of the pilot project for an executive audience.
• Review process recovery objectives (RTO/RPO). Provide an overview of recovery capabilities (RTA/RPA). Highlight any significant gaps between objectives and capabilities.
• Propose next steps, including an overall BCP project and program, and projects and action items to remediate gaps and risks.
• Develop a project plan to estimate resource requirements for an overall BCP project prior to delivering this presentation. Quantifying required time and resources is a key outcome as it enables the remaining business units to properly scope and resource their BCP development activities and can help managers overcome the fear of the unknown.

Download Info-Tech’s BCP Pilot Results Presentation

Tool: BCP Summary

Sum up information from completed BCP documents to create a high-level BCP overview for auditors and executives.

The BCP Summary document is the capstone to business unit continuity planning exercises. It consolidates your findings in a short overview of your business continuity requirements, capabilities, and maintenance procedures.

Info-Tech recommends embedding hyperlinks within the Summary to the rest of your BCP documentation to allow the reader to drill down further as needed. Leverage the following documents:

• Business Impact Analysis
• BCP Recovery Workflows
• Business Process Workflows
• BCP Project Roadmap
• BCP Relocation Checklists
• Business Continuity Policy

Download Info-Tech’s BCP Summary Document

Reuse templates for additional exercises

The same methodology described in this blueprint can be repeated for each business unit. Also, many of the artifacts from the BCP pilot can be reused or built upon to give the remaining business units a head start. For example:

• BCP Pilot Project Charter Template. Make a copy to use as a base for the next business unit’s BCP project charter, and update the stakeholders/roles and milestone dates. The rest of the content can remain the same in most cases.
• BCP Reference Workbook. This tool contains information common to all business units and can be updated as needed.
• BCP Business Impact Analysis Tool. You may need to start a separate copy for each business unit to allow enough space to capture all business processes. However, use the same scoring scale to drive consistent assessments. In addition, the scoring completed by the pilot business unit provides an example and benchmark for assessing other business processes.
• BCP Recovery Workflow. The notification, assessment, and declaration steps can be standardized so remaining business units can focus primarily on recovery after a disaster is declared. Similarly, many of the steps related to alternate sites and IT workarounds will also apply to other business units.
• BCP Project Roadmap Tool. Many of the projects identified by the pilot business unit will also apply to other business units – update the list as needed.
• The Business Unit BCP Prioritization Tool, BCP Executive Presentation, and Business Continuity Policy Template do not need to be updated for each business unit.

Info-Tech Best Practice

You may need to create some artifacts that are site specific. For example, relocation plans or emergency plans may not be reusable from one site to another. Use your judgement to reuse as much of the templates as you can – similar templates simplify audit, oversight, and plan management.

Create an Overall BCP Project Charter

Modify the pilot project charter to encompass the larger BCP project.

Adjust the pilot charter to answer the following questions:

• How much time and effort should the rest of the project take, based on findings from the pilot? When do you expect to meet certain milestones? What outputs and outcomes are expected?
• In what order should additional business units complete their BCP? Who needs to be involved?
• What projects to address continuity gaps were identified during the pilot? What investments will likely be required?
• What additional documentation is required? This section and the appendix include templates to document your BCM Policy, Teams & Contacts, your notification procedures, and more.
• How does this integrate with the other areas of business resilience and continuity (IT disaster recovery planning and crisis management planning)?
• What additional activities, such as testing, are required?

Prioritize business units for further BCP activities.

As with the pilot, choose a business unit, or business units, where BCP will have the greatest impact and where further BCP activities will have the greatest likelihood of success. Prioritize business units that are critical to many areas of the business to get key results sooner.

Work with one business unit at a time if:

• Required resources from the business unit are available to focus on BCP full-time over a short period (one to two weeks).
• More hands-on guidance (less delegation) is needed.
• The business unit is large or has complex processes.

Work with several business units at the same time if:

• Required resources are only available sporadically over a longer period of time.
• Less guidance (more delegation) is possible.
• All business units are small and have well-documented processes.

Download Info-Tech’s Business Unit BCP Prioritization Tool

Step 4.2

Outline a Business Continuity Management (BCM) Program

This step will walk you through the following activities:

• Identify teams and roles for BCP and business continuity management.
• Identify individuals to fill key roles.

This step involves the following participants:

• BCP Coordinator
• Executive Sponsor

In this step, you’ll use these tools and templates:

• Business Continuity Teams and Roles Tool

Outcomes & Insights

Document BCP teams, roles, and responsibilities.

Document contact information, alternates, and succession rules.

Outline a Business Continuity Management Program

A BCM program, also known as a BCM system, helps structure business continuity activities and practices to deliver long-term benefits to your business.

A BCM program should:

• Establish who is responsible and accountable for BCP practices, activities, and documentation, and set documentation management practices.
• Define a process to improve plans. Review and update continuity requirements, suggest enhancements to recovery capabilities, and measure progress and improvements to the plan over time.
• Coordinate disaster recovery, business continuity, and crisis management planning outputs and practices.
• Communicate the value of the continuity program to the organization.

Develop a Business Continuity Management Program

Phase 4 of this blueprint will focus on the following elements of a business continuity management program:

• BCM Roles, Responsibilities, and Accountabilities
• BCM Document Management Practices
• Integrate BC, IT DR, Crisis Management, and Emergency Management
• Business Continuity Plan maintenance and testing
• Training and awareness

Schedule a call with an Info-Tech Analyst for help building out these core elements, and for advice on developing the rest of your BCM program.

Create BCM teams

Include a mix of strong leaders and strong planners on your BC management teams.

BC management teams (including the secondary teams such as the emergency response team) have two primary roles:

1. Preparation, Planning, and Governance: Conduct and consolidate business impact analyses. Review, and support the development of recovery workflows, including emergency response plans and business unit recovery workflows. Organize testing and training. Report on the state of the continuity plan.
2. Leadership During a Crisis: Coordinate and support the execution of business recovery processes. To meet these goals, each team needs a mix of skill sets.

Crisis leaders require strong crisis management skills:

• Ability to make quick decisions under pressure with incomplete information.
• Excellent verbal communication skills.
• Strong leadership skills. Calm in stressful situations.
• Team leaders are ideally, but not necessarily, those with the most senior title on each team. It’s more important that the team leader has the appropriate skill set.

Collectively, the team must include a broad range of expertise as well as strong planning skills:

• Diverse expertise to be able to plan for and respond to a wide range of potential incidents, from health and safety to reputational damage.
• Excellent organizational skills and attention to detail.
• Excellent written communication skills.

Note: For specific BC team roles and responsibilities, including key resources such as Legal, HR, and IT SMEs required to prepare for and execute crisis management plans, see Implement Crisis Management Best Practices.

Structure the BCM Team

Create a hierarchy of teams to govern and coordinate business continuity planning and crisis management.

BCM Team: Govern business continuity, DR, and crisis management planning. Support the organization’s response to a crisis, including the decision to declare a disaster or emergency.

Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

IT Disaster Recovery Team: Manage the recovery of IT services and data following an incident. Develop and maintain the IT DRP.

Business Unit BCP Teams: Coordinate business process recovery at the business unit level. Develop and maintain business unit BCPs.

“Planning Mode”

Executive Team → BC Management Team ↓

• Emergency Response Teams (ERT)
• Crisis Management Team
• IT DR Management Team
• Business Unit BCP Teams

“Crisis Mode”

Executive Team ↔Crisis Management Team↓ ↔ Emergency Response Teams (ERT)

• BC Management Team
• IT DR Management Team
• Business Unit BCP Teams

For more details on specific roles to include on these teams, as well as more information on crisis management, review Info-Tech’s blueprint, Implement Crisis Management Best Practices.

Tool: BCM Teams, Roles, Contacts, and Vendors

Track teams, roles, and contacts in this template. It is pre-populated with roles and responsibilities for business continuity, crisis management, IT disaster recovery, emergency response, and vendors and suppliers critical to business operations.

• Expect overlap across teams. For example, the BC Management Team will include representation from each secondary team to ensure plans are in sync. Similarly, both the Crisis Communication Team and BC Management Team should include a representative from your legal team to ensure legal issues are considered in communications as well as overall crisis management.
• Clarify spending and decision authority for key members of each team during a crisis.

Track contact information in this template only if you don’t have a more streamlined way of tracking it elsewhere.

Download Info-Tech’s Business Continuity Teams and Roles Tool

Manage key vendors

Review supplier capabilities and contracts to ensure they meet your requirements.

Suppliers and vendors might include:

• Material shipments
• IT/telecoms service providers
• Integrators and business process outsourcing providers
• Independent contractors
• Utilities (power, water, etc.)

Supplier RTOs and RPOs should align with the acceptable RTOs and RPOs defined in the BIA. Where they do not, explore options for improvement.

Confirm the following:

1. The supplier’s own BC/DR capabilities – how they would recover their own operations in a disaster scenario.
2. Any continuity services the supplier provides – how they can help you recover your operations in a disaster scenario.
3. Their existing contractual obligations for service availability (e.g. SLAs).

Download Info-Tech’s BCP Supplier Evaluation Questionnaire

Organize your BCMS documentation

Your BCP isn’t any one document. It’s multiple documents that work together.

Continue to work through any additional required documentation. Build a repository where master copies of each document will reside and can be updated as required. Assign ownership of document management to someone with an understanding of the process (e.g. the BCP Coordinator).

Info-Tech Best Practice

Recovery documentation has a different audience, purpose, and lifecycle than governance documentation, and keeping the documents separate can help with content management. Disciplined document management keeps the plan current and accessible.

Align your IT DRP with your BCP

Use the following BCP outputs to inform your DRP:

• Business process technology dependencies. This includes technology not controlled by IT (e.g. cloud-based services).
• RTOs and RPOs for business processes.
• Technology projects identified by the business to improve resilience (e.g. improved mobility support).

Info-Tech Insight

Don’t think of inconsistencies between your DRP and BCP as a problem. Discrepancies between the plans are part of the discovery process, and they’re an opportunity to have a conversation that can improve alignment between IT service capabilities and business needs. You should expect that there will be discrepancies – managing discrepancies is part of the ongoing process to refine and improve both plans.

Schedule activities to keep BC and DR in sync

BC/DR Planning Workflow

1. Collect BCP outputs that impact IT DRP (e.g. technology RTOs/RPOs).

2. As BCPs are done, BCP Coordinator reviews outputs with IT DRP Management Team.

3. Use the RTOs/RPOs from the BCPs as a starting point to determine IT recovery plans.

4. Identify investments required to meet business-defined RTOs/RPOs, and validate with the business.

5. Create a DR technology roadmap to meet validated RTOs/RPOs.