Outsourcing, Business Continuity and Risk Assessment/Management all require a perspective that considers the impact on the organization as a whole, not as a sum of parts: a so-called systemic approach.
Adopting a systemic approach could start with a simple change: it is a discovery and mapping journey according to priorities, not just a traditional analysis.
If you were to explore an archaeological site, you would have to identify and design a set of priorities:
- how to proceed with the discovery and “digging”, with a modicum of disturbance of the site
- how to document whatever you find, on the basis of your priorities and on the initial findings
- how to report and maintain the results, as the “site” could be subject to other disturbances
- how and when to involve experts that could improve your understanding of specific artefacts.
If this seems far-fetched, just consider your current Business Continuity activities and the relationship with SLAs agreed with your suppliers.
Do you have a “mapping” of the coverage not only by each supplier/SLA, but overall of your Business Continuity needs?
As shown in the previous chapters, we consider insurance a risk management tool whose efficacy is in covering the financial risk of any activity, not a replacement for a sound priority-setting that should identify which part of the activities could create a “domino effect”, and therefore where continuity resources should be focused on.