As anyone who has ever braved the Saturday crowds in Home Depot knows, we Americans love to do things ourselves. In fact, our love of “do-it-yourself” is so great it has pushed Home Depot to number 23 on the 2017 Fortune 500 list. Rival Lowe’s is number 40.
In the field of business continuity management, the topic of “do-it-yourself” comes up most often in the area of business continuity software, which is the software organizations use to implement and maintain their business continuity programs. This enterprise BCM software typically facilitates the completion of tasks such as the following:
- Writing and developing a business continuity plan
- Carrying out a business impact analysis (BIA)
- Training business continuity personnel
- Carrying out benchmarking activities
- Conducting risk assessments
- Managing crisis response
- Carrying our post-incident reviews
This software is a vital part of an organization’s BC plan and bears a heavy responsibility in safeguarding the future of the company.
But obtaining a good software solution isn’t easy, and no aspect of the process is more consequential than a decision you will face very early in the process, if you find yourself in the position of looking for a BC software package for your company. This is whether to buy an off-the-shelf solution or to “do it yourself,” building your own tool in-house.
Is it Better to Build or Buy?
There’s no one right answer to the question of “Is it better to build or buy?” The optimal solution for your organization depends on your priorities and goals and the resources you have available to meet them. However, I can share a few insights and observations that might help you in grappling with this decision.
First, I’ll lay out the characteristics of organizations that might be better off building their own solution, then I’ll bullet out some traits of organizations that would probably do better buying a solution. Then I’ll sketch out some steps you can take to help you decide whether to build or buy. Lastly, I’ll talk a little about the various off-the-shelf solutions that are available, including the tools developed by my company, BCMMetrics.
You Might Want to Consider Building If …
If most or all of the following are true about your organization, you might want to look seriously at building your own enterprise BCM software solution:
- Your organization is of medium or large size.
- You have access to a strong in-house or third-party development team.
- Your development team has the expertise, time, desire, and budget to build the tool, maintain it, update it, and support it for as long as the tool is in use, including staffing a helpdesk.
- You will have the authority to hold the developers accountable for the quality of their work.
- You are currently using but are dissatisfied with an off-the-shelf product (for example, because it is too hard to use or has unneeded bells and whistles).
- Your organization is unusually complex and has special needs or wants that are not met by any of the available off-the-shelf solutions or would require extensive customization of them. (Examples of ways in which the available products might not meet your needs are: if you want a BIA tool that asks for specific information, your organization has specific security needs, or you have been given unique reporting requirements by management.)
- Your company has been doing business continuity for a while, giving you have a good understanding of your needs and requirements.
- You have plenty of time. Building proprietary software takes a great deal of time to complete successfully. It almost always takes longer than you think it will.
And finally:
- Notice one item that is not on the list: “Your company has an in-house development team which needs something to do.” That by itself is not a good reason to begin a building a proprietary BC tool. If ready-made software does not meet the other requirements, the program will probably fail, causing problems far greater than that of having underutilized staff resources.
You Should Probably Look at Buying If …
If most or all of the following are true of your organization, your best bet is probably to shop around for a good off-the-shelf BCM software package:
- Your organization is small.
- Your organization does not have access to a development team.
- You are not confident that your organization can handle the ongoing burdens and expense of supporting a proprietary software tool.
- Your organization does not have highly complex business continuity needs. You would be perfectly well served by a “vanilla” BIA.
- Your business continuity planning has just started.
- You want to get something implemented quickly.
- Your organization is budget-conscious.
Still Not Sure Whether You Should Build or Buy?
The lists above might have already helped you see whether your organization would be best served by building its own tool or buying something off the shelf. If not, here are some steps you can take to help you get a clearer idea of whether you should build or buy:
- Assess your organization’s software development capabilities. Ask yourself if you are up for the challenges of building and supporting your own tool.
- Assess your organization’s ability to sustain the expenses of having your own tool.
- Examine your organization’s appetite for facing unforeseen challenges.
- Assess how much time and budget you have. (Based on my experience and observations, it is usually much cheaper and faster to buy than build.)
- Assess your requirements and do the research needed to determine whether off-the-shelf products are available that will meet them.
- Consider hiring a business continuity consultant to help you sort through these issues and make an informed decision. My firm MHA Consulting provides such services.
To put it in a nutshell: If a commercial BCM software program meets at least 80% of your requirements, you would probably find it better to buy than build.
A Few Thoughts on Commercial Enterprise BCM Software
If you do end up deciding that your organization would probably be better off buying than building, you’ll then face a whole other series of questions. This isn’t the time to get into the topic in-depth, but here are a few quick points that are worth your consideration:
- There are some excellent products out there. Unless your organization is extremely unique, there are any number of off-the-shelf software packages of proven effectiveness that will probably meet your needs.
- Ease of use is key. If the tool isn’t easy to use, the staff will lose interest, and will not do the work. This will result in your program will lose its effectiveness and fall out of compliance with your chosen standard.
- Watch out for products that are overly complex. Unneeded bells and whistles come at a cost in efficiency and user-friendliness.
- Theoretically, it’s great if you can configure the software for your organization’s needs, but too much configurability causes problems.
Consider BCMMetrics™ Business Continuity Management Tools
Finally, if you are thinking about buying a BC solution, you might consider our tools. The software tools developed by BCMMetrics can provide just these types of benefits. If you’re searching for business continuity software, take a look at BCMMetrics. Our cloud-based solutions facilitate compliance across your business continuity program and include tools to help with:
- Conducting BIAs. BIA On-Demand (BIAOD) gives you all the right questions to ask for every BIA interview. It also organizes the data to provide insights and easily share with your team.
- Evaluating standards compliance. Compliance Confidence (C2) makes it simple to assess your program’s level of compliance against key industry standards. It also gives you a “FICO-like” score that helps identify areas for improvement.
- Assessing your program’s residual risk. Residual Risk (R2) quantitatively identifies where pockets of residual risk exist and helps you evaluate how to handle them.
We also offer eight hours of free consulting in the first year to help with each tool to make sure you’re getting everything you want out of it. Our tools are intuitive, secure, and get the job done. If that’s what you’re looking for in a business continuity management system, schedule a free demo of our software today.