Skip to content

Strategies & Solutions in BCM🔗

In the Strategies & Solutions view you define how you intend to achieve the objectives set in the BIA (RTO, MTPD, etc.).

Typical contents:

  • Recovery strategies for processes and assets,
  • Alternative solutions and emergency operating scenarios,
  • Assessment of whether the strategy can meet the objectives,
  • Responsibilities, cost, and implementation aspects.

View Structure🔗

The view is usually divided into the following areas:

  1. Filter / Scope Selection
  2. Selection of scope, processes, or asset types.
  3. Strategies List
  4. Overview of all existing strategies & solutions.
  5. Strategy Detail View
  6. Master data, assignment to processes/assets, assessment, links.

Types of Strategies🔗

Typical BCM strategies include, for example:

  • Alternate Site / Secondary Location
  • Cloud or Data Centre Fallback
  • Manual Emergency Operations (e.g. paper-based processes)
  • Redundant Systems / High Availability
  • Outsourcing to External Service Providers

In GRASP you can capture these strategies in a structured format, for example with:

  • Name,
  • Description,
  • Strategy type,
  • Affected processes and assets,
  • Responsible persons.

Creating and Linking Strategies🔗

To create a new strategy:

  1. Open the Strategies & Solutions view.
  2. Click "Create Strategy/Solution".
  3. Enter the master data:
  4. Title,
  5. Description / Scenario,
  6. Type (e.g. Alternate Site, Emergency Operations, Cloud Fallback),
  7. Responsible role/person.
  8. Link:
  9. Processes to which this strategy applies,
  10. Assets / Service Providers affected by the strategy,
  11. Relevant documents if applicable (e.g. emergency manual, runbooks).

Strategies can be reused across multiple processes — you do not need to create them multiple times.

Assessing the Strategy🔗

In the strategy detail view you can assess how well it contributes to the BIA objectives:

  • Does the strategy meet the defined RTO for the process?
  • Does it cover the maximum tolerable period of disruption (MTPD)?
  • What is the expected residual risk?
  • Are there dependencies that could compromise effectiveness (e.g. Single Points of Failure)?

Fields typically provided for this include:

  • "RTO compliance" (yes/no/partial),
  • "Effectiveness assessment" (e.g. in levels),
  • "Cost/effort estimate",
  • "Remarks / Assumptions".

Connection to Plans and Documents🔗

Strategies provide the framework; plans deliver the concrete implementation.

Therefore, you can link strategies to:

  • Recovery plans (for systems/assets),
  • Business continuity plans (for processes),
  • Communication plans,

This is often mapped through referenced documents or dedicated plan entities.

This allows you to see, for example:

  • Which plans implement a particular strategy?
  • Are these plans up to date and approved?
  • Which exercises and tests have already validated the strategy?

Strategies in the Context of Target/Actual Comparison and Risk🔗

Strategies & Solutions are effective at multiple points:

  • In the Target/Actual Comparison
    → Evidence that BIA objectives are not only theoretical but are covered by strategies.

  • In Risk Management
    → Strategies can be used as measures to reduce likelihood or impact.

  • In Audits and Exercises
    → Auditors and exercise leaders can see which strategy is designated for a scenario and whether it has been tested.

Practical Tip

  • Formulate strategies at a sufficiently abstract level (e.g. "Operations at the alternate data centre"),
    and document technical details in linked plans (e.g. runbooks, manuals).
  • Use reuse consistently: a good strategy can cover multiple processes and assets.
  • For strategies intended to fulfil regulatory requirements, include a reference to the relevant standards (e.g. internal or from external standards).