Vous êtes sur la page 1sur 6

Plan Do Check Act (PDCA) How it Applies To Business Continuity

Posted on June 30, 2010 by Jacque Rupert

The business continuity industry has heard a lot about Plan, Do, Check Act (PDCA) recently. Nearly every emerging standard is following this approach, from BS 25999 and NFPA 1600 (2010 edition) to the new American business continuity standard being created by ASIS. However, there seems to be a lot of confusion about what PDCA is and what it means for business continuity. The PDCA model is the basic building block of a management system, focused on weaving management-level decision making into traditional program practices. The traditional business continuity program activities, like a business impact analysis and plan development, fall mostly into one of the categories (do) see figure 1 but the value of PDCA is that management input and feedback wraps around these activities, thus ensuring continuous improvement. The following sections break down the components of a PDCA approach to business continuity, with a focus on which activities will provide your organizations program the most value.

Plan The plan process establishes objectives, targets, controls, processes and procedures for the program to deliver results in accordance with an organizations overall policies and objectives. Related to business continuity, this involves defining the business continuity management program; including identifying standards, creating a policy statement, appointing a program sponsor and steering committee, and establishing an initial program scope and risk tolerance. One of the most important plan activities is for executive management to identify what they want to protect and recover with respect to their business continuity program. These are typically stated as critical products and services. Of note, phrasing the key objectives of the business continuity program as key organizational outputs helps to position the business continuity program in managements language, thus gaining understanding, support, and involvement from management. Do The do process implements and operates the business continuity policy, controls, processes and procedures. This includes a number of actions in order to understand, strategize, plan, and test the organization for business continuity events. As mentioned earlier, the do process is where the common business continuity tasks are performed. The first step in do is to perform a business impact analysis, or BIA, as well as a risk assessment. The business impact analysis maps critical products and services to individual departments and activities, and seeks to identify recovery objectives for each. The purpose of the risk assessment is to describe the outcomes from disruptive events and the suitability of current-state controls to prevent the disruptive event from occurring, as well as control recommendations to align with the organizations risk tolerance. The second step is the identification of risk mitigation, response and recovery strategy options, and once selected, the implementation of these risk treatments. The third step of do, involves developing plan documentation,

which should be written in a way to enable repeatable response and recovery performance, regardless of the experience of the person leading the effort. The last step is organization-wide training and validation of strategies and plans through exercises, and the initiation of program maintenance activities. Check The check process monitors and reviews performance against established management system objectives and policies and reports the results to management for review. The program should be subject to internal review to measure program performance against pre-defined policies and objectives. The results of said assessments should be presented to management via the established business continuity steering committee. You may be thinking: my organizations management will hardly meet to establish objectives, let alone meet to review them. If this is the case for your organization, implementing a management system is likely the exact solution that you need. Instead of merely presenting metrics based on BIA and plan reviews and maintenance, the check process allows the business continuity program to communicate program performance in a language that management understands. Presenting the organizations continuity capability in terms of alignment to pre-defined organizational outputs (critical products and services) will help management understand how the program is performing in association to what is important to them. This also helps them better recognize how key risks would actually impact the organization, allowing them to accept the risk or take action on the risk. In short, the check process ensures that management is accountable for the program and the organizations overall business continuity capability. Act The act process maintains and improves the program by taking preventive and corrective actions, based on the results of management review and re-appraising the scope, business continuity policy, and objectives. This includes updating and maintaining the corrective actions / preventative actions (CAPA) list and a post-incident review process, as well as ensuring continuous improvement of the business continuity program in order to constantly align the business continuity program to management expectations. Should My Organization Use the PDCA Model? In many organizations, management systems concepts are already incorporated into many existing programs, such as quality management. Thus, it is likely that your executive management team may be already familiar with management systems concepts and understand their role in operating within a management system. Consequently, implementing a management system-framework connects business continuity planning efforts to commonly understood and defined business objectives. Business continuity efforts are enhanced with management system-oriented models that avoid professional jargon and focus on business outcomes. Putting the business continuity program into key organizational outputs is meant to focus on the objectives of management and to speak in the language of the organization. Because of this, the business continuity program is able to communicate real capability and output, rather than focusing on micro business continuity-specific projects. What are the Benefits Associated with the PDCA Model? There are many benefits to implementing a business continuity management system, many of which have already been described in this article. However, the benefits can be summarized into two key benefits: a business continuity management system compels management to be accountable to the outcome of the program, and provides an accepted approach for external validation. The key to a successful business continuity management system is gaining and maintaining the interest and support of executive management. Guidelines on how to do this have been discussed throughout this article, but the main tip is to ensure the program speaks executive managements language (key organizational outputs) and to communicate program performance and tasks in terms of alignment to the continuity capability of those organizational outputs. By communicating in this way, management understands the need for their continued interest in the program. Management will be presented with choices to accept or take action on risks that directly contribute to the success and continuity of key organizational outputs. A business continuity management system forces strong alignment with what management is thinking with what the business continuity program is doing and communicating it actually compels management to be accountable to the program. The second key benefit to implementing a business continuity management system is that it inherently solves the audit a plan problem that many organizations encounter. Has your organization been asked for a copy of your business continuity plan to prove youre prepared? We all know that a thick business continuity plan doesnt equate to organizational capability. Unfortunately, third parties often have few other options than to review the plan and evaluate it. By implementing a business continuity management system, especially one certified by a third party, it changes the focus from a check the box viewpoint (auditing a plan), to actually making sure that your organization has a real, useful, and capable business continuity capability (reviewing the performance of the management system). This enables the organization to validate and communicate program performance both internally (to executive management) and externally (to key stakeholders) in many cases just by showing proof of certification! How Can My Organization Implement a PDCA Model or Incorporate PDCA Into Our Existing Program?

The following guidelines can assist you in implementing business continuity management system into your organization: Establish a cross-functional management steering committee Talk in the language that management understands How they view the business and what is important to them Make business continuity relevant and easy to understand simplicity is key! Focus on organizational outputs (key products and services) Establish downtime tolerances for key products and services Explain current capability of key products and services in order for management to take action or accept risk Ensure objectives are realistic and management is willing to spend the resources needed to achieve objectives Conclusions With the growing popularity and continued success of business continuity management systems, this approach and framework is proving to be the future of business continuity. Organizations struggling with capturing and maintaining executive managements attention will realize tremendous value when implementing a business continuity management system. Input and continuous feedback will increase, as will the decisions and resources necessary to meet managements expectations. The business continuity management systems framework has one goal: to provide a business continuity program that works, is flexible, and is efficient.

Plan-Do-Check-Act (PDCA) Cycle


Also called: PDCA, plandostudyact (PDSA) cycle, Deming cycle, Shewhart cycle The plandocheckact cycle (Figure 1) is a fourstep model for carrying out change. Just as a circle has no end, the PDCA cycle should be repeated again and again for continuous improvement.

Figure 1: Plan-do-check-act cycle

When to Use PlanDoCheckAct


1. 2. 3. 4. As a model for continuous improvement. When starting a new improvement project. When developing a new or improved design of a process, product or service. When defining a repetitive work process. When planning data collection and analysis in order to verify and prioritize problems or root causes. When implementing any change.

PlanDoCheckAct Procedure
Plan. Recognize an opportunity and plan a change. Do. Test the change. Carry out a small-scale study. Check. Review the test, analyze the results and identify what youve learned. Act. Take action based on what you learned in the study step: If the change did not work, go through the cycle again with a different plan. If you were successful, incorporate what you learned from the test into wider changes. Use what you learned to plan new improvements, beginning the cycle again.

PlanDoCheckAct Example
The Pearl River, NY School District, a 2001 recipient of the Malcolm Baldrige National Quality Award, uses the PDCA cycle as a model for defining most of their work processes, from the boardroom to the classroom. PDCA is the basic structure for the districts overall strategic planning, needsanalysis, curriculum design and delivery, staff goal-setting and evaluation, provision of student services and support services, and classroom instruction. Figure 2 shows their A+ Approach to Classroom Success. This is a continuous cycle of designing curriculum and delivering classroom instruction. Improvement is not a separate activity: It is built into the work process.

Figure 2: Plandocheckact example Plan. The A+ Approach begins with a plan step called analyze. In this step, students needs are analyzed by examining a range of data available in Pearl Rivers electronic data warehouse, from grades to performance on standardized tests. Data can be analyzed for individual students or stratified by grade, gender or any other subgroup. Because PDCA does not specify how to analyze data, a separate data analysis process (Figure 3) is used here as well as in other processes throughout the organization.

Figure 3: Pearl River: analysis process Do. The A+ Approach continues with two do steps: 1. Align asks what national and state standards require and how they will be assessed. Teaching staff also plans curriculum by looking at what is taught at earlier and later grade levels and in other disciplines to assure a clear continuity of instruction throughout the students schooling. Teachers develop individual goals to improve their instruction where the analyze step showed any gaps. 2. The second do step is, in this example, called act. This is where instruction is actually provided, following the curriculum and teaching goals. Within set parameters, teachers vary the delivery of instruction based on each students learning rates and styles and varying teaching methods. Check. The check step is called assess in this example. Formal and informal assessments take place continually, from daily teacher dipstick assessments to every-six-weeks progress reports to annual standardized tests. Teachers also can access comparative data on the electronic database to identify trends. High-need students are monitored by a special child study team. Throughout the school year, if assessments show students are not learning as expected, mid-course corrections are made such as re-instruction, changing teaching methods and more direct teacher mentoring. Assessment data become input for the next step in the cycle. Act. In this example the act step is called standardize. When goals are met, the curriculum design and teaching methods are considered standardized. Teachers share best practices in formal and informal settings. Results from this cycle become input for the analyze phase of the next A+ cycle.

Plan-Do-Check-Act (PDCA)

Implementing New Ideas in a Controlled Way Also known as the PDCA Cycle, or Deming Cycle
Something needs to change: Something's wrong, and needs to be fixed, and you've worked hard to create a credible vision of where you want it to be in future. But are you 100% sure that you're right? And are you absolutely certain that your solution will work perfectly, in every way? Where the consequences of getting things wrong are significant, it often makes sense to run a well-crafted pilot project. That way if the pilot doesn't deliver the results you expected, you get the chance to fix and improve things before you fully commit your reputation and resources. So how do you make sure that you get this right, not just this time but every time? The solution is to have a process that you follow when you need to make a change or solve a problem; A process that will ensure you plan, test and incorporate feedback before you commit to implementation. A popular tool for doing just this is the Plan-Do-Check-Act Cycle. This is often referred to as the Deming Cycle or the Deming Wheel after its proponent, W Edwards Deming. It is also sometimes called the Shewhart Cycle. Deming is best known as a pioneer of the quality management approach and for introducing statistical process control techniques for manufacturing to the Japanese, who used them with great success. He believed that a key source of production quality lay in having clearly defined, repeatable processes. And so the PDCA Cycle as an approach to change and problem solving is very much at the heart of Deming's quality-driven philosophy. The four phases in the Plan-Do-Check-Act Cycle involve: Plan: Identifying and analyzing the problem. Do: Developing and testing a potential solution. Check: Measuring how effective the test solution was, and analyzing whether it could be improved in any way. Act: Implementing the improved solution fully. These are shown in Figure 1 below.

There can be any number of iterations of the "Do" and "Check" phases, as the solution is refined, retested, re-refined and retested again. How to Use the Tool The PDCA Cycle encourages you to be methodical in your approach to problem solving and implementing solutions. Follow the steps below every time to ensure you get the highest quality solution possible. Step 1: Plan First, identify exactly what your problem is. You may find it useful to use tools like Drill Down, Cause and Effect Diagrams, and the 5 Whys to help you really get to the root of it. Once you've done this, it may be appropriate for you to map the process that is at the root of the problem Next, draw together any other information you need that will help you start sketching out solutions. Step 2: Do This phase involves several activities: Generate possible solutions. Select the best of these solutions, perhaps using techniques like Impact Analysis to scrutinize them. Implement a pilot project on a small scale basis, with a small group, or in a limited geographical area, or using some other trial design appropriate to the nature of your problem, product or initiative. Our section on Practical Creativity includes several tools that can help you generate ideas and solutions. Our section on Decision Making includes a number of tools that will help you to choose in a scientific and dispassionate way between the various potential solutions you generate. Note: The phrase "Plan Do Check Act" or PDCA is easy to remember, but it's important you are quite clear exactly what "Do"

means. ""Do" means "Try" or "Test". It does not mean "Implement fully." Full implementation happens in the "Act" phase. Step 3: Check In this phase, you measure how effective the pilot solution has been, and gather together any learnings from it that could make it even better. Depending on the success of the pilot, the number of areas for improvement you have identified, and the scope of the whole initiative, you may decide to repeat the "Do" and "Check" phases, incorporating your additional improvements. Once you are finally satisfied that the costs would outweigh the benefits of repeating the Do-Check sub-cycle any more, you can move on to the final phase. Step 4: Act Now you implement your solution fully. However, your use of the PDCA Cycle doesn't necessarily stop there. If you are using the PDCA or Deming Wheel as part of a continuous improvement initiative, you need to loop back to the Plan Phase (Step 1), and seek out further areas for improvement. When to use the Deming Cycle The Deming Cycle provides a useful, controlled problem solving process. It is particularly effective for: Helping implement Kaizen or Continuous Improvement approaches, when the cycle is repeated again and again as new areas for improvement are sought and solved. Identifying new solutions and improvement to processes that are repeated frequently. In this situation, you will benefit from extra improvements built in to the process many times over once it is implemented. Exploring a range of possible new solutions to problems, and trying them out and improving them in a controlled way before selecting one for full implementation. Avoiding the large scale wastage of resources that comes with full scale implementation of a mediocre or poor solution. Clearly, use of a Deming Cycle approach is slower and more measured than a straightforward "gung ho" implementation. In true emergency situations, this means that it may not be appropriate (however, it's easy for people to think that situations are more of an emergency than, in reality, they really are...) Note: PDCA is closely related to the Spiral Development Approach which is popular in certain areas of software development, especially where the overall system develops incrementally. Spiral Development repeats loops of the PDCA cycle, as developers identify functionality needed, develop it, test it, implement it, and then go back to identify another sub-system of functionality.

Key Points: The Plan-Do-Check-Act (PDCA) Cycle provides a simple but effective approach for problem solving and managing change, ensuring that ideas are appropriately tested before committing to full implementation. It can be used in all sorts of environments from new product development through to marketing, or even politics. It begins with a Planning phase in which the problem is clearly identified and understood. Potential solutions are then generated and tested on a small scale in the "Do" phase, and the outcome of this testing is evaluated during the Check phase. "Do" and "Check" phases can be iterated as many times as is necessary before the full, polished solution is implemented in the "Act" phase.