Question: Are lessons from incidents and tests tracked and incorporated into updated continuity and recovery plans?
Why This Matters
Improvement loops convert experience into resilience. Without review, the same gaps reappear in future crises.
Maturity
No post-incident review or lessons log.
Findings shared verbally without tracking.
Template for lessons learned and action log.
Actions assigned and tracked to closure.
Outputs feed risk register and training updates.
Automated trends and predictive insights shared quarterly.
How to Level Up
| From → To | Actions | |—|—| | 0 → 1 |Record key lessons from past incidents.| | 1 → 2 |Adopt standard template for lessons log.| | 2 → 3 |Assign owners and due dates for actions.| | 3 → 4 |Link to risk and training programs.| | 4 → 5 |Automate trends and dashboards. |
Enablers
- People: BCM Lead, Risk Manager, HR Training
- Process: Capture → Assign → Implement → Review
- Technology: Issue tracker, dashboard tool
Evidence
- Lessons-learned register
- Closed actions list
- Updated plans showing revisions
KPIs
- Number of actions closed per quarter
- Repeat issues identified
- Plan update frequency
Low-Cost / Open-Source Options (MSME)
| Purpose | Tool | Notes | |—|—|—| | Tracking | Airtable | Lessons register | | Dashboards | Metabase | Trend analysis | | Collab | Nextcloud | Versioned plans |
Common Pitfalls
- Actions not tracked to closure
- No linkage to training updates
- Same issues repeat year to year
Compliance Mapping
| Standard | Clauses / Notes | |—|—| | ISO 22301 | 10.2 / 9.1 | | ISO 27001 | A.10 (Improvement) | | NIST CSF 2.0 | GV.MA / RS.IM | | NIRMATA Mapping | BC-Q08 institutionalizes learning and resilience growth. |