As a technology manager under constant pressure to keep up with the ever increasing needs of the business, how can you ensure that the IT infrastructure you build and maintain will be available no matter what? A tool that is often used by experienced IT professionals is the Key Performance Indicator (KPI) and the Risk Performance Indicator (RPI).

When it comes to IT resiliency, or the continued operations of your business, such indicators can help you assess areas of strength and weakness in your IT plans, as well as give you early warnings that you can use to proactively improve your systems’ resiliency. The following key metrics that every IT manager should use help assess areas of strength and weakness in IT plans, and help proactively improve systems resiliency.

Key Performance Indicators
A performance indicator or key performance indicator (KPI) is a measure of performance, or how well specific outcomes are achieved based on pre-defined processes and procedures. KPIs can be defined by answering the question, “What is really important to our stakeholders?” KPIs may be monitored and analyzed to assess the current state of the business, to identify corrections that ought to be made, and to prescribe a course of action.

Key performance indicators define a set of measurement values for comparison and can be summarized into the following subcategories:

  1. Quantitative indicators which can be presented as a number
  2. Practical indicators that interface with existing company processes
  3. Directional indicators specifying whether an organization is getting better or not
  4. Actionable indicators that are sufficiently in an organization’s control to effect change
  5. Financial indicators used in performance measurement and when looking at an operating index

Key Risk Indicators
A key risk indicator, also known as a KRI, is a management measure used to indicate an activity’s risk level. It differs from a key performance indicator (KPI) in that the latter is meant as a measurement of how well something is being done while the former is an indicator of the possibility of future adverse impact. KRIs give us an early warning to identify potential events that may harm the continuity of the activity/project. KRIs are also measurable metrics or indicators that track exposure or loss, or, perhaps, simply another way to describe “trouble.”

Practical Applications for KPIs and KRIs
Use of KPIs and KRIs in IT projects is essential to assess performance and mitigate risks. When used in Business Continuity and Disaster Recovery planning they become invaluable tools because they establish specific metrics for analysis of how well a BCM (Business Continuity Management) program is performing.

For example, some KPIs for business continuity might include the following:

  1. Completing two (2) plan exercises annually
  2. Updating all business impact analyses annually
  3. Updating all risk assessments annually
  4. Reviewing and confirming roles and responsibilities for emergency teams quarterly
  5. Confirming alignment of contact lists with HR databases on a bi-monthly basis

What’s next? Watch the full recoded online session of “Key Metrics for Disaster Recovery and Business Continuity” where we go through the details around setting up the right metrics for your Business Continuity and Disaster Recovery operations.


How do you measure the performance of your Disaster Recovery and Business Continuity program? What are the key metrics and indicators that you can use to tell what needs to be improved? Are there any early signs of success or failure you should be aware?