Managing business continuity

Of the estimated 4.7 million UK business enterprises at the start of 2007, 99.3 per cent of these were small (under 50 employees), of which 67 per cent have no business continuity plans.
    
“Business continuity management (BCM) is a process that helps manage risks to the smooth running of an organisation or delivery of a service, ensuring continuity of critical functions in the event of a disruption, and effective recovery afterwards.”1 For many companies and their customers, traditional backup and disaster recovery solutions are just another critical necessity, like insurance.

Costly disruptions
Disruptions can be expensive for those companies without a business continuity plan. In a YouGov survey 60 per cent of those polled had experienced up to a full days disruption of their company’s phone system; costing the business an average of £14,431 per incident.      

During the past year more than a third (36 per cent) of UK workers have had their company telephone connection cut off due to failures caused by factors such as flooding, power cuts, roadworks and equipment faults. Worryingly, nearly 61 per cent of the same businesses weren’t aware of any disaster recovery or business continuity plan.
    
The 2008 Business Resiliency Survey, which deals with mainly large multinational organisations, showed that 84 per cent of these businesses have an emergency response in place, with 71 per cent having a business continuity plan. The majority of these companies are now turning to business resilience plans, designed to protect their individual employees and the business operations as well as ensuring the protection of the company’s reputation and brand. However, one of the main drivers for this emphasis was due to higher customer expectations and increased demands for resilient service providers.
    
Business continuity has moved on significantly over the last ten years. Today companies have to prepare for a wide range of risks; from tracking terrorism, weather and environment to monitoring infectious diseases and health issues. However, for a large number of companies the attacks may be less extreme but just as business threatening. Hardware and software failure, power outage/failure, data leakage or loss and accidental or malicious employee behaviour are some of the most common reasons why companies have had to initiate a continuity plan.

Responsibility
Business continuity has become a key part of the management process today with responsibility residing with senior executives and directors. For these plans to be effectively executed and to keep reputational and employee concern to a minimum, there needs to be a number of responsible directors for different areas of the recovery plan, all understanding each others’ role. It is worrying then that the number of executives who are involved in disaster recovery planning is declining. In 2008 33 per cent of companies said their CIO or IT director was involved in their continuity team compared to 55 per cent in 2007.
    
Companies must consider all aspects of their business when engaging in continuity planning. A survey after the summer floods in 2007 showed that seven out of ten companies, while having continuity plans for their businesses processes, did not have continuity plans to protect their IT infrastructure. Without IT infrastructure these companies could not ensure that their processes or services remained active during any downtime.
    
Other findings showed that less than four in ten businesses had taken any steps to keep e-commerce sites up and running, protect mail servers, facilitate remote working, or ensure that staff had access to critical applications in the event of a major incident. It is vital that organisations review and test their business continuity plans, and ensure that all employees know what do if the plan is put into action, whether it be a power outage or an external attack. Communication, as in so many other areas, is critical to a successful business continuity plan.

Backup
With increased business transformation it is essential that company directors are aware of their dependence on fundamental business facilities – e-mail, telephone, the availability of the customer database, access to your premises and accountancy practices. How resilient are they all? What backup do you have in the event that they are not accessible? If you have no continuity plan, how would your business function without those facilities?
    
If companies are not yet convinced of the need for business critical business resilience planning, stats from the London Chamber of Commerce make for compelling reading. Of the businesses that lose data from a disaster, 90 per cent are forced to close within two years. In the event of flood or fire, 80 per cent of businesses without a well-structured recovery plan are forced to close within twelve months.             

Shockingly, 43 per cent of companies experiencing disasters never recover and 50 per cent of companies experiencing a computer outage will be forced to shut within five years. With the statistics showing us that one in five businesses suffer a major disruption every year, businesses cannot afford to avoid business continuity planning.
Notes  1.http://www.preparingforemergencies.gov.uk/bcadvice/index.shtm

Please register to comment on this article