Discussing these findings, Peter Groucutt, managing director of Databarracks says, “The theme of this year’s BCAW is about investing in resilience, but the initial results from our Data Health Check survey shows this is not happening across half of UK organisations.
“It’s critical all businesses ensure they regularly update and test their BC plans. A three-year old plan referring to long-retired employees and out-dated systems won’t be helpful to those who need to use it during a cyber-attack or if your power supply is disrupted during a storm. Good BC planning doesn’t need to be expensive or difficult. There are easy steps all businesses can take to improve their resilience.”
Groucutt continues, “Knowing what to do during an incident comes down to testing and practice. An easy action is to make testing part of your day-to-day operations and use known events to your advantage. As an example, some businesses test using the London tube strikes to practice invoking their BC plan. This enables them to go through the processes staff should undertake during an incident.
“Lessons can also be taken from specific industries, which are readily exposed to disruptions. As a necessity, they have plans and processes that are exercised constantly. Hospitality deals with disruptions on a regular basis, ranging from power outages, supplier failures, IT problems to even security or terrorism issues. The regularity of these disruptions means when an incident does happen, staff and the business know exactly what to do to continue serving.”
Groucutt continues, “Not all organisations are large enough to need a dedicated BC manager. In smaller enterprises, there is often confusion over who the responsibility for BC resides with. In many cases responsibility is pushed down to IT, but BC is bigger than IT. It includes where staff work from if your offices become inaccessible and how will they communicate – not just between themselves, but with customers and other stakeholders too. IT can recover servers and IT systems but responsibility for the survivability of the business ultimately sits with the board. It may not be someone’s entire role, but there needs to be someone named with responsibility for BC. They are the person who makes sure recovery processes are in place and stays on top of new risks and changes, to keep the organisation resilient.
“If you don’t have a BC plan, you should start by conducting a Business Impact Analysis (BIA) to determine and evaluate the potential effects of disruption to critical business operations. You need to decide what is important for your business, how you might be affected if something were to happen to your people, your premises, your IT or your suppliers. Then, you put in place the plans and workarounds, that keep you operational. For organisations looking for advice the Business Continuity Institute provides access to a wealth of resources and industry knowledge, focused on developing and building BC competency.”
Groucutt concludes, “Sometimes organisations are put-off from “doing BC” because it seems like a lot of time and resource that takes them away from more important (and pressing) needs, like driving sales and keeping customers happy. It can seem like a lot of ‘risk assessment’ and ‘impact analysis’ before you get a real benefit and that can cause action-paralysis. Actually, if you get all of the right people together even for a short time you can make some significant headway quite quickly and truly strengthen your business resilience.”