There seems to be a trend these days for spotting five things that we have learnt from any given event. I don’t know why five things rather than say ten. Maybe it’s because after that number people start to get bored these days.
Well, I certainly don’t want to bore anyone, so I will stick to five things for my list, which is what to watch out for in your business continuity planning. This list is the result of many years of experience in business continuity/disaster recovery work, mostly helping companies who have suffered some kind of catastrophic IT failure.
The first thing to look out for, or expect, is the unexpected. In my last blog I talked about so-called ‘black swan’ events. These are events that are totally unexpected in that they are beyond the frame of reference of most people, like the ideas of black swans was in medieval times. They tend to have a massive impact on an organisation, but even so are often not learnt from. You need to acknowledge that you cannot predict or plan for every eventuality, but you can prepare yourself so that whatever happens you have a fighting chance of surviving it.
The second thing to watch out for is your supply chain. You are dependent on your supply chain and you are only as strong as the weakest link in it. Risk assesses your supply chain on a regular basis, identify the vulnerabilities in it and look to plug them or plot a route around them if one of them fails. It will help you to achieve this more easily if you can include your supply chain stakeholders within your emergency communications network.
The police service often talks about the golden hour after an incident has happened to track the perpetrators and prevent further casualties. It is the same in disaster recovery. The first hours and even minutes of your response are the most vital and can make the difference between success and failure. If you can set up an incident alert system that gives you an additional 15 minutes to work in then you increase your chances of rapid recovery exponentially.
Make sure that your business continuity plan is fit for purpose and that it is ready to use should the worst happen. Many plans are so complex and unwieldy that they are simply not useable under the kind of stress situation that a business disruption event typically generates. Try to have a BC plan, or series of plans, that are simple, incident specific and only contain the information that is absolutely needed for the incident it covers. This will greatly increase the likelihood that the plan will actually be used when the chips are down.
And finally, test your plan and your team’s responsiveness on a regular basis. You should test your plan at least every six months, mostly this will be by means of a virtual desktop exercise, because everyone is busy aren’t they. But you should also test your team’s responsiveness to high priority messages at least monthly and if you have software that can track and report on response rates then your task will be made much easier.
So those are my five top things to watch out for in BC planning, and hopefully it won’t surprise you to learn that we took all five of them on board when designing the Crises Control mobile app. Preparing for the unexpected, communicating with your supply chain, automatic incident alerts, incident specific BC plans and a response testing programme. These are all features that we have built into the app to help you when you need it most.