Business continuity – a changing agenda?

Dennis Thomas, director of business continuity at Synstar, comments.

In the past few weeks we have witnessed evacuation drills by councils up and down the UK - evidence that the threats of fire, power failures and terrorism are being taken seriously. Good news for all citizens who trust the public sector agencies to be well rehearsed and working in partnership with the emergency services in their planning.

But it has caused debate in the industry. The drills have come at a time when public security is high on the agenda. The threats to the UK and the culmination of government policy and public opinion have provoked agencies and councils to revisit their plans.

And it is thought that the public sector is not alone. Commercial organisations are reported to be taking similar steps to re-think plans.

But has there actually been a re-think in the commercial world? It’s true, security threats and power cuts have forced organisations to reassess their plans but can it be said that the assessments have lead to action?

At the coal face…
It’s far more likely that what we have witnessed, and are still witnessing, is a period of taking stock. Many of those commercial organisations with business continuity plans have realised that they need to shake up the plans they have by modifying their assumptions and reviewing geographical and environmental impacts (traditional elements of business continuity strategies).

For the first time they have also had to incorporate impacts of the unthinkable extremes of terrorism. So for example, customers are now considering the impacts of dirty bombs within cities and how large the exclusion zone needs to be. Assessments of prevailing wind associated with this risk is just one of the new elements currently being considered.

UK mainland terrorist activity provoked business continuity theories to prevail when it was clear that technology and process was not enough to protect people and facilities. But now terrorism risk has been taken to new heights, leaving many organisations confused as to which steps to take first, how far to go with protective measures and how much expenditure is appropriate.

It could be argued that for many of those without comprehensive business continuity plans, usually smaller companies who make up the ‘underbelly’ of the UK economy, there has been almost a ‘knee jerk’ reaction. These companies and organisations may have been forced to ask much bigger questions of their BC plans. It’s no longer just about IT and environment (flood, fire, earthquakes) - it must include socio-political impacts too.

Continuity v cost
In the cacophony of debate, cost has reared its head as a key issue. Can companies actually afford such thorough planning when the issue of ‘do less with more’ still rages on? Realists will say that the declining cost of technology and the ubiquity of IT options have given companies a choice. Companies can more effectively address business continuity within budget - an option that was not there before, for smaller companies especially. But it is accepted that knowing where to start and how to spend money is, for many, unclear as they rethink their plans and almost start again.

Invest….OK, but on what?
There seems to be some confusion about how to spend the budgets for business continuity. Should companies invest in data centres 100 miles away or just provide business continuity processes for critical systems? Should they make provision for all elements of business process or just some?

The answer is that companies should invest - be that internally or externally - according to the levels of criticality, according to budget and according to how they can practically integrate high availability, business continuity recovery, predictive/proactive monitoring of systems, escalation processes and skills. Invariably business continuity managed services providers could help answer those questions and could additionally become facilitators, especially in matters of IT.

But whichever tack is taken – and whether external help is sought or not - the approach must be holistic and must not rely on the old ways of business continuity management. Technology has changed, working practice has changed and threats have changed – too few are taking advantage of the fully integrated approaches that have been tried and tested for fear of how much it will cost. In fact failure to take this approach is the most costly option. But is that message getting out there?

What do customers want?
It could be said that “the message is beginning to get out there”, but customers are still trying to fathom out what it is they want – and perhaps even more importantly, what they need. And as specialist business continuity providers this is a question we must continually ask ourselves. By keeping abreast of debate and opinion it’s clear that customers want intelligent design that delivers high availability and integrated BC, with managed elements such as proactive monitoring, guaranteed failover, data protection and data retention.

For some a one-stop shop appeals; one that uses their resources cost effectively; exploits existing expertise; plugs skills/knowledge gaps; and gives them the capacity and resources to address the people issues of business continuity and understand the interaction that will be required between operational teams and the emergency services.

This is where pragmatic continuity experience is really coming into its own. The use of modern hardware and software products is leading to innovation to meet the expectations of the new continuity-aware generation.

So why then are there still so many stragglers? Is it about understanding? Is it about honesty and more sharing of best practice? Or is it simply that we still need to shout louder about how good business continuity plans have averted financial and operational disasters?

www.synstar.com

•Date: 26th September 2003 •Region: UK •Type: Article •Topic: BC general
Rate this article or make a comment - click here