Out in the cold?
Smaller companies are less likely to have robust procedures in place to deal with unexpected events. Research by the Bank of Scotland Business Banking confirms that this is a fact. Even after high profile events such as the Buncefield oil depot fire and the bombings in London on 7/7, 50 percent of 1000 UK businesses surveyed had no agreed plan on how to react and deal with events such as fires, floods, terrorist acts or natural disasters. It appears that though awareness of the need for business continuity planning has risen, there is still a worrying lack of consideration given to it. So why are there still companies without a plan? Only 37 percent of sole traders questioned in the above survey had a procedure to deal with disasters, even though over half recognised that disasters could put them out of business. 47 percent of 505 owner managers without a business continuity plan said that they hadn’t thought about implementing one, 29 percent said it was unlikely such an event would affect them anyway and 11 percent said they had no time to think about it. 57 percent of businesses with more than 10 employees had measures in place; indicating that the more employees a business has the more likely it is to have a business continuity plan. Some may argue that with more staff they have the resource to put a plan in place and manage it, which can often be a problem within very small enterprises. It would also appear to be a common perception that business continuity is costly, complicated and only achievable by large corporations and is only needed by them, the ‘big fish’, not the sole traders or small companies. In truth even if you are a ‘small fish’ we are all working in the same pond with the same potential dangers! Major incidents, though thankfully relatively rare, or more common events like a power outage, could have a devastating impact on any business whatever its size. At NDR, we have found that somewhere in the region of 70 percent of invocation calls that we receive are as a result of hardware or power problems. This does not, however, decrease the severity of the damage that businesses could suffer, especially if IT functionality is compromised or if data is lost. The Bank of Scotland survey revealed that 84 percent of small companies use computers and 58 percent of them backup files to a remote server. So it would appear that some planning for IT failure is being conducted, but by no means enough. It is not simply having a backup tape or disk stored remotely that needs to be considered, but a much more holistic approach that is required, encompassing the entire business. What happens if your staff can’t access your premises or your main supplier goes out of business? It is about the business continuing to operate; ensuring continuity. Perhaps it is also that businesses find business continuity planning a daunting subject – to some even a scary subject. It challenges us to face the unthinkable – what if a flood or bomb destroys our building or a critical system fails putting a key business department out of action? Where do our staff go? Where will our customers go? And will they come back? Dare we suggest that comments from customers and contacts in the industry lead us to suspect that business continuity planning is being perceived as becoming too ambitious and too complex? Is it this mystique that is preventing some getting started on BCP? Are plans becoming so complicated that those very same plans are no longer practical for the organisation to viably test them any more? Of course, if this is true then this would make the whole plan worthless. Quite simply, if the plan is unproven the organisation remains unprepared. Taking complexities out of business continuity planning The approach to business continuity needs to retain a balance; in short, to turn plans into realistic recovery procedures and practical testing exercises. We have witnessed incidents which have served to show us how, in reality, it is a simple but effective plan that works best. Those companies that recovered well after a shocking event such as the Buncefield oil depot fire did so because they had explored the way in which their organisation worked and had prioritised and separated the processes into smaller parts that could be thoroughly tested. Taking a step back and observing how your business works allows you to identify where real problems or risks may lie, what your options are for dealing with them and considering what plans may be required to do this. And this is where a smaller company may find it easier than a larger one, as it is likely that the smaller the organisation the less business processes it may have to consider. When boiled down, business continuity is actually a fairly simple process: First step – consider your approach to risk analysis Second step - what to mitigate against Third step (a) – test the plan and keep it evolving A realistic test will highlight any elements that were overlooked in the planning process and it is then that it becomes possible to refine the business continuity plan, to add in any elements that were missed first time round, so that the plan becomes more realistic and more workable. A business continuity plan is not something that needs to be daunting or over complicated. It is about keeping it simple, realistic and workable. This is not to say that parts of a plan may not be more involved than others, but appreciating that an overall plan should be developed logically; allowing time to step back, see how your organisation works, assess the risks, mitigate against them and prioritise and separate processes into smaller parts so they can be tested. A simple, logical and realistic business continuity plan that can be tested is the best way to be prepared: to know where your staff will go, how customers will be dealt with and how you will continue operating in the face of an interruption. What better way to keep swimming - however big the pond? Network Disaster Recovery will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 28th - 29th March 2007 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident. For further information visit www.businesscontinuityexpo.co.uk
•Date: 5th Jan 2007• Region: UK •Type: Article •Topic: BC general |
