Continuity Central makes five predictions for the big issues that may impact the business continuity profession in 2012.
By David Honour, editor, Continuity Central.
2011 has gone down in the annals of history as the year when ‘a lot happened’. It was a year of many and varied natural disasters, as well as one of global political and societal turmoil: with the ‘Arab Spring,’ and the ongoing economic crisis, especially in the Euro-zone, being particular ‘headline grabbers’.
All of the above had an impact on organizations and the business continuity managers who attempt to keep their entities on an even keel; but if there is one over-arching theme to the lessons learned from 2011, it might be the repetitive highlighting of the inter-dependencies that exist between organizations within what is now, more than ever, a global supply chain.
What can we expect in 2012? In many ways the answer will be ‘more of the same’. Business continuity managers reported in a 2011 Continuity Central survey that their top three challenges of 2011 were ‘Lack of resources’ (both financial and human); ‘Difficulties in obtaining senior management support and input’; and ‘Getting wider buy-in from the organization.’ There are no real signs that the general economic climate is likely to improve quickly, therefore it is probable that, for most, business continuity budgets will remain under pressure in 2012; and a surge in the recruitment of business continuity managers is extremely unlikely. Business continuity managers will have to continue to make silk purses out of sows’ ears. Likewise, the wider organization will continue to face similar time management and staffing problems: ensuring that it will continue to be very difficult to gain the attention and commitment of those for whom business continuity is an annoying distraction from their ‘real’ jobs.
However, while the background noise might be the same in 2012 as 2011 there seem to be some specific themes emerging, which it seems relatively safe to claim as our ‘predictions’ for the big issues of 2012.
These are, in no particular order:
1) More resources being moved towards resilience and away from reactive business continuity measures.
Resilience has been one of the profession’s buzz-words of 2011 and many a conference session has been devoted to ‘what it is’ and ‘how to do it’. One of the key aspects of making an organization more resilient is the ‘hardening’ of processes. Resilient processes have measures built-in to the every-day production cycle that are designed to prevent the process from being disrupted. From an organizational point of view it is clearly more attractive to prevent a process from experiencing downtime than it is to have to react to a downtime event. If you have a limited budget where does it make sense to spend it? On proactive resiliency measures; or on reactive business continuity response measures? Of course, ideally you would spend on both. But, when money is tight, the priority may be the former over the latter.
2) Information security will increasingly be recognized as a major business continuity issue.
Information security and business continuity management have traditionally been seen as related but, essentially, separate disciplines. However, thinking in this area is changing, driven by the wider impact that information security breaches can now have on the whole organization. Information security related attacks can potentially cause widespread downtime; as well as long lasting reputational damage. These issues can come together in a perfect storm, threatening the very survival of even the largest businesses. Information security will be a top priority in 2012, with organizations having to spend big to simply tread water in this rapidly changing threat landscape.
3) Standards upheaval on the cards.
2012 should see the publication of ISO 22301, the new international business continuity standard. While many business continuity managers will reserve judgement on the usefulness of ISO 22301 until after its publication, there is already some concern about where it will leave BS 25999 and those organizations already certified to BS 25999 part two. Guidance so far has been vague, with BSI stating that it expects BS 25999 to be withdrawn and that there will be a certification transition period. This is typically between 12 and 18 months but can be up to three years. ISO 22301 will not be the same as BS 25999, although there will be many similarities, so some changes to the business continuity management system will be required to retain conformity and certification. Business continuity managers will want to see clear guidance from ISO, BSI and the other standards bodies in early 2012.
4) Cloud computing continues to be a ‘disruptive technology’.
Cloud computing became a mainstream option for many non-critical organizational processes in 2011, however in the mission critical area it has yet to gain widespread acceptance. This is likely to change in 2012 with the major industry players refining their offerings and providing services with enhanced resiliency, security, transparency and clearly defined service level agreements. While information security is always going to be a concern, many organizations will discover that in reality their cloud computing provider has a much better security infrastructure than their own existing system does. Cloud computing will continue to disrupt the traditional business continuity service providers, with these looking at the question of where workarea recovery fits into the equation.
5) The 2012 Olympics.
UK, and particularly London-based, organizations have the 2012 Olympics firmly in their sights. This will inevitably bring transport and logistical disruption, even if everything runs to plan. When you factor in the impact that the Olympics would have on other non-related crises, you can see the potential for truly monumental problems. Scenarios such as widespread flash flooding in the Olympic period; a pandemic coinciding with the Games; or a repeat of the 2011 London riots during the Olympics are all feasible. As is the obvious threat of terrorism in all its guises.
Whatever 2012 really brings, Continuity Central will continue to keep you up-to-date with all that happens in the business continuity profession around the world. To make sure that you hear about new developments as soon as they happen, sign up to our Twitter feed at http://twitter.com/continuitycent
•Date: 1st January 2012 • Region: World •Type: Article • Topic: BC general