organisations have still to translate their business continuity
plans from hard-copy format into a technology-driven total business
continuity process, says Monica Visconti.
Never has it been brought home more forcefully
than now that, in times of great threat and danger, processes need
to be firmly in place to ensure full business continuity in the
wake of a disaster or emergency.
With the possibility of a future terrorist
attack ever present in people’s minds, the ability for businesses
to be swiftly back up and running, should an incident occur, is
now seen as critical.
Across businesses everywhere, this imperative
has of late been at the heart of their strategic thinking. Yet many
organisations have still to translate their business continuity
plans, however well developed and considered they may be, from hard-copy
format into a technology-driven total business continuity process.
Implementing such processes grows increasingly
urgent, for the need to have an automated business continuity plan
in place is driven by many factors other than the more high-profile
concerns now commanding public attention.
Few business strategists would dispute the
fact that today’s organisations depend on all manner of technologies
for business agility. Indeed, in 2001 Thomas Ridge, director of
US Homeland Security revealed how far information technology has
wormed its way into our lives when he pointed out the Americans
rely on a complex network of critical infrastructure and information
systems. Shut down the infrastructure, he warned, and you shut down
Apart from acts of terrorism, there are a multitude
of scenarios that can have a devastating impact on the day-to-day
operations and future viability of any organisation. All operations
are vulnerable to industrial accidents, human error, power and network
outages, flooding and storm damage, as well as the increasingly
sophisticated activities of cyber-terrorists.
Moreover, these are not future threats –
they are the constant reality that every business organisation lives
with and that can happen at any time.
Less dramatic they may be, but these are the
events that can shut down your business, disrupt operations, cause
physical or environmental damage, or even put at risk the organisation’s
financial standing and public image. In the face of such collective
dangers, translating plans that exist in multiple formats –
mostly paper-based and not accessible during an emergency –
is the challenge that organisations now face. Increasingly, business
continuity managers acknowledge that, without the complete automation
of their organisations’ crisis management capabilities, the
very framework within which they function could well be subject
In a crisis it’s all too easy to jump
the gun and do the wrong thing. In a live business scenario it can
ruin a company. But with new workflow automation technology, help
is at hand. Businesses are given the broadest warnings when risks
are high, says Richard Harbord, a consultant to the London Resilience
Committee and the Cabinet Office. But individuals can soon forget
their roles and cease to be on their guard, he warned in a recent
public sector article. With dependence comes the need not only for
contingency planning but a strategy to remedy a crisis before it
escalates beyond control.
Contingency Planning Research estimates that
a server outage costs US credit card organisations on average $43,000
per minute in lost transactions. According to Infonetics, the technology
consulting group, IT-related outages cost one in four US companies
$10,000 per hour. Meanwhile, the Meta Group puts downtime costs
for the financial services industry at $1.4m per hour, according
to its widely referenced study IT Performance Engineering &
Measurement Strategies: Quantifying Performance Loss.
The causes? Unplanned outages are caused by
anything from faulty network equipment to data corruption to power
failures. The consensus, according to experts familiar with contingency
planning, suggests that hardware failure, telecoms failure and software
failure – in that order – are the usual suspects in
most unplanned outages, with humans invariably having an errant
hand in all three.
While strategies for recovering critical data
vary by industry the big questions are what to recover first and
how best to react. One of the wild cards is how workers behave in
an emergency. At the time of a crisis, the person reporting the
problem may be under duress and consequently information supplied
by a worker during a crisis can be vague, incomplete or inaccurate.
THE VITAL HOURS
The major disadvantage with documented procedures is that they are
often difficult, sometimes impossible, to locate in emergency situations.
Communications during a time of crisis are
typically often confused and patchy, so reaction during the first,
critical hours is slow and ineffective, prolonging the time it takes
to return to ‘normal’ business operations. Most worrying
is the degree to which a local authority may have suffered degradation
or permanent loss of data where there is no automated crisis management
system in place.
All of these apprehensions have served to heighten
awareness and recognition that crisis management needs to be at
the top of any business agenda, so that a technology-based strategy
is put in place that becomes the very arteries of the organisation,
enabling an integrated, seamless approach that extends across all
departments and boundaries. Only such a strategy can provide the
appropriate level of security, protection and safety of both personnel
So, how can businesses make sure they have
an effective crisis management strategy in place? And how might
that strategy be automated?
First, the strategy itself. There are four
key phases that need to be addressed: readiness, recognition, response
The readiness phase involves identifying, assessing
and mitigating vulnerabilities and risks; developing contingency
plans; documenting procedures for the most likely emergency situations;
establishing interactions that need to take place among organisations
and agencies; training; testing preparedness; and continuously refining
policies and procedures. Readiness also includes positioning critical
resources for the time of need.
The recognition phase allows identification
of when an organisation is threatened and is accomplished by regularly
monitoring events. Moreover, threats can exist both within, and
external to, an organisation. It is therefore crucial to work in
an integrated manner with suppliers, partners, customers and outside
agencies in order to minimise the impact on business continuity
across all transactional processes.
The response phase involves deploying the crisis
response team, establishing a command and control structure, providing
team members with information and guidance on what critical tasks
need to be accomplished, maintaining information flow between team
members and managing the crisis through resolution. The goal of
this phase is to establish continuity of operations (COOP) or business
The recovery phase includes necessary activities
required to restore capabilities to normal operations. Organisations
today are driven to implement a crisis management strategy for a
variety of reasons. Not only is it the right thing to do, it is
also the smart thing to do from a business perspective. An effective
crisis management strategy limits personal injuries and saves lives,
minimises property damage and financial loss, significantly reduces
liability, and allows faster return to normal business operations.
The smart money, say industry consultants familiar
with business continuity planning, is in testing and auditing. A
survey last year by the UK Financial Services Authority found that
some 40 percent of the 11,500 UK companies it regulates have no
contingency plan. Where plans are in place, they exist in the form
of rarely-used printed documents.
There are a number of reasons for testing,
over and above regulatory requirements in industries such as banking.
It is important to identify errors and omissions. This requires
a rigorous procedure for identifying and documenting problems and
making appropriate changes. Software that provides proactive workflow
and automation capability is effective at extracting relevant information
– often more so than human beings – and ensures nothing
falls through the cracks.
AUTOMATING THE SOLUTION
So, on to the second part of the challenge: how can that strategy
be fully automated? This calls for a software solution that can
stand up to the demands of a crisis; one that must meet certain
absolute criteria and offer all of the following:
* Support for all four phases of crisis management
* Immediate emergency notification
* Immediate information dissemination
* Workflow automation
* Integration with emergency information centres— both inside
and outside the organisation
* On-the-fly process modification
* Integration with internal business and process systems
* An underlying architecture that supports scalability and performance.
Remedy’s Crisis Response System meets
all of the above criteria and provides an enterprise with a solution
designed to bolster preparedness, and improve the ability to protect
people and critical assets during a crisis. It provides an environment
and infrastructure for crisis planning and preparation, increasing
ability and effectiveness in handling a crisis through initial discovery
through closure with all the alerts, notifications and actions required
to harness the necessary resources. It offers real-time views of
information, details of the current status of activities and the
ability to trigger actions that need to be performed.
The solution connects to disparate databases
and applications within - as well as between - agencies and government
departments, providing a unified view of data and status, coupled
with co-ordinated and consolidated action.
The benefits of running a fully automated system means an organisation
will have a faster response to a crisis, more effective communication
between response teams and impacted groups, effective co-ordination
of response teams, faster recovery times, reduced liability exposure
due to negligence and better use of all assets, including people,
equipment and property.
Automatic alerts and notifications—by
telephone, pager, e-mail and other means—instantly inform
authorised individuals of changing conditions and required actions.
Message sharing and bi-directional channels permit both reactive
and proactive notices, enabling employees, partners, first responders
and all others involved to maintain close communication and co-ordinate
their efforts for maximum efficiency.
The Remedy Crisis Response offers best-practice
processes out of the box, easy adaptability to the needs of the
enterprise and the in-built, proven flexibility that have made the
system the solution of choice for many organisations across the
Monica Visconti is strategic marketing
manager, Remedy UK. Remedy UK are exhibiting at the Helpdesk &
IT Support Show 2004. This features over 70 exhibitors and a free
education programme of 50 independent and vendor led seminars. Now
in its 8th year The Helpdesk & IT Support Show 2004 runs from
27th to 29th April 2004, at the National Hall, Olympia, London.
13th February 2004 •Region: UK / Worldwide
•Type: Article •Topic:
Rate this article or
make a comment - click