Meeting the challenge of uncertain times
Never has it been brought home more forcefully than now that, in times of great threat and danger, processes need to be firmly in place to ensure full business continuity in the wake of a disaster or emergency. With the possibility of a future terrorist attack ever present in people’s minds, the ability for businesses to be swiftly back up and running, should an incident occur, is now seen as critical. Across businesses everywhere, this imperative has of late been at the heart of their strategic thinking. Yet many organisations have still to translate their business continuity plans, however well developed and considered they may be, from hard-copy format into a technology-driven total business continuity process. Implementing such processes grows increasingly urgent, for the need to have an automated business continuity plan in place is driven by many factors other than the more high-profile concerns now commanding public attention. Few business strategists would dispute the fact that today’s organisations depend on all manner of technologies for business agility. Indeed, in 2001 Thomas Ridge, director of US Homeland Security revealed how far information technology has wormed its way into our lives when he pointed out the Americans rely on a complex network of critical infrastructure and information systems. Shut down the infrastructure, he warned, and you shut down America. Apart from acts of terrorism, there are a multitude of scenarios that can have a devastating impact on the day-to-day operations and future viability of any organisation. All operations are vulnerable to industrial accidents, human error, power and network outages, flooding and storm damage, as well as the increasingly sophisticated activities of cyber-terrorists. Moreover, these are not future threats – they are the constant reality that every business organisation lives with and that can happen at any time. Less dramatic they may be, but these are the events that can shut down your business, disrupt operations, cause physical or environmental damage, or even put at risk the organisation’s financial standing and public image. In the face of such collective dangers, translating plans that exist in multiple formats – mostly paper-based and not accessible during an emergency – is the challenge that organisations now face. Increasingly, business continuity managers acknowledge that, without the complete automation of their organisations’ crisis management capabilities, the very framework within which they function could well be subject to collapse. In a crisis it’s all too easy to jump the gun and do the wrong thing. In a live business scenario it can ruin a company. But with new workflow automation technology, help is at hand. Businesses are given the broadest warnings when risks are high, says Richard Harbord, a consultant to the London Resilience Committee and the Cabinet Office. But individuals can soon forget their roles and cease to be on their guard, he warned in a recent public sector article. With dependence comes the need not only for contingency planning but a strategy to remedy a crisis before it escalates beyond control. Contingency Planning Research estimates that a server outage costs US credit card organisations on average $43,000 per minute in lost transactions. According to Infonetics, the technology consulting group, IT-related outages cost one in four US companies $10,000 per hour. Meanwhile, the Meta Group puts downtime costs for the financial services industry at $1.4m per hour, according to its widely referenced study IT Performance Engineering & Measurement Strategies: Quantifying Performance Loss. The causes? Unplanned outages are caused by anything from faulty network equipment to data corruption to power failures. The consensus, according to experts familiar with contingency planning, suggests that hardware failure, telecoms failure and software failure – in that order – are the usual suspects in most unplanned outages, with humans invariably having an errant hand in all three. While strategies for recovering critical data vary by industry the big questions are what to recover first and how best to react. One of the wild cards is how workers behave in an emergency. At the time of a crisis, the person reporting the problem may be under duress and consequently information supplied by a worker during a crisis can be vague, incomplete or inaccurate. THE VITAL HOURS Communications during a time of crisis are typically often confused and patchy, so reaction during the first, critical hours is slow and ineffective, prolonging the time it takes to return to ‘normal’ business operations. Most worrying is the degree to which a local authority may have suffered degradation or permanent loss of data where there is no automated crisis management system in place. All of these apprehensions have served to heighten awareness and recognition that crisis management needs to be at the top of any business agenda, so that a technology-based strategy is put in place that becomes the very arteries of the organisation, enabling an integrated, seamless approach that extends across all departments and boundaries. Only such a strategy can provide the appropriate level of security, protection and safety of both personnel and assets. So, how can businesses make sure they have an effective crisis management strategy in place? And how might that strategy be automated? First, the strategy itself. There are four key phases that need to be addressed: readiness, recognition, response and recovery. The readiness phase involves identifying, assessing and mitigating vulnerabilities and risks; developing contingency plans; documenting procedures for the most likely emergency situations; establishing interactions that need to take place among organisations and agencies; training; testing preparedness; and continuously refining policies and procedures. Readiness also includes positioning critical resources for the time of need. The recognition phase allows identification of when an organisation is threatened and is accomplished by regularly monitoring events. Moreover, threats can exist both within, and external to, an organisation. It is therefore crucial to work in an integrated manner with suppliers, partners, customers and outside agencies in order to minimise the impact on business continuity across all transactional processes. The response phase involves deploying the crisis response team, establishing a command and control structure, providing team members with information and guidance on what critical tasks need to be accomplished, maintaining information flow between team members and managing the crisis through resolution. The goal of this phase is to establish continuity of operations (COOP) or business continuity. The recovery phase includes necessary activities required to restore capabilities to normal operations. Organisations today are driven to implement a crisis management strategy for a variety of reasons. Not only is it the right thing to do, it is also the smart thing to do from a business perspective. An effective crisis management strategy limits personal injuries and saves lives, minimises property damage and financial loss, significantly reduces liability, and allows faster return to normal business operations. The smart money, say industry consultants familiar with business continuity planning, is in testing and auditing. A survey last year by the UK Financial Services Authority found that some 40 percent of the 11,500 UK companies it regulates have no contingency plan. Where plans are in place, they exist in the form of rarely-used printed documents. There are a number of reasons for testing, over and above regulatory requirements in industries such as banking. It is important to identify errors and omissions. This requires a rigorous procedure for identifying and documenting problems and making appropriate changes. Software that provides proactive workflow and automation capability is effective at extracting relevant information – often more so than human beings – and ensures nothing falls through the cracks.
* Support for all four phases of crisis management Remedy’s Crisis Response System meets all of the above criteria and provides an enterprise with a solution designed to bolster preparedness, and improve the ability to protect people and critical assets during a crisis. It provides an environment and infrastructure for crisis planning and preparation, increasing ability and effectiveness in handling a crisis through initial discovery through closure with all the alerts, notifications and actions required to harness the necessary resources. It offers real-time views of information, details of the current status of activities and the ability to trigger actions that need to be performed. The solution connects to disparate databases
and applications within - as well as between - agencies and government
departments, providing a unified view of data and status, coupled
with co-ordinated and consolidated action. Automatic alerts and notifications—by telephone, pager, e-mail and other means—instantly inform authorised individuals of changing conditions and required actions. Message sharing and bi-directional channels permit both reactive and proactive notices, enabling employees, partners, first responders and all others involved to maintain close communication and co-ordinate their efforts for maximum efficiency. The Remedy Crisis Response offers best-practice processes out of the box, easy adaptability to the needs of the enterprise and the in-built, proven flexibility that have made the system the solution of choice for many organisations across the globe. Monica Visconti is strategic marketing manager, Remedy UK. Remedy UK are exhibiting at the Helpdesk & IT Support Show 2004. This features over 70 exhibitors and a free education programme of 50 independent and vendor led seminars. Now in its 8th year The Helpdesk & IT Support Show 2004 runs from 27th to 29th April 2004, at the National Hall, Olympia, London.
•Date:
13th February 2004 •Region: UK / Worldwide
•Type: Article •Topic:
BC general
|
