Well thought out business continuity plans help organizations minimize the risks of a disaster and restore vital business functions without significant detrimental effects. This article, examines the fundamentals of business continuity management (BCM) planning, while highlighting critical lessons learned from a variety of recent disasters, providing actionable steps you can take to create a customized plan.
An Unpredictable World
Disasters are unknowable, unpredictable, yet unrelenting. Their impact on businesses can be significant. Consider the consequences of two recent disasters – one natural, the other manmade:
- On March 11, 2011, an 8.9 magnitude earthquake hit Japan, triggering a tsunami that killed more than 20,000 people and caused the failure of the Fukushima Daiichi nuclear power plant. Repercussions cascaded around the world as Japanese production lines were halted or slowed, disrupting the vital global supply chain, especially in the automotive industry. The disaster created overall economic losses of $125 billion and indirect economic losses such as reduced employment, production and logistics interruptions estimated at $375 billion.
- On August 7, 2011, Amazon’s only European cloud services data center was brought down due to a lightning storm. However, the company’s disaster recovery solution did not incorporate a fail-safe plan to minimize disruptions and loss of service costs. The outage was further extended due in part to the lack of prior testing, which might have shown the error in the data recovery software. Meanwhile, Microsoft, which hosts services from the same data center, did not experience a service outage because it utilizes a fail-safe back-up site.
These disasters pose a constant threat to businesses. Hoping to get through any length of a business lifecycle without incurring some type of calamity is unlikely. While television and the Internet have made us more aware of natural and manmade disasters, they are literally happening more frequently.
Many scientists believe that global climate change is increasing the number and severity of natural disasters, such as hurricanes and tornadoes. Terrorist strikes and criminal hackers attacking power grids, the Internet and communications systems, and transportation infrastructures have become an ongoing peril to global businesses. Today’s IT infrastructures have become so complex and interconnected that lock-tight guarantees against human error crippling a company can no longer be assumed.
Disasters cannot be prevented, but business continuity management planning can mitigate the risks and help organizations recover quickly to survive. Companies can setup a sufficiently detailed BCM plan that defines how their business will resume operations. A good BCM plan must account for the recovery of the information technology (IT) infrastructure and renewed access to applications that employees, customers and suppliers use. It should also address the continuance of executive decision making, safe havens for people to work, internal and external communications, and the resumption of operations in every business function.
Following the most devastating disasters, such as the terrorist attacks of September 11, 2001, Hurricane Katrina and the earthquake in Japan, many companies that did not have a BCM plan could not recover fast enough to survive as customers shifted to other businesses. Other disasters have been relatively localized, impacting businesses only in a small geographic area. History has shown that the local marketplace often forgives companies whose operations are temporarily shut down in such cases; but in today’s world of globalized competition, few businesses remain strictly local. If a business is the only one affected by a disaster while its competitors are not, the marketplace will move to companies open for business.
A business continuity plan is effectively an asset whose value, like an insurance policy, may not be appreciated until disaster strikes. But with a solid plan in place, no company needs to look back with 20/20 hindsight and wish it had one.