Increasing globalisation has provided many benefits for businesses as the entire world has become a potential marketplace; however, this also presents significant challenges as disruption to a supply chain on one continent can have major repercussions for business partners elsewhere.
According to a recent survey conducted by the Business Continuity Institute (BCI), of 12 organisations whose supply chains were affected by the earthquake and tsunami in Japan or the earthquake in Christchurch – both of which occurred in 2011 – 29% of those organisations’ supply chains recovered in a week, 24% took a month to recover, a staggering 41% stated that recovery took between a month and six months, and one organisation has yet to fully recover.
With South Africa having faced a tsunami warning in April this year, the above report highlights that implementing an effective Business Continuity Plan (BCP), which ensures local businesses can successfully recover from disruptive events and continue to supply critical products and services even after the event of a natural disaster, is becoming increasingly important.
Businesses that do not have effective Business Continuity Management (BCM) in place must realise the organisation is at risk of becoming impaired or even inoperable within seconds should the business be impacted from any disaster such as a tsunami, fire, other environmental catastrophies or everyday events such as labour unrest, theft or power supply failure, and may face severe reputational, financial and possible legal repercussions.
The main function of sound BCM is to enable a business to survive and continue functioning at a sustainable level following a major disruption to critical daily operations. This is done by identifying critical business processes that must be recovered within a certain time frame in order to continue supplying products and services during adverse operating conditions.
In addition to well known causes of business interruption, such as hardware failure, power outages, theft or natural disasters, South African businesses are also beginning to face a number of new threats to critical business operations. Labour unrest, road safety, declining security and safety standards and environmental issues, such as acid mine drainage, which can result in a business becoming inoperable if there is no proven BCM solution in place.
Dealing with the repercussions
The repercussions for businesses with no effective BCM solution can range from loss of revenue, assets, clients and staff to litigation, penalties and perhaps even worst of all, reputational damage. There are also personal consequences for the business leaders as they could face director or officer liability cases on the basis of negligence or criminal liability, which may have an effect on their personal reputation as well as the ability to act as a Director in future.
Some examples of essential services and activities which are critical to the sustainability of a business include, but are not limited to: revenue collection; communication with staff, suppliers and clients; service delivery; logistics and procurement.
There are five stages in the BCM lifecycle:
- Understanding the organisation
- Determining the BCM strategy
- Developing and implementing the BCM response
- Exercising, maintaining and reviewing the BCM plan
- BCM programme management
The tech angle
Similar to BCM, Information Technology Service Continuity (ITSC) involves the collection of policies, standards, processes and tools through which the organisation improves its ability to respond when a major failure occurs in order to continue or recover critical systems and services as normal.
ITSC plans may enable systems resilience to any disruptions which could occur at a site, power or environmental level, as well as the ability to recover rapidly and consistently. Essential to an effective ITSC plan is the protection of data, applications and processes. Recoverability is an option for systems and services with lower time criticality. The ultimate aim of any effective ITSC plan is to provide redundancy, which is the ability to process data through any disasterous event and recoverability.
Integral to continuity is the protection of both digital and printed information. Without access to essential records and data, an organisation will lose its’ ability to operate or recover. Without the correct information all bets are off.
South African business must realise that insurance policies do not keep a business running, they pay for damages caused – they cannot answer phones, communicate with clients or satisfy stakeholders when a major unforeseen interruption renders the business incapable of continuing mission critical activities.
However, the importance of testing Business Continuity and IT Service Continuity plans cannot be stressed enough as a recovery plan is only effective if it is certain to work. In a time when disruptions to business operations can occur at any moment, all businesses have a responsibility to clients, employees and stakeholders to ensure a tested plan is in place which allows the organisation to continue functioning at an operational level even in the event of a disaster.