The time has gone when a “compliant” business continuity plan is sufficient evidence of an organisation’s ability to prevent and prepare for downtime and disasters. Research by Sungard Availability Services shows that 75% of such plans aren’t used at the time of a disruption or during a test. This is not surprising. Compliant plans developed to “tick a box” are not likely to be trusted, when trust is what you need most.
Simon Arcus, CEO of New Zealand’s Institute of Directors reports that “cybersecurity and digital strategy are on the minds of directors in an unprecedented way. Nearly half of those surveyed expect to face major technological and business disruption within the next two years.”
For more on the NZIER Director Sentiment Survey, have a look at Simon’s blog. But first, allow me to pose three questions you should ask yourself, if you want to test your own confidence in your organisation’s ability to recover from a disruption.
1. Do our plans include the type of information that will enable us to make confident and timely decisions?
If your plans are too high level, your organisation will face significant vulnerabilities. A plan that does not reflect your business processes and the changing environment in which you operate, will not give you the confidence of an assured positive outcome. You may be able to recover individual processes (however, not necessarily the most critical ones) and not in a timely manner.
2. How quickly can our organisation adapt to a changing situation to make sound and defensible decisions?
If the information in your plan is static, it quickly becomes irrelevant in the minute-by-minute dynamics of a real-world incident. Information currency is key – without it, you are making decisions in a void, without the evidence you require. If your employee details are out of date, if your plan identifies hardware that no longer exists and applications that are now redundant, your ability to make sound decisions is compromised.
3. If I needed to access our most current plan – right now – can I get it?
The location of plans saved on a server and the links to them can change. Copies of plans saved locally on your laptop, smartphone or tablet can become obsolete without your knowledge. Unless your organisation’s process to communicate documentation change is fail-safe, you will find yourself wasting valuable time searching for your plan, or potentially worse, unknowingly activating an out-of-date plan that does not reflect your current business obligations.
In his article “Preparing for when disaster strikes” (Dominion Post, September 21, 2015), Tao Lin writes “Without the luxury of time to respond before a problem hits mainstream media, a crisis can cause damage to a company instantaneously.” So, if you expect that your organisation will experience a technological or business disruption in the next two years, as the NZIER survey indicates, then it’s time for a different approach to planning – one that gives you real-time situational awareness and assured outcomes that prove your organisation’s resiliency.
Have a look at this Executive Brief on the 4 steps to revitalise your business continuity programme from Sungard Availability Services – and then contact me to learn about the modern approach to business continuity management.