INFORMATION TECHNOLOGY failures remain among the biggest causes of downtime for business continuity (BC) managers, and are at the core of BC planning, but many organisations are now doing far more to plan for staff welfare, according to a survey of continuity managers
INFORMATION TECHNOLOGY failures remain among the biggest causes of downtime for business continuity (BC) managers, and are at the core of BC planning, but many organisations are now doing far more to plan for staff welfare, according to a survey of continuity managers.
However, the report found there is still a need for a lot more testing of scenario plans, with many BC plans still just on paper.
IT was closely followed by natural disasters and then loss of utility services as the biggest interruptions of the past year, according to the Continuity Forum’s most recent benchmarking survey.
“These results show that BC is now more people-oriented, rather than IT-oriented, as it was in the previous years,” said Marilena Salvo, a spokesperson for the Continuity Forum.
Although IT failures were still the major cause of downtime, she said pandemics and other threats that affect staff safety directly are now given greater consideration, and plans to deal with the aftermath of such disasters are more sophisticated.
In fact, a pandemic was perceived to be the biggest threat, with terrorism now less of a concern than in previous years, although it was still the fourth biggest worry.
The report notes that two similar surveys from MacquarieUniversity and KPMG found the main cause for concern was centred on IT, which in this survey was the second biggest concern, virtually equal to natural catastrophes.
“This trend might be less significant for organisations that are more reliant on their infrastructure, such as those in the manufacturing sector,” it states.
Although there were some promising signs thrown up by the report, it said there were still too many organisations (20 per cent) without a business impact assessment (BIA) of the various risks to business continuity, and more than a third had not updated their BIA in the past 12 months.
Ross Piper, joint head of corporate risk at Macquarie Bank, told a banking risk forum last month that it should be obvious that business continuity plans should primarily be about human beings.
“People think it’s all about IT, but without people, the infrastructure means nothing,” he said.
One of the more important changes in the maintenance of business continuity, he said, was the shift in “ownership” to each business unit. This was particularly important in a company like Macquarie Bank, which had a very decentralised management structure, with many different businesses within the group.
“The fundamental change that we have had is about ownership. [The role of the BC area] is to facilitate good business continuity. There needs to be ownership, and understanding and accountability within each business,”Piper said.
He also stressed the need to “test”and “challenge” those who must implement the BC plans, and establish whether you have contingencies should anyone of those tasked with carrying out the plan not be able to do so.
Even more fundamental than determining whether and how you are going to be able to keep people working, he said a plan needs to take into account the very first requirement for employees involved in a major disaster – the need to contact family members, and perhaps to leave work and see them. “Safety of people is paramount,” he said.
Some of the factors that will be important in BC management in future, he said, was utilising new technology to allow greater flexibility in work arrangements, ranging from off-site data centres and work areas, to use of more powerful mobile devices.
He said this was also one of the biggest challenges. “Almost week-to-week for us, it seems there is a continual shifting of goalposts about options [for infrastructure and technology use].”