Can the politicians learn from Business Continuity?

Business Continuity in Government

Government (certainly from my experience in local government) has thought about business continuity from a ‘disaster’ perspective. There are periodic exercises to cover what would happen in the event of a train crash, terrorist attack, floods etc. But do they know how to keep their own business of governing running?

As with all things, there’s good news and there’s bad. Having a disaster recovery plan for IT is commonplace, and most plans are tested periodically. But few have grasped the nettle of finding alternative connected premises for the staff.

Because the UK parliament still uses the ‘first-past-the-post’ system (the devolved parliaments don’t, incidentally), politicians have a ‘win or lose’ mentality. They are likely to forget the country carries on, whatever their fortunes in the polls. The voters could be forgiven for thinking politicians only have their own interests in mind, but it’s very easy just to think about the next big deal and forget the everyday tasks.

Business Continuity in Business

Business leaders, as well as the politicians, need to have plans in place to keep everything going when the big contract they’ve been working towards, isn’t landed. All too often the worse happens, and then (and only then), leaders start to think, “Now what will we do?”

Planning suggests it’s an activity which precedes the necessity for action, and business continuity planning is no exception. It’s common sense. Or more accurately, it’s uncommon sense.

We’ve got it covered – automatic processes, right?

We all have them in our business and private life – processes which happen automatically without our intervention.

Some are not under our control, such as the monthly or quarterly bills and statements we get. Because of the infrequent arrival of these, we don’t usually notice if one’s missing (lost in the post), and it isn’t usually a critical ‘failure’.

Other automated processes can be more of a problem if they don’t happen – automatic payments to the utilities or our credit card. We have some control over these … ensuring there are funds in the account to cover the payment. If the fault isn’t ours, we’re often protected by the Direct Debit guarantees.

But what about those automatic processes which are our responsibility?

There is a temptation, entirely human and understandable, to set up an automatic process and then forget it.

Unfortunately, the natural state of atrophy is likely to affect your automatic process eventually. If you don’t check periodically, how will you know they are still running? Perhaps most important of all, what are the consequences when an automatic process fails?

In this technological world, some of the most important but least checked and used automatic processes are our data backups.

We have a multi-layered backup strategy involving synchronised copying (as soon as files are created or changed), a traditional timed backup schedule creating periodic snap-shots, and an online backup service to ensure our data is not only stored off-site but on another continent!

The synchronisation is easy to monitor as a little icon in the system tray changes whenever the sync process kicks in.

The timed backup process can be checked by looking for the latest file in the backup folder. Or we can set up an email notification, and that’s a bit like receiving (or not) a bank statement. But note: this isn’t checking we can actually restore from it!

The Carbonite online backup runs from a PC we use as a file store, and it runs in the background when network and Internet usage is low. We don’t often look at this PC, as long as it is on and the fan is humming. So how do we know if this process is running? If we don’t check, we don’t know. Fortunately, Carbonite emails if there’s been no activity for a week. This is one of the reasons we recommend Carbonite … and their cost per gigabyte can be very low – we’re currently paying $1.20 per GB per annum, 1/20th of a quote from a local company!

So what’s the answer?

We have whiteboard with a list of our tasks and projects – there’s a space on it for those we have to repeat every day, week or month. Trouble is, we don’t always look at it when we’re really busy.

We also use calendars on our PCs … Outlook and SugarCRM … to prompt for meetings, one-off and repetitive tasks.

Another ‘automatic’ process, I’m afraid! Let me know if you can think of something more foolproof.

Now the volcanic ash and dust is clearing …

… it’s time to get things back on a stable footing. Within a few weeks (assuming there’s no more Icelandic ash), all the airliners and stranded people will be back in the right places. We can all stop worrying, and get on with life.

Sorry, but this is wrong on two counts.

To start with, there will be insurance wrangling for many months … perhaps even years. This will affect individuals and corporations. There is a prevailing mental attitude which we all suffer from (to some extent): if we’re insured, we’re OK. The insurance companies will have been scrutinising their own small print while people have been stranded, to see if they do actually have to pay up. People may or may not get back the extra money spent, but will it compensate for missed holidays, weddings, and other events?

Some businesses too will have been insured … key person insurance, loss of perishables, and so on. Will any money they get compensate them for the damage to their business? Businesses (because they are run by people) assume they are OK if insured. But if a key person is out of action (for whatever reason), is a sum of money some time later going to solve the problems there and then … when they happen? I’m sure I don’t have to answer that question!

First and foremost,  a business – any business, every business – must have plans in place so everyone knows what to do when there’s a problem. If a key person isn’t there, you must know how to keep your business running. Having an insurance policy does not deliver this business necessity.

The second reason you can’t just carry on as usual, is that the volcano (or any other of many on Iceland) could easily erupt again.

If you are serious about running your business (and it doesn’t matter how big or small it is), you must be serious about business continuity planning. Maybe you don’t like the term or the jargon, but don’t let it stop you planning. Worried about the costs? There’s a huge amount you can do by researching on the Internet or just buying a single book. Insurance may well be part of the mix for you, but it isn’t anywhere near the starting point.

If you want some experienced help, you could always ask me!

Tesco shows business continuity planning works

There have been a few stories recently about fresh fruit and other produce rotting in their country of origin because of the Icelandic volcanic ash. This seems unbelievable, because fresh produce in the supermarkets is seldom even ripe!

The companies involved seem to be concentrating on how much money they will be losing.

A report on the BBC website this morning Volcanic ash: Tesco delivers Kenyan produce via Spain shows one company has taken action to get round the problem. Without a culture of business continuity, Tesco would have been in the same boat as the other importers.

I just goes to show business continuity planning pays, even when the problem couldn’t have been foreseen.

Were you prepared for Iceland’s Ash?

Business Continuity is the art of being prepared.

We are beginning to hear lots of stories about people and businesses which were not prepared for the cancellation of all UK flights.

I know people will say, “Yes, but how could we know that the Icelandic volcano would erupt and cause air traffic in northern Europe to come to a standstill?”

But there are many reasons why people can and do get delayed returning from abroad. People can easily be prevented from getting to work with far less dramatic causes … illness (personal or family), failed cars, train problems, traffic jams, strikes.

If you have thought about these minor problems, and have contingency plans in place, you’ll be much better equipped to deal with the delays caused by volcanic dust.

Most of Britain’s 4.2 million business are 10 people or less … of these, 99% have no business continuity plans at all.

Are you in the 99% or the 1%?

Business Continuity and GIP retro-proteins

The following information from the WHO adds further weight to the importance of considering absence management and effective medical screening as part of your business continuity planning:

Swine Flu Victims Display Enhanced Gullibility

Research released today by the WHO suggests people who suffered from the 2009 swine flu outbreak have an unusually high level of a complex retro-protein researchers have dubbed GIP (Globular Insanity Protein).
Tests carried out in countries which suffered high levels of swine flu infections, have confirmed that for periods of up to 12 months after contracting the virus, people have shown enhanced levels of gullibility.
Moru Chripka, spokesperson for the WHO said, “There is no cause for alarm, as these proteins are quite harmless, and dissipate over time.” She added, “We believe this is the first strain of swine flu to produce these particular retro-proteins.”
The first clue to the existence of this residual protein was an increase in reports of people in the USA being taken in by Internet scams. Victims reported being surprised they were taken in so easily. They had attributed this to not being fully recovered after their swine flu infection. Many are relieved that a medical explanation for this phenomenon has now been found in GIP.
For full details, visit the WHO website: http://www.who.int/csr/disease/swineflu/frequently_asked_questions/en/index.html

PS. This April Fool made it into the listings of April Fools Day on the Web

Business Continuity – integrated, not bolted on

There are those who consider Business Continuity is something you can buy and put on the shelf, ready for the proverbial rainy day.

I worked on contract with a south coast local authority some years ago. I discovered they thought  paying £25k a year to a Disaster Recovery provider meant they were safe. But:

• They had never tested the recovery of their applications and data.
• There was no provision to plug a temporary data centre back into the corporate network.
• They had no idea who the key operational staff were.
• They hadn’t considered the failure of the computer suite might also affect the organisation’s main office building where it was located. In which case, where would the staff go to do their work?

This is not uncommon.

Too often, business continuity is like the car a boy-racer car. The car’s something quite ordinary, but he’s added fibreglass skirts and spoilers … and a wing stuck on the boot. It has lowered suspension and fat tyres, a loud exhaust and a loud music system. It probably has fluffy dice in the window and go-faster stripes.

All these mods affect the way it looks, but generally not the way it performs.

It doesn’t go any faster than the standard model, and is probably slower with the weight and drag of all the extras. If he drives too fast, bits get chipped off the bottom of the car as it goes over bumps and uneven surfaces.

He isn’t fooling anyone but himself.  And organisations fool themselves into thinking they’re prepared for every eventuality.

Real business continuity is not an accessory you can bolt on – it’s part of the fabric of an organisation and its operations. Only if it’s designed-in will it benefit the day-to-day operations of an organisation, without being a drain on resources. And it will still be the life-line when it’s needed.

Like all business continuity, it isn’t difficult … it just requires a little thought and planing.

Flu is just another unplanned disruption

From a business perspective, the most important information about the Mexican Flu isn’t in the headlines.  The headlines in all the media will only tell you what has already happened – as a business owner or manager, you need information on what might be coming over the next nine months.  The world and UK media is interested in sensation, while business continuity is much more down to earth.

On Tuesday 28th April, the UK member of the World Health Organisation’s Emergency Committee spoke to John Humphries on Radio 4.  His talked about what could happen over the coming months, and put into perspective the number of deaths in Mexico compared to other countries.

He said Mexico has only reported hospitalised cases, and the WHO estimates between 10,000 and 100,000 have caught the flu without serious effects.  That makes the death rate far less startling, and goes some way to explaining the lack of fatalities around the world.

He wasn’t sure if there would be an epidemic in the UK.  But if it were to happen, the worst effects probably wouldn’t be felt straight away.  As we are coming out of the ‘normal’ season for flu, we might expect an increase in cases over the next two months but there wouldn’t be a full-scale outbreak until the autumn.  Overall, we could expect 30% to 40% of the population to contract the virus.

This is the sort of information we need and can use for business continuity planning.  It is probable (though nothing is ever certain) your business will not be affected for the next five months.  That gives you time to make sure your business will continue to function if a third of your staff are off sick.

What can you do?  Here are a few simple steps to get you started:

• Makes sure no one (including you) is the only source of important information such as security codes, password details, important contacts
• Don’t allow important communications (such as orders!) to go un-answered because the person who normally deals with this is off sick
• If you receive these by email, make sure they go into a generic mailbox (as a copy, perhaps)
• Make sure several people know how to operate the key business processes which the continued operation of your business relies on (such as processing orders, sending invoices, taking payments)
• Make sure everyone knows what steps you’ve taken, and where they can find your ‘master plan’ and all the important information

Like most things in business continuity, this is all just common sense, isn’t it.

But you’ve already got all this in place for when people are on holiday, off sick, or just leave.

Haven’t you?

Do you know your neighbours?

This might seem an odd question for the start of a blog about Business Continuity, but I can assure you it’s a very important one.

A few days ago, some ‘waste’ ground across the road from us was being cleared by the land owner.  There were some overgrown bushes and a number of dead trees which had been suffocated by years of uncontrolled creeper. After cutting the trees down, a bonfire was started. Then, to speed up the process, the people set fire to the overgrown bushes in situ. Very soon, the flames were shooting up 25 or 30 feet.  The fire was prevented from spreading to the next clump of bushes and on towards neighbouring properties, so no harm was done, though there were complaints about the smoke.

Would your neighbour speak to you before they started a bonfire?  It might not matter if the wind was taking the smoke (and flames) away from you. The smoke could affect you and your staff – perhaps you have asthma sufferers who would be more seriously affected? Do you have an open area which can’t easily be closed without affecting your operations – a loading bay, for example? Could the smoke affect your stock, especially if it is something like clothing? If the fire got out of control, would you know only when your property was alight?

Wouldn’t it be so much better, and safer, if you and your neighbours talked to each other?

Suppose the fire wasn’t set on purpose by your neighbour. Would they warn you of the problem and danger?

While you need to be prepared to deal with emergencies, such as fires, on your own premises, you business’s survival could depend on there being regular and friendly dialogue with your neighbours. And don’t just speak to the people next door – if you’re on a business park, make sure you speak to them all.  Do you know all your neighbours’ business? Do they keep hazardous and inflammable goods on their premises?

So go out there today, start talking to your neighbours.

Have you got all those phone numbers to hand?

When something goes wrong, the last thing you need is the extra stress when you can’t find those vital phone numbers or log in details.

Last week, while browsing the Internet looking for website building packages, I visited a site which had been compromised and booby-trapped.  I ended up with a nasty piece of code buried deep within my PC which let lots of other nasty things in.  I don’t know which of the many sites I visited it came from, and probably the site owner is unaware what’s happening to his visitors.

I have firewall and anti-virus protection of course, and my software checks for updates every two hours, but the malicious code still got in.  As everyone in IT knows the only really secure computer is one which is never switched on, so you have to accept that sometimes these things happen.  By the time I realised something was amiss (the next day), I was having problems connecting to the Internet, and couldn’t download any PC cleaning tools.

So I decided to call my friendly neighbourhood IT engineer.  We’ve known Peter Moran of I T Communication Solutions Ltd (www.itcommunicationsolutions.com) for several years, but never needed to call on his services before.   I do most things myself (coming from an IT background), but there are occasions when the cost of hiring an expert outweighs the time lost struggling with recalcitrant computers.

Of course, I was able to find his phone number and email address without any problems.

Peter came the next day, and spent 2½ hours cleaning everything up.  And we now use a couple of additional utilities to plugs any gaps in our security.

What lessons can be drawn from this episode?

• However careful or protected you think you are, sometimes you’ll have a problem
• You don’t usually know straight away, so you could spread the problem
• You need a list of key people with their contact details to hand (obviously not just on your PC!)
• Even if you haven’t used these experts and don’t pay them a retainer, get to know them BEFORE you need them – then you’re not just a cold call to them
• Make sure your data is safe (one of the first questions Peter asked me – he says he’s still amazed at how many people don’t back up properly or even at all!)
• Make sure everyone in your business knows what to do (for those occasions when you’re away)

All this amounts to a little bit of planning and preparation.

And as it says in the IDEAS-right banner at the top of the page, you can do all this without breaking the bank.

It wasn’t a disaster for us – it didn’t close us down.  Real Business Continuity Planning IS about being prepared for all the little problems which you could do without … especially when times are hard.