Business Continuity – integrated, not bolted on

There are those who consider Business Continuity is something you can buy and put on the shelf, ready for the proverbial rainy day.

I worked on contract with a south coast local authority some years ago. I discovered they thought  paying £25k a year to a Disaster Recovery provider meant they were safe. But:

• They had never tested the recovery of their applications and data.
• There was no provision to plug a temporary data centre back into the corporate network.
• They had no idea who the key operational staff were.
• They hadn’t considered the failure of the computer suite might also affect the organisation’s main office building where it was located. In which case, where would the staff go to do their work?

This is not uncommon.

Too often, business continuity is like the car a boy-racer car. The car’s something quite ordinary, but he’s added fibreglass skirts and spoilers … and a wing stuck on the boot. It has lowered suspension and fat tyres, a loud exhaust and a loud music system. It probably has fluffy dice in the window and go-faster stripes.

All these mods affect the way it looks, but generally not the way it performs.

It doesn’t go any faster than the standard model, and is probably slower with the weight and drag of all the extras. If he drives too fast, bits get chipped off the bottom of the car as it goes over bumps and uneven surfaces.

He isn’t fooling anyone but himself.  And organisations fool themselves into thinking they’re prepared for every eventuality.

Real business continuity is not an accessory you can bolt on – it’s part of the fabric of an organisation and its operations. Only if it’s designed-in will it benefit the day-to-day operations of an organisation, without being a drain on resources. And it will still be the life-line when it’s needed.

Like all business continuity, it isn’t difficult … it just requires a little thought and planing.

Flu is just another unplanned disruption

From a business perspective, the most important information about the Mexican Flu isn’t in the headlines.  The headlines in all the media will only tell you what has already happened – as a business owner or manager, you need information on what might be coming over the next nine months.  The world and UK media is interested in sensation, while business continuity is much more down to earth.

On Tuesday 28th April, the UK member of the World Health Organisation’s Emergency Committee spoke to John Humphries on Radio 4.  His talked about what could happen over the coming months, and put into perspective the number of deaths in Mexico compared to other countries.

He said Mexico has only reported hospitalised cases, and the WHO estimates between 10,000 and 100,000 have caught the flu without serious effects.  That makes the death rate far less startling, and goes some way to explaining the lack of fatalities around the world.

He wasn’t sure if there would be an epidemic in the UK.  But if it were to happen, the worst effects probably wouldn’t be felt straight away.  As we are coming out of the ‘normal’ season for flu, we might expect an increase in cases over the next two months but there wouldn’t be a full-scale outbreak until the autumn.  Overall, we could expect 30% to 40% of the population to contract the virus.

This is the sort of information we need and can use for business continuity planning.  It is probable (though nothing is ever certain) your business will not be affected for the next five months.  That gives you time to make sure your business will continue to function if a third of your staff are off sick.

What can you do?  Here are a few simple steps to get you started:

• Makes sure no one (including you) is the only source of important information such as security codes, password details, important contacts
• Don’t allow important communications (such as orders!) to go un-answered because the person who normally deals with this is off sick
• If you receive these by email, make sure they go into a generic mailbox (as a copy, perhaps)
• Make sure several people know how to operate the key business processes which the continued operation of your business relies on (such as processing orders, sending invoices, taking payments)
• Make sure everyone knows what steps you’ve taken, and where they can find your ‘master plan’ and all the important information

Like most things in business continuity, this is all just common sense, isn’t it.

But you’ve already got all this in place for when people are on holiday, off sick, or just leave.

Haven’t you?

Do you know your neighbours?

This might seem an odd question for the start of a blog about Business Continuity, but I can assure you it’s a very important one.

A few days ago, some ‘waste’ ground across the road from us was being cleared by the land owner.  There were some overgrown bushes and a number of dead trees which had been suffocated by years of uncontrolled creeper. After cutting the trees down, a bonfire was started. Then, to speed up the process, the people set fire to the overgrown bushes in situ. Very soon, the flames were shooting up 25 or 30 feet.  The fire was prevented from spreading to the next clump of bushes and on towards neighbouring properties, so no harm was done, though there were complaints about the smoke.

Would your neighbour speak to you before they started a bonfire?  It might not matter if the wind was taking the smoke (and flames) away from you. The smoke could affect you and your staff – perhaps you have asthma sufferers who would be more seriously affected? Do you have an open area which can’t easily be closed without affecting your operations – a loading bay, for example? Could the smoke affect your stock, especially if it is something like clothing? If the fire got out of control, would you know only when your property was alight?

Wouldn’t it be so much better, and safer, if you and your neighbours talked to each other?

Suppose the fire wasn’t set on purpose by your neighbour. Would they warn you of the problem and danger?

While you need to be prepared to deal with emergencies, such as fires, on your own premises, you business’s survival could depend on there being regular and friendly dialogue with your neighbours. And don’t just speak to the people next door – if you’re on a business park, make sure you speak to them all.  Do you know all your neighbours’ business? Do they keep hazardous and inflammable goods on their premises?

So go out there today, start talking to your neighbours.

Have you got all those phone numbers to hand?

When something goes wrong, the last thing you need is the extra stress when you can’t find those vital phone numbers or log in details.

Last week, while browsing the Internet looking for website building packages, I visited a site which had been compromised and booby-trapped.  I ended up with a nasty piece of code buried deep within my PC which let lots of other nasty things in.  I don’t know which of the many sites I visited it came from, and probably the site owner is unaware what’s happening to his visitors.

I have firewall and anti-virus protection of course, and my software checks for updates every two hours, but the malicious code still got in.  As everyone in IT knows the only really secure computer is one which is never switched on, so you have to accept that sometimes these things happen.  By the time I realised something was amiss (the next day), I was having problems connecting to the Internet, and couldn’t download any PC cleaning tools.

So I decided to call my friendly neighbourhood IT engineer.  We’ve known Peter Moran of I T Communication Solutions Ltd (www.itcommunicationsolutions.com) for several years, but never needed to call on his services before.   I do most things myself (coming from an IT background), but there are occasions when the cost of hiring an expert outweighs the time lost struggling with recalcitrant computers.

Of course, I was able to find his phone number and email address without any problems.

Peter came the next day, and spent 2½ hours cleaning everything up.  And we now use a couple of additional utilities to plugs any gaps in our security.

What lessons can be drawn from this episode?

• However careful or protected you think you are, sometimes you’ll have a problem
• You don’t usually know straight away, so you could spread the problem
• You need a list of key people with their contact details to hand (obviously not just on your PC!)
• Even if you haven’t used these experts and don’t pay them a retainer, get to know them BEFORE you need them – then you’re not just a cold call to them
• Make sure your data is safe (one of the first questions Peter asked me – he says he’s still amazed at how many people don’t back up properly or even at all!)
• Make sure everyone in your business knows what to do (for those occasions when you’re away)

All this amounts to a little bit of planning and preparation.

And as it says in the IDEAS-right banner at the top of the page, you can do all this without breaking the bank.

It wasn’t a disaster for us – it didn’t close us down.  Real Business Continuity Planning IS about being prepared for all the little problems which you could do without … especially when times are hard.

Weather, Climate, and Business Continuity

We’re now into the third week of February and the snow in Chipping Norton is finally thawing – by the weekend, there will be nothing left.

We know what to expect here in Chippy.  The town has been built on the side of a short ridge, facing north-west.  Because of the lie of the land, easterly winds get funnelled down the valley past Chipping Norton.  As a result, the temperature is about 2ºC lower compared to places only a few miles away.

So, what has this to do with business continuity?

The weather, and indeed the climate, are factors which should be taken into account in every good business continuity plan.

What aspects of the weather could you consider?

• Precipitation – rain and snow
  Sometimes it isn’t the actual precipitation which is the problem … it’s the after effects like flooding and ice on the ground
• Wind
  Storm damage may be a problem if you’re on a hill, near the coast, or close to large trees
• Sun
  Okay, so it isn’t often a problem in the UK, but you may find sensitive equipment in your office is sitting in the sun
• Temperature and humidity
  Low temperatures are likely to cause most problems, but heat can have a negative impact on your business … not least in the reduced efficiency of your overheating staff

I’m not advocating strange rituals in an attempt to control the weather – clearly that is outside the scope of this blog!  You need to work out which of these might affect you and how.

There are always two sets of possible actions you can take when you have a list of “things which can go wrong”:

• actions which can (help) prevent the problem occurring
  - you could re-locate if worried about flooding
  - move equipment out of direct sunlight
• actions which will reduce the negative effects of the problem occurring
  - move upstairs or keep important items above the flood levels
  - ensure your heating and cooling equipment is up to the job

There are some actions which will clearly be outside the realms of possibility – relocating may be one of them – but there are always steps you can take to minimise the effects.  Perhaps you could provide the funds for recovery by making sure your insurance properly covers you.

“But isn’t this all just common sense?”, I hear you say, “Is that all there is to Business Continuity?”

In a nutshell, yes!  No one needs a qualification to implement Business Continuity, and you don’t need expensive consultants for most of it.  There are specialist areas where you will probably need advice (such as IT and insurance), but for the most part it is just (un)common sense.

So why aren’t more people using Business Continuity to protect their organisations and add value to their bottom line?  Is it just time, or not knowing where or how to start?

The aim of this blog is to show people what they can do to “keep their business running”.

My aim is to help businesses do it for themselves, with guidance and training, so they can become self-sufficient.  The last thing you need in the current economic climate is huge consultants’ fees.

Oh yes, we haven’t considered climate yet.

Our climate looks destined to become more unpredictable, with more frequent and extreme “weather events”.  From a Business Continuity perspective, we can expect our plans and precautions to be of benefit more often.

You can help by doing your bit for the environment:

• use less energy (perhaps generate your own?)
• recycle more (remembering to create a market for recycled products by buying them yourself)

And you can use these actions as a marketing tool when promoting your business.

Business Continuity … and winter tyres

I’ve said elsewhere …

“The trick is to bring benefits to your business all the time, not just when something goes wrong.”

Here’s a simple example which has worked for me.

Some years ago I moved to rural Oxfordshire.  We often get snow here … and at the moment it’s still clogging up the roads a week after the first falls.  When I needed to replace the tyres on my 5-door hatch, I did some research and decided to fit Toyo Snowprox tyres.

Yes, they were more expensive than the cheapest tyres, but not more expensive than (so called) performance tyres.  It doesn’t make the car perform like a 4-wheel drive, of course, but it is better in adverse weather than the majority of 2-wheel drive cars.

But was it worth it, considering we don’t often have more than 5 or 6 days of snow a year (this winter being an exception)?

Yes!

If you do your research properly (i.e. not just comparing prices), you find the design of ‘winter tyres’ makes them exceptionally good at cutting through surface water, as well as snow and slush.

The result?  My car is now much safer when there’s water on the roads, and it no longer aquaplanes.  This means I get the benefit all year round.  From a business perspective, I’m more likely to arrive at my destination on time and in one piece.

Is Business Continuity the same as Disaster Recovery?

No.

I could stop there, but perhaps I should explain a little.

Disaster Recovery is a child of the IT industry.  When large corporations started to rely on their computer systems in the 1950s and 60s, they started to store copies of their data and information away from their main business site. By the 1980s, it had grown into a service which could involve ‘hot sites’.  These could be up and running in a few hours, completely duplicating an organisation’s processing and information storage.

These organisations were fearful of a disaster wiping out their computing facility, and effectively preventing them from trading or operating.  They were all aware it would take a huge amount of time and effort to rebuild their equipment and data.  You couldn’t just pop down to the nearest electrical retailer and pick up a water-cooled mainframe system!

Disaster Recovery does what it says on the tin.  But how big does the problem have to be before it’s a disaster?  All disaster recovery plans include a decision point which says, basically, “Is this a big enough disaster to implement our disaster recovery plan?”

This leads to two problems:

1. If we have a disaster (building burns down) and we get our IT systems up again elsewhere, where will our staff put their desks?
   (I had just such a  conversation with a Finance Director once – she was over the moon that we could tick the ‘DR’ box … until I pointed out that if the computer suite burnt down, half the organisation’s staff wouldn’t have anywhere to sit.)
2. How do we recover from a problem which isn’t big enough to be a disaster?

Enter Business Continuity.

Business Continuity looks at every aspect of an organisation, and should plan for all the not-quite-a-disaster problems.

Without Breaking The Bank

There are lots of things you could be doing and should be doing, but they all cost money, don’t they?

Have you researched or read anything about Business Continuity?  Sounds expensive, doesn’t it?  Most likely, everything you’ve seen has been for and about large organisations.  And they tend to have deep pockets.

As an IT Director, I was quite used to paying £1,000 a day for some technical specialists (didn’t like it, but got used to it).  As a small business, I wouldn’t even contemplate such an outlay!

So, for Business Continuity to be a realistic part of what you do, it mustn’t break the bank.

It is going to take up some of your time … and the time of your staff, if you have any.  The trick is to bring benefits to your business all the time, not just when something goes wrong.

This is a theme I’ll come back to.

How Many Achilles’ Heels Do You Have?

Achilles only had the one, according to legend, but every business has them.  Recent events have shown even the (supposedly) most stable financial institutions had a weak spot.  They almost certainly have others – we’re just not aware of them.

That’s often the trouble with weak spots – we just don’t know they’re there until something happens.

So do you know where your weak spots are?  No?  Isn’t it about time you found out?

This is the first really practical step you should take in keeping your business running … along the lines of “know your enemy”.

You’ll find it in the business continuity literature, probably under ‘Business Impact Analysis’.  All this means is working out where you’re vulnerable, and then deciding how serious these vulnerabilities are.

Now would be a good time to read the blog on “Is Business Continuity the same as Disaster Recovery?”

So, now you have some homework:

• look at your business, the ‘operational’ and the ‘administrative’ areas, and make a list of the things which could go wrong
• estimate how likely you are to have each problem
• estimate how serious each problem could be
• decide which are most critical to your business

However long your list is, you can be sure it will grow!

And leave out ‘being hit by an asteroid’ (unless you’re in the atomic energy industry), because there isn’t much you can do about it … without breaking the bank.

Making A Start

Making a start with a blog is pretty much like starting any enterprise.  First, you worry about the name and the logo!

You may laugh, but don’t we all get caught in this particular trap sometime or other?

This blog will be dedicated to “Keeping Your Business Running”.  It doesn’t matter if you’re on your own, or part of an organisation employing hundreds … there will be something here for you.  There’s so much to discuss, it is quite difficult to determine a logical starting point for this blog.  So I’ll just plunge in.

You have, or are part of, an enterprise.  Naturally, you want to keep it running.  You’re worried because the media is telling us all how bad things are, and how much worse it will get.   You might be showing signs of stress at work and at home, and not sleeping at night.  If you’re the owner, director or manager with responsibilities for staff, you have them to worry about too.

STOP!

There are two things, very important things, you won’t be hearing from the media:

1. The vast majority of businesses will still be running at the end of this down-turn (and most people will still be in employment)
2. There are lots of things you can do to ‘Keep Your Business Running’

I’ve had a look around the Internet and figures vary, but during the Great Depression unemployment reached about 20%.  During the 1908s, they were closer to 10%.  That’s not so bad, is it?

The rest of what appears on this blog  will be concerned with point 2 – what you can do to keep your business running.  There are no guarantees.  But you owe it to yourself and everyone who depends on you, inside and outside your business, to do everything you can to improve the odds.

So, cheer up … and read on.