Survey shows that many UK organizations struggle to keep their business continuity plans up-to-date
- Published: Monday, 13 May 2019 09:41
To mark the start of Business Continuity Awareness Week, Databarracks has released preliminary data from its upcoming Data Health Check survey on business continuity practices in the UK. The data reveals that only 54 percent of UK organizations are confident that their business continuity plans are up-to-date. Similar figures have been reported since 2014, meaning half of UK organizations are being exposed to business disruption, because plans aren’t up-to-date.
Discussing these findings, Peter Groucutt, managing director of Databarracks said:
“The theme of this year’s Business Continuity Awareness Week is about investing in resilience, but the initial results from our Data Health Check survey shows this is not happening across half of UK organizations.
“It’s critical all businesses ensure they regularly update and test their BC plans. A three-year old plan referring to long-retired employees and out-dated systems won’t be helpful to those who need to use it during a cyber-attack or if your power supply is disrupted during a storm. Good BC planning doesn’t need to be expensive or difficult. There are easy steps all businesses can take to improve their resilience.”
“Knowing what to do during an incident comes down to testing and practice. An easy action is to make testing part of your day-to-day operations and use known events to your advantage. As an example, some businesses test using the London tube strikes to practice invoking their BC plan. This enables them to go through the processes staff should undertake during an incident.
“Lessons can also be taken from specific industries, which are readily exposed to disruptions. As a necessity, they have plans and processes that are exercised constantly. Hospitality deals with disruptions on a regular basis, ranging from power outages, supplier failures, IT problems to even security or terrorism issues. The regularity of these disruptions means when an incident does happen, staff and the business know exactly what to do to continue serving.”
“Not all organizations are large enough to need a dedicated business continuity manager. In smaller enterprises, there is often confusion over who the responsibility for BC resides with. In many cases responsibility is pushed down to IT, but BC is bigger than IT. It includes where staff work from if your offices become inaccessible and how will they communicate – not just between themselves, but with customers and other stakeholders too. IT can recover servers and IT systems but responsibility for the survivability of the business ultimately sits with the board. It may not be someone’s entire role, but there needs to be someone named with responsibility for BC. They are the person who makes sure recovery processes are in place and stays on top of new risks and changes, to keep the organization resilient.
“If you don’t have a BC plan, you should start by conducting a business impact analysis (BIA) to determine and evaluate the potential effects of disruption to critical business operations. You need to decide what is important for your business, how you might be affected if something were to happen to your people, your premises, your IT or your suppliers. Then, you put in place the plans and workarounds, that keep you operational.”
“Sometimes organizations are put-off from ‘doing BC’ because it seems like a lot of time and resource that takes them away from more important (and pressing) needs, like driving sales and keeping customers happy. It can seem like a lot of ‘risk assessment’ and ‘impact analysis’ before you get a real benefit and that can cause action-paralysis. Actually, if you get all of the right people together even for a short time you can make some significant headway quite quickly and truly strengthen your business resilience.”