The Hexagon Hypothesis: six disruptive scenarios
- Published: Thursday, 06 August 2015 08:17
This paper by Jim Burtles, Hon. FBCI, is an attempt to bring a simple but effective and comprehensive approach to the development and delivery of business continuity solutions. It is the third article in a series where we are publishing the short listed entries in the Continuity Central Business Continuity Paper of the Year competition.
Some forty years of experience have led me to the conclusion that it is important to have a broad understanding of what we are trying to achieve right from the start of any business continuity development program. A broad understanding does not require a detailed set of objectives, pre-determined procedures or specific deliverables; such a cumbersome short-sighted approach usually leads to a solution which appears to meet the prescribed parameters rather than one that solves the actual problem or provides adequate protection. I suggest that we should try to base our approach upon a generic, but comprehensive, model that shows which areas should be considered and covered by our plans and procedures.
Whenever we are trying to develop our ideas and understanding of any practical subject it is more reliable and effective to work from a basic concept which we can visualise and remember. Simple pictures and basic shapes are more powerful starting points than strings of words which can soon lose their meaning and relevance as the project moves forward and the detail begins to reveal itself. For this reason I have based my hypothesis upon a hexagon, a simple six-sided figure which is easy to remember and visualise.
Business continuity is a relatively modern management discipline, derived in the 1980s from disaster recovery which only began in the mid-1970s. Consequently, it is still evolving and refining its language, concepts and techniques in order to match an ever-changing business environment. This steady advance requires, and includes, the definition and refinement of a generally accepted code of good practice together with an agreed terminology which can be used to form the basis of relevant standards, regulations and guidelines. We are slowly acquiring a common body of knowledge, experience and information which supports the ongoing development and expansion that is happening within a number of disparate and often unconnected schools of thought.
Significant milestones along the way include:
- 1988 - Formation of the Disaster Recovery Institute (DRI) which later became the Disaster Recovery Institute International (DRII)
- 1994 - Foundation of the Business Continuity Institute (BCI)
- 2000 - Administration of the Millennium Bug; or the Y2K Problem (1)
- 2006 - Publication of the British Standard - BS 25999; Business continuity management specification and code of practice
- 2012 - Publication of the International Standard - ISO 22301; Business continuity management systems requirements
The craft of business continuity is based upon the underlying assumption that interruptions can, and will, happen at some point in time. It is not concerned about the actual cause but it does have to recognise that there is a wide range of effects and their consequences which may be completely unpredictable but will need to be treated pragmatically. Risk management is a rather more traditional practice which works on the premise that specific causes can be identified and dealt with according to their likelihood. It is based upon probabilities which can be evaluated and dealt with rationally. Risk management forms our first line of defence against unwelcome and unexpected difficulties; business continuity is there to step in whenever those defences are breached. Business continuity is the basis of our protection from the unknown and the unpredictable which can strike anywhere and at any time. Because of its flexibility and practicality some of its principles and techniques can also prove to be useful when meeting occasional challenges such as relocation or re-engineering projects.
In order to be prepared for almost any eventuality we need to be able to categorize those eventualities. Then we can address each of those categories from a strategic perspective rather than attempt to make preparations to deal with each and every one of the various specific happenings at a tactical level. From a business continuity perspective it is my contention that there are six types of disruptive scenario which we should plan for. Once an incident has occurred, its precise cause becomes irrelevant but we do need a strategy which will cover the ensuing effects.
In any viable business enterprise there are six core business needs or elements which combine to enable the cash flow that drives and sustains the enterprise. Some organizations may have other titles or labels for their key enablers but the core principle of monitoring and protecting these basic needs remains unchanged. The normal direction of cash flow may either be inward bound or outward bound; this will depend on the nature and the purpose of the enterprise. Commercial operations require a positive or inbound cash flow; charitable bodies may be set up for an outbound cash flow; a government department may seek to achieve either, or both, directions of cash flow, but in a controlled and responsible manner.
If any of these enablers should suffer significant damage, loss or interruption then the cash flow becomes a cash drain (2). In other words, cash begins to flow in the wrong direction which is a form of wastage that can harm the business. The survival of any business is largely dependent upon its income, which may have been accumulated and held in reserve or it may come in return for the delivery of valued goods or services. The other possibility is that funds are made available as a result of investment in the enterprise or its aims; in which case the investors are likely to withdraw their contribution and support if they should ever lose faith in the organization’s capability to deliver what is expected and has been promised.
Whenever one of these essential elements is weakened, delayed or diverted it causes a seepage which may even go unnoticed for a while. This means that the business has lost control over the direction, volume and pace of its lifeblood - the cash flow. Meanwhile, top management could be blissfully unaware of the fact that the enterprise is in decline and slowly decaying. In those situations where one of the essential elements is actually terminated or absent, the loss of control becomes a cascade, disaster looms and panic sets in. An interruption sits somewhere in between these two extremes. Early recognition of skewed cash flow, which depends on alertness and knowing what to look for, is the key to survival.
The six disruptive scenarios are those situations in which there is an unexpected and detrimental loss of one or more of the essential business elements: i.e.
- Loss of access.
- Loss of people.
- Loss of supplies.
- Loss of communication.
- Loss of function.
- Loss of data.
The diagram below illustrates how these essential elements can either work together for the benefit of an organization or how their absence can prove costly and pose a threat to its survival.
Loss of access is the category which covers all those circumstances where personnel are denied access to the company’s premises or facilities. This might include anything from an earthquake which has destroyed the premises, to a storm which has damaged the property, or a bent key that can’t open the door. The business continuity plan has to provide the basis of a solution which is likely to involve access to alternative facilities or, in some instances, a rapid repair capability.
Loss of people means that some, or all, of the workforce are either unable or unwilling to carry out their normal tasks. They may have been disabled by sickness or injury; or they may have withdrawn their labour for some reason or a cause which they subscribe to. Other possibilities include absence due to extreme weather conditions, lack of transport, changes of circumstance, violence on the streets or a blockade which prevents their attendance. Your business continuity plans need to cover this type of eventuality through the use of alternative or temporary people who may require specific training or qualifications. Detailed working instructions and scripts may also be required to support such plans.
Loss of supplies means a shortage of ingredients or materials to support the production and delivery of normal goods and services. This may be caused by damage to existing stock or the storage area where they are held. Such problems can be due to extreme weather conditions, power failure leading to loss of heat or cold, flooding or fire. Loss of supplies may also occur because of a failure within the supply chain causing stock to be delayed or not delivered. Business continuity plans need to ensure the timely supply of all such materials under emergency conditions. This may entail pre-arranged purchase orders, alternate suppliers or comprehensive shopping lists. The details of the arrangements will vary according to the urgency, volumes and uniqueness of the supplies involved.
Loss of communication describes a situation in which some or all of the important communication systems become ineffective or corrupted for whatever reasons. This may be caused by storm damage, power outage, flooding or problems with the service provider. It is also possible that the authorities may limit or shut down the services in a particular area. This especially applies to mobile phone networks; satellite and landline communications are rather more difficult to control in this way.
Loss of function occurs whenever an important item of equipment is out of service for some reason. This might be due to poor or unscheduled maintenance, a power failure, accidental damage, vandalism or the equipment may simply be unavailable or unusable for some reason. Perhaps the lease has run out or the certificate of insurance has expired. Business continuity plans should cover this situation by providing, or enabling access to, alternative equipment. Another solution might be to outsource the related activity whilst the original equipment is restored.
Loss of data is any situation where one or more functions of the business are unable to access important information. This may be due to some form of technical or system failure which prevents access to the data. It could also be caused by corruption somewhere within the database which makes the data unusable or unreliable. Critical information which the business depends on for current activities may be missing, incomplete or inaccessible. Business continuity plans need to be able to cope with these eventualities and establish a means of recapturing, retrieving or replacing the missing information.
While there may be literally thousands of causes which can lead to a disaster and hundreds of possible consequences, a continuity plan only has to deal with the effects which comprise these six disruptive scenarios: the loss of access, people, supplies, communication, function or data. Furthermore the plan only needs to offer guidelines rather than detailed directions, except where particular procedures require specific instructions. It is virtually impossible to predict, in advance, precisely what has to be done due to the almost endless list of minor issues and side effects that might require attention. A realistic business continuity plan is one which is designed to be interpreted according to the prevailing circumstances and those circumstances can’t be accurately predicted; they have to be assessed and addressed at the time. By dealing with the incident promptly and effectively one can limit the immediate harmful effects and control or reduce the resultant consequences.
Obviously, expertise which comes from practical experience will prove to be a tremendous asset whenever the business continuity plan is invoked. The benefit of competence and confidence developed through regular exercising and training is an essential ingredient of any reliable performance, especially under trying circumstances such as one is likely to meet in the wake of a disaster. It is not for nothing that our teachers tell us that ‘practice makes perfect.’
It is my contention that any business continuity plan which addresses each of the six disruptive scenarios described above provides us with a sound basis for recovery from any physical disaster, irrespective of the actual cause or trigger event. This conclusion is based upon 40 years of practical experience in the disaster recovery services industry and the business continuity profession.
I do not consider that business continuity should be expected to offer protection for a non-physical disaster such as bad management although it is likely that some of its tools, techniques and functions may prove beneficial in such situations. For example, a well prepared and practiced crisis response capability could help to limit, or even contain, the damage caused by mismanagement.
So what, if any, are the implications of this hypothesis? How can we make effective use of this concept or is it just a smart idea which serves no practical purpose? My feeling is that this model should be used as a benchmark whenever we are trying to assess the viability of the business continuity arrangements. In a review or an audit we should try to establish whether the plans, procedures and skills are in place to deal effectively with each of these situations. Obviously, this implies that we should be taking them into account during the design and development of our business continuity strategies and tactics. I see the capability to deal with these six disruptive scenarios and their implications as the basic design concept of our profession. The concept also provides us with a useful vehicle for conveying our messages to top management in simple, meaningful terms which they can easily understand, assimilate and appreciate. In this non-technical management and control setting one might describe the six essential elements of business as our ‘Guardians against Failure’ or the ‘Components of Success’ to emphasise their importance and value.
Jim Burtles, Hon. FBCI, is the Principal of Total Continuity Management. He was a director of the Business Continuity Institute from November 1994 to November 2009 and was awarded an Honorary Fellowship of the BCI in 2010.
(1)The principal concern at the time was the capability of computer systems to deal with the rollover of dates from year 1999 to 2000; especially when expressed as x/x/99 and x/x/00
(2) Minor damage, loss or interruption introduces a problem that should be handled by regular management processes. Significant in this context is used to describe an incident which exceeds a pre-determined threshold of tolerance or where the impact could become unacceptable.