July 7th proved that Business Continuity works – BUT LESSONS MUST BE LEARNT
Category Business Continuity Management BCM - 7th July - Research - BCM Planning
The July 7 bombings proved to be a steep learning curve for business continuity. One year on, Mike Osborne looks into what has changed.
ICM and Continuity Central conducted a survey aimed at discovering whether the events of July 7th have had a lasting impact on business continuity practices. 161 usable responses were received and they make fascinating reading.
A surprisingly high number of respondents had to use either all of part of their business continuity plan on July 7th. Overall, 45 percent of those reporting that they had a BCP in place activated elements of their plan and it seems that in most cases the business continuity plan performed very well. A very encouraging 90 percent of respondents who had used their plan reported that they were either ‘very pleased’ (35 percent) or somewhat pleased (55 percent) with the effectiveness of the business continuity plan. Only 9 percent were ‘somewhat dissatisfied’ and just 1 percent were ‘very dissatisfied’ with its effectiveness.
The attacks on London last year posed several challenges which had not previously been considered in terms of continuity arrangements. Until that day, many businesses believed themselves to be up to date on continuity, with sufficient plans in place. These plans however, were based on experiences of IRA bombings, where blast areas typically covered a 730 metre radius. In these eventualities, communication with staff, provision of transport solutions and relocation to your designated BC centre were of fundamental importance. The prospect of co-ordinated, simultaneous attacks which would cut off transport links, render telecommunications ineffective and cause multiple invocations in the same area, was simply not envisaged in most cases.
One year on, this research shows that July 7 has had a direct impact on business continuity. Firstly and most importantly, business continuity was seen to be generally successful in its contribution to keeping businesses running following the incidents, justifying the investment many organisations have made. Secondly, those that were deemed to be successful with existing plans have reviewed them and identified changes to be made as a specific result of that day’s events. This shows that business continuity plans, even successful ones, always need to evolve, both to match the changes made within the organisation, but also to reflect and accommodate new risks and market dynamics.
One of these dynamics is that business continuity is no longer a niche service embraced by the few; indeed it is now mainstream and increasingly seen as ‘best practice’. Problems regarding lack of knowledge or information about syndicated services and equitable sharing schemes came to light very suddenly on July 7 itself. It seems businesses had not previously considered whether or not its business continuity provider could offer sufficient capacity to support multiple invocations.
Out of all the findings from this research, it is perhaps most surprising then that one year on, research results suggest that even now, many providers are unwilling to communicate the risks associated with shared services, and many businesses seem to just accept that they are not entitled to this information. This is simply not the case, however it will continue to be compounded by the increased level of business continuity take-up also highlighted by the research. Despite the fact that 73% of respondents are concerned about concentration of risk, a staggering two thirds are not even aware of the maximum syndication ratio for their contracted services.
The need for transparency is of the utmost importance; risk profiles of services need to be continually monitored and communicated to clients, in order that they know exactly where they stand. The FSA and BCI have both published and recommended a Voluntary Supplier Risk Declaration in relation to third party provision and it is paramount that this be adopted by both suppliers and contracting organisations if the integrity and future performance of continuity provision is to withstand the next wide area incident.
In summary, it’s important that lessons are learned from July 7 and those lessons are that business continuity plans need to be reviewed and tested regularly, and that companies need to push their business continuity providers for information relating to their syndicated services.”
Notes:
CLICK here to download a PDF version of the results
END
Mike Osborne is Managing Director of Business Continuity of ICM Computer Group.
For further information, please contact Frances Longley, PR Executive HERE!
If you would like to comment on this article please contact us directly HERE!
Creating Continuity ... Building Resilience ...
If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.
___________________________
