Business Continuity Planning (BCP) involves understanding risks such as natural disasters, facilities and supplier outages to a business, and putting into place a robust mitigation plan for prevention. BCP is important for both large and small enterprises. In large organizations, BCP is driven by a systemic organizational process.
In 2011, three significant events have put the spotlight on Business Continuity Planning:
• Natural Disasters in Japan and Thailand along with their unanticipated consequences
• Online Activism and Hacktivism in UK and Middle East
• Cloud and Telecommunication outages from global providers
Natural Disasters in Japan and Thailand along with their unanticipated consequences The earthquake, tsunami and resulting impact on the Fukushima nuclear plant created a disruption in power, population unrest, and withdrawal of expats which disrupted supply chains of Japanese firms. For most of the large Japanese firms, the floods in Bangkok came as a second whammy as this led to further shutdowns. In the case of Japan, the country was well geared to face earthquakes, but the tsunami and its unpredicted consequences amply demonstrated how difficult it’s to model the vagaries of nature.
The three learnings from these incidents are:
1. Natural Disasters cannot be accurately modeled or planned for. They do happen and due diligence in site selection helps.
2. In Thailand, costly equipment was damaged because the communication was not in an international language or as timely to foreign managers, hindering precautionary actions. This has to be anticipated and built into the plan.
3. Time to recover varied from a minimum of three months onward for large firms
Online Activism and Hacktivism in UK and Middle East
Online activism in UK and Middle East, arose spontaneously triggered by a single event like the death of Mark Duggan in UK—a 29-year-old father of four shot dead after being stopped by the police—and in Egypt, Khaled Said, a 28-year-old businessman who was pulled from an Internet cafe and beaten to death by security forces. This resulted in the virtual shutdown of several countries for months and in some cases, turning of the Internet partly or wholly which impacted businesses. The extreme form of online activism, Hacktivism, saw significant hacks such as that of Sony Playstation Network by Anonymous, a Hacktivist group which halted the company operations for over a month, resulting in losses to the tune of $ 200 m.
The three key learning from these incidents are:
1. Online activism or Hacktivism can spontaneously result in disruption at a scale which is unprecedented. An analysis of the stability of the political environment and its impact on the functioning of the country is paramount to BCP planning.
2. Resetting a country involves a regime or policy changes that take years. Therefore do not expect a short-term effect on business operations.
3. Social unrest in a recessionary world is on an uptick and is not solely related to third world countries as believed prior.
Cloud and Telecommunication outages from global providers
There were several cloud and telecommunication outages of major service providers in 2011. Reddit, Foursquare, and Quora were among the many sites that went down recently due to a prolonged outage of Amazon's cloud services. These outages lasted 3-4 days on average, and were primarily due to the inability of the service providers to understand the complexity of their infrastructure. So despite there being a robust Business Continuity Plan by these service providers, it did not factor in their inexperience due to the newness of the technology, and limitation in understanding technology underpinnings and their interactions. Failure of Telecommunication services by an Indian service provider a few days before New Year impacted year-end sales as well as customer services for both large and small enterprises.
The three important learnings from these incidents are:
1. Organizations sourcing to the cloud must ensure that they are contractually covered for such outages. At least for another year, companies should expect such outages.
2. SMBs should take precautions to build BCP plans when cloud sourcing which involveswork around processes and data backup.
3. Large organization must assist small suppliers build a business continuity plan through mandatory BCP specifications in supplier agreements as well as regular audit, and awareness training.
• A Strategic Approach to Security Risk while CloudSourcing
• Midsized service firms face business continuity issues if senior executives leave with operational data
• In 2011, Natural Disasters highlight importance of Business Continuity Planning