Information Technology

CEOs need to commit to a business continuity strategy

By Jonathan Sharp, Director, Britannic Technologies
Information Technology
Published: 5 June 2018

Business continuity is not a choice that businesses or organisations should make, it should be a mandatory requirement. Whatever the disaster is, whether it is something major like a terrorist or cyber security attack, severe weather or a fire, or something such as a general power or technology outage, businesses should not come to a halt. In today’s 24/7 fast-moving world businesses cannot afford to cease operations, and must carry on conducting business as usual. If they don’t, they will severely damage their brand and reputation, lose revenue and even customers.

One of the biggest common mistakes that we regularly come across is that the business continuity strategy is given to the IT department to set up and manage. The issue here is that they only think about the technology and not the overall business, processes and the people involved. Usually this approach is why a business continuity strategy may fail.

When devising a business continuity strategy, you should consider the 4 P’s, which are: people (staff and customers), processes (the technology and processes required), premises and providers, suppliers and partners. This methodology enables you to take a holistic view of business continuity across the business and not just focusing on the technology.

Commitment from the top
The first step in the business continuity planning process is to get commitment from the CEO and the Senior Management team. Then it is advisable to appoint someone to take ownership of the strategy, from the conception of the plan to managing it, and then evaluating it. If you don’t have these initial stages in place, then it is doomed to collapse.

Appoint an expert
Setting up a business continuity strategy and managing it is no mean feat, and it is advisable that you appoint a Solutions Provider who is accredited to the recognised business continuity standard of ISO 22301. They will help you in setting the strategy per the 4P’s, and work closely with you to ensure that you have the right technology in place for a resilient communications solution so you can carry on working should a disaster occur.

What are the key services to our business?
It is important to work out what is important to your business. Take your telecoms, for example. What would happen if you had a fire or a flood and your phones went down? List all the possible risks and potential disasters that could happen, and what could go wrong.

What are the most critical services that you offer and what has the greatest impact on your business for your customers, suppliers and partners? What would need to get restored very quickly if a disaster occurred? Here is an example: If you ran a contact centre and you had a power outage and all the phones went down, how would you get the contact centre back up and running as quickly as possible?

Processes – how do you deliver that?
What technology do we have or need to deliver the key process, now that we have understood what we need and what the impact is? Remember, the longer the delay goes on the greater the impact. Recently, TSB bank suffered a major IT failure that resulted in a breakdown of its core services. A planned migration of customer data to a new IT system went badly, disrupting the bank’s app-based services. Customers couldn’t use online banking for two weeks. This incident damaged their reputation and no doubt lost them customers. The longer operational disruption lasts, the more severe and costly the damage.

You will then need to assess how long you can go without your key services until the point of no return. Setting up processes within these timescales will vary according to the different processes and systems involved.

Connecting people
In the event of a disaster, staff maybe not be able to get into work and customers, partners and suppliers will not be able to contact them. Look at the different scenarios why staff might not be able to attend work such as snow, epidemic flu or an office fire. It is important to plan how you would manage these situations, how staff could continue to work regardless, and how you would disseminate information to customers and partners and suppliers.

Location transparency
If staff can’t access your premises then they should be provided with technology that enables them to work from anywhere, so if a disaster or issue arises they can carry on working from home, a coffee shop or another office. Customers, partners and suppliers shouldn’t be able to notice that anything is wrong.

Unified communications conferencing and collaboration solutions enable people to work from any location if there is an internet connection. Conferencing and collaboration solutions on mobiles and the desktop allow people to stay connected using the phone, email, desktop sharing and video conferencing. For example, if you operated a contact centre and there was a fire at the office, your agents could work from home, but the service experience for your customers and suppliers would still be the same.

A Solutions Provider can assist you in your technology review, evaluating what technology you have in place or to see if you do have or need a resilient telephony solution and system. Do you have a duplicate server? Is your data backed up? Can you access your data quickly?

Secure in the cloud
If not, then we suggest a cloud-based communications solution that is resilient and flexible, enabling you to keep staff and customers, as well as your suppliers and partners connected in the event of a disaster. The cloud solution is a resilient platform and a duplication of the technology systems that you use, so if a disaster occurs everything works on the duplicate server allowing you to carry on working as usual. SIP telephony provides resiliency as it is a self-healing network with a failover network ensuring that the telephone system never goes down.

Safe in the hands of a Solution Provider
The benefit of working with a Solutions Provider is that they will provide a managed service for the resilient cloud solution, which frees up your IT team to focus on other areas. It also means that you have access to the latest technology without having to invest in the hardware or specialist ICT skills. They know about the availability, the health of the network, the capacity and how well it is performing. They can also set parameters and alerts if the system starts to behave outside these parameters. Small adjustments and changes mostly stop issues occurring in the first place, or help to remedy hiccups before the customer even notices.

Federating with partners and suppliers
It is also imperative that you understand what business continuity plans your partners and suppliers have in place. If you rely on their network or systems and they suffer a disaster, how will this affect your operations?

An organic approach
A Solutions Provider will guide customers through this lengthy and detailed process, evaluating the risks, working out the different scenarios that could happen, and the technology and processes that can be implemented to recover the business as fast as possible. As part of the managed service they will also constantly test and rehearse all possibilities ensuring that your network doesn’t fail.

A business continuity strategy is the responsibility of the CEO and the Senior Management team and not the IT department. It needs to be viewed as a business strategy and not a technology strategy. It is essential that everyone in the business is briefed and knows what to do, and what their role is should a disaster occur. It is a circular process that constantly evolves and needs to be regularly fine-tuned and improved; the process never stops. It is a critical strategy that all businesses and organisations cannot do without and need to implement, so in the event of a disaster they can ‘keep calm and carry on.’

For more information visit www.btlnet.co.uk