Before you go any further with this post, you should be aware that I will be including a naked plug for my consulting service. The plug will come towards the end, and I'll make sure that the "plug" paragraph is obvious - so, if you like, you can read most of the post and ignore that section.
So - Business Continuity. Every firm - every type of firm - must be considering and planning its business continuity. Surely that's obvious. Every firm thinks about what would happen if some sort of major problem or disaster were to occur? Sadly it would seem that a great number of organisations have not thought about it in any sort of systematic manner. I should very much like £5 every time I hear "Oh we all know what to do - but it's not, as such, written down...". I don't doubt that they understand how to evacuate the building (although I have known that to be a problem too) - but Business Continuity is so much more that that. What will happen the next day if the building remains unavailable? Where will people work? Will the telephones work? How will we get our email? Where are my files...?
According to statistics generally agreed and quoted so often by diverse organisations including The Institute of Risk Management, 90% of companies that lose data in a critical incident go bust within 2 years, and 80% of businesses without a Business Continuity plan are forced to close within 12 months of a fire or flood.
So why don't organisations do it? I find it very surprising - particularly when law firms are required by the SRA (through Rule 5) to manage risk and ensure continuity. More importantly, how do they sleep? I remember when I had operational responsibility for large organisations - my first though was, to quote "Marathon Man" "Is it safe?"
Business Continuity Planning (BCP) is not difficult - in fact most of it can be quite fun for those involved. At the heart of most BCP is scenario planning - getting an appropriate group of people together in one room for a few hours to "walk through" some sort of incident to see what would be done now and what could be done better in the future. I have yet to find a firm that wasn't deeply concerned after the first walk through a scenario - as it becomes quickly apparent that communication systems are inadequate and that there are wide differences in understanding and expectation throughout the firm.
I repeat - this is not complicated and yet so many firms do not do this. Small amounts of planning before an incident will ensure that the firm recovers from it - something that is not otherwise guaranteed.
OK - here is the naked plug. I have a good deal of experience in introducing firms to structured assessments of risk and to BCP. Let me come on site and walk through one serious incident with your team. After two to three hours we will see the state of your Business Continuity. If all is well then you will have the satisfaction not only of being assured that your firm is well managed and of having passed this audit, but of knowing that your can sleep a little more easily at night. If issues arise during the walk through then you have the satisfaction of knowing that you have started to consider your risk and that you are well placed to sort the problem out.
Contact me for more details: Peter Blair 020 3286 5610 or 07885 901297 or the Mar-aon web site.
Interesting post Peter... do you think that the events of this year so far (the "snowpocalypse" and the Icelandic ash clouds) should really have focused people's minds on this a bit more?
ReplyDeleteThese are pretty minor events from a business continuity perspective (and critically the impact is on everyone and not just one particular firm), but I do wonder whether they have made managers think more about what they might do in the event of a serious incident... or is this not enough to overcome the ostrich mentality?
Thanks Jon - yes you'd think that recent events (and we could go back to the threat of pandemic too) would have spurred firms into action. Sadly I see a great number of firms who continue avoiding the subject.
ReplyDelete