According to a recent survey, insurance brokers Marsh & McLennan asked 100 British risk managers which areas of risk management were fundamental to their organisation. Almost three quarters of the survey group stated that business continuity management was their number one priority.
Planning for business continuity requires careful consideration of a range of potential risks to your business operations. Of increasing concern is a scenario where a disaster affects a number of organisations in the same office building, street, city block or even suburb. “When it comes to disaster recovery, the concerns are diverse. CIOs say they still worry about the traditional problems, from those manual errors and little snafus that can crash a system to natural disasters like fire and flood. But they’ve also added new concerns that range from catastrophic power loss and network attacks to employee sabotage and terrorist attacks.” (Computerworld, July 2005)
Previous articles in this series looked at the consequences of failing to plan for disaster recovery, and the key attributes of a disaster recovery service provider. In this article we look at how you can avoid being left out in the cold if your organisation and a number of your neighbours declare a disaster at the time.
What is a Multi-Declaration Disaster Scenario?
Dramatic events such as terrorism attacks, storms and earthquakes are often given as examples of multi-declaration disaster scenarios. However, lesser and more contained disaster scenarios also have the potential to affect the business continuity of multiple organisations. Examples of these events are denial of access, major telecommunications disruption or extended loss of power across the local grid. Any one of these could see you and neighbouring businesses declaring a disaster for anything from a few days to several weeks. And, if the affected location houses your core business systems, this will have repercussions on the operations of your entire branch network.
Will your business continuity service provider have the capacity to help you in such a scenario?
No Room at the Inn
You’ve developed a business continuity plan which meets your corporate risk management strategy and your corporate governance requirements. You’ve carefully selected a business continuity service provider with the appropriate disaster recovery facilities. The multi-subscriber server meets your specifications, and the recovery suite will house over 80 key staff at individual workstations – which can be rapidly customised to your standard desktop operating environment. Even your inbound contact centre can be accommodated, to minimize customer inconvenience and lost revenues.
You have established telecommunications links between the business continuity provider and your national network. You regularly – and successfully – test your business continuity plan and feel confident your organisation will survive a disaster which destroys your computer systems and renders your head office premises uninhabitable.
So, when a violent storm sweeps through your suburb one night, damaging your roof and causing water damage to equipment and facilities which will take weeks to put right, your first thought is that your comprehensive business continuity plan was an excellent investment. Unfortunately, within a few hours you discover you were wrong. A multi-national organisation up the road has also suffered storm damage, and under a global agreement with the vendor providing your business continuity facilities, they have first call. There is ‘no room at the inn’ for your business!
Business Continuity: Ability to Deliver
How can you mitigate the risk that a multi-declaration disaster will see your organisation without adequate support? There are no absolute guarantees that your business continuity service provider can meet your requirements in the case of a large-scale disaster. But in making your choice, you can investigate their existing commitments, as well as their policies for accepting business continuity contracts.
Ask about their methodologies for determining if they can accept new customers:
- Do they take location into account, to ensure they are not taking on more than they’ll be able to deliver in the case of a multi-declaration disaster? For example, would they accept two organisations under a business continuity contract from the same city building?
- Do they provide potential customers with transparency regarding other subscribers in their local area – or is there lack of disclosure, leaving subscribers owning the risk?
- Do they have strict ratios for the number of customers subscribed to a particular piece of equipment?
- Do they have multiple customer ‘flight decks’ to cater for technical teams needing access for systems configuration?
- Do they have multiple business recovery centres in different locations to cope with overflow in a catastrophic situation?
The ability of your chosen business continuity service provider to deliver in the case of a multi-declaration disaster is a key factor in your decision-making process. This small but significant risk should be recognised and managed by ensuring your business continuity provider isn’t over-committing resources – to the point that they’re unable to support you when you most need them.