Why and how you should protect your services
In a recent survey on global risk management by Aon Risk Solutions the greatest risk identified by company executives was ‘damage to brand’, whilst the seventh greatest risk was a ‘business interruption’. It struck me that for broadcasters and service providers these risks were probably one in the same thing.
The challenge is that everyone expects seamless service – whether it’s TV, radio, internet or just wifi – and if the service is unavailable for customers, it’s a huge problem for the provider. Reputations nose-dive overnight, recovery costs are often high and it takes a long time to win back customers’ trust.
So how well prepared are organisations for a reputation-damaging unexpected event? Market research firm Frost and Sullivan found that only “31% of IT executives felt adequately prepared for outages and disasters”. So perhaps not ready enough. Despite the fact that business interruptions appear on most corporate risk registers as a concern, many firms just aren’t prepared for unexpected events.
But what are the risks of a serious interruption for broadcasters and service providers?
Most services are built on fully backed-up systems meaning that if any one component fails the back-up system will do its job and the service will stay live. However in reality there are always weaknesses in systems, no matter how well designed. For example switch points or transmission ‘single points of failure’. Many systems these days provide a great deal of automation. However despite this most systems need human intervention from time to time thereby increasing the threat of service outages. Threats to cyber-security are also a risk – viruses and malware – where a single issue may affect multiple management systems.
Then there’s electrical systems. Electrical outages used to be a huge concern, but nowadays many service providers have invested heavily in generators and uninterruptible power supplies to avoid the obvious ‘power outage’. However they do still occur from time to time, and when they do, it’s often catastrophic – ironically because the systems are so reliable only one or two absent people know what to do in the event of a fault.
The point is, we can build in as many back-up systems as possible, but it’s about achieving a balance of cost and risk. A business clearly isn’t going to spend £5m on measures to protect customer contracts worth £1M. Also you can’t protect yourself from every eventuality. If it’s going to happen sometimes all you can do is be ready to react.
This is why business continuity management is not just about preparing for outages caused by ‘self-imposed’ triggers – it is also about preparing for external triggers – fire, flood, weather events, terrorist threats, sickness, etc. The world is becoming a much less stable place – politically, technologically and environmentally. This is why a business continuity plan can be worth its weight in gold. An effective plan doesn’t just cover what to do if a foreseen event occurs, it will also provide a general framework to respond to any unexpected event that threatens your business.
So what can you do about this risk?
Here’s some simple steps you can take to build an effective and sustainable business continuity plan.
- Work out what you want to achieve. What’s the scope? Are you just starting out or do you need to update an existing plan? Who will be responsible for it, and who are the stakeholders?
- Establish what needs to be protected – which services, which facilities, which resources. You can use a tool called Business Impact Analysis which helps you identify what you need to protect, how long you can do without resources and which resources are required to resume services after an outage.
- Work out the types of events that could impact an activity and resources used to deliver services. These events are risk-assessed by reviewing their likelihood of occurrence and impact. This enables you to focus your efforts on the high-risk events.
- Having established the high-risk areas, work out what actions would be required to maintain critical resources during an event. For example you might decide to cross-train some staff so they can cover for each other during absence of key individuals, or you may decide to establish a back-up control room.
- You can now update your Business Continuity Plan, ensuring the roles, responsibilities, contingency plans and resources are documented so they can be used for future reference, sharing with key individuals and teams, training, and if necessary during an event itself.
- The final step involves exercising the plan – akin to a fire drill. This is done to ensure key people understand, and can practice, their roles, and the plans are tested. Exercises can vary from small exercises for a single team to large exercises involving customers and suppliers. The important point is to ensure plans are effective and people understand their responsibilities.
So what are you waiting for – make sure you’re ready for the next unexpected event by developing and practicing your business continuity plan!