Bad at Business Continuity
Last night I was settling down to watch an episode of Criminal Minds on Netflix only to discover the service was unavailable. I waited to see if it would be restored but after 15 minutes there was still no resumption in service.
I was pretty annoyed – after all, I pay for a premium subscription and don’t expect the service to be unavailable when I go to use it. As such, it would seem they are not the only large organisation that don’t have adequate measures in place to ensure the continuity of their business. It is not too long ago when several large banks experienced issues with their IT systems – specifically RBS and Lloyds TSB in the UK.
But why are large organisations so bad at business continuity? Surely they don’t want to suffer the damage that results from a business interruption?
Damage to an organisation suffering a business interruption can be manyfold but can include:
- Damage to the organisation’s reputation and brand
- The cost of lost orders
- Compensation costs associated with customers not being able to access the services they pay for
- Fines for not complying with industry or governmental regulations
- Costs associated with resuming business as usual.
In short, the damage done to an organisation experiencing a business interruption could destroy it. They fail to plan for a crisis and as a result don’t have systems in place to ensure the continuity of their business.
‘By failing to prepare, you are preparing to fail’
Benjamin Franklin
But what can be done to ensure an organisation can continue business even when a major IT or other crisis strikes?
The answer is pretty simple really; they need to put in place an ISO 22301 business continuity management system (BCMS). ISO 22301 enables organisations to take a risk based approach to business continuity, putting in place adequate controls to manage the risks faced to the continuity of an organisation and mitigate them as much as possible.
Organisations can gain certification against ISO 22301 and thus demonstrate they have a system in place to ensure the continuity of their business and, more importantly, the services customers use.
Categories: Disaster Recovery Planning
