Business Resilience in a Post-Pandemic World

Many enterprises harbor the misconception that they can adequately respond to a disaster when in fact they lack the business resilience to do so. This operational deficiency was exposed during the imposition of the extended lockdown around the world owing to the COVID-19 pandemic, almost invariably accompanied by downturns in revenue.

Numerous factors have surfaced amidst the new normal that now need to be taken into consideration. Besides ensuring that all necessary precautions have been taken when staff members resume work at office, companies must also develop short term and long term plans for new and emerging threats that can arise in a changing work environment. Business resilience needs to percolate through all strata of infrastructure in order to fully integrate with the firm’s operational environment.

Organizational culture and business speed play a crucial role when preparing for occupational hazards, especially when a large portion of the staff is logging in remotely.

The following are some of the best practices businesses around the world are embracing to bring about a metamorphosis in their resilience model that’s relevant in a post-COVID-19 world.

Taking a Leaf Out of the COVID-19 Response Playbook

Most businesses realized their business continuity, crisis management and pandemic response capabilities left a lot to be desired only when they had to put them into action during the pandemic. Putting together a resilience framework that covered all aspects of operations also exposed the shortcomings of their existing disaster recovery solutions. Very few BCDR solutions actually cleared the COVID-19 litmus test.

Plans were found to be merely skimming the surface. Enough thought hadn’t been given to specifics. A lot of the information in the plans was obsolete. The solutions didn’t have the wherewithal to deal with crisis situations that extended beyond a month. Business continuity for IT processes was insufficient. As a result, the entire spectrum of operations, including crucial focus areas such as security and support, were stranded in troubled waters. Preventive and preparatory measures had been completely overlooked. The transition to a work from home model caught many unawares and was fraught with obstacles.

IT teams had limited capacity to handle a widespread crisis. The staff was more often than not under-prepared for plan execution. The silver lining to an otherwise dark and murky COVID-19 is that this pandemic has provided an extraordinary learning curve for BCDR teams around the world to develop solutions that are more relevant, robust and resilient.

Creating a blueprint of the organization’s resilience framework is of paramount importance. Investors and stakeholders want a solution that’s capable of deploying a sustained response effort spanning months, even years, if required. This requires involvement from the organization’s highest level of authority. Given its implications, developing a resilience plan should be a collective effort that involves key personnel from all crucial departments to deploy a layered response that can simultaneously address multiple issues.

The organization’s business resilience must be examined under the microscope to identify segments where discoveries made during this COVID-19 pandemic can be implemented.

A good place to start is by putting together an executive team that consists of staff members who carry out crucial tasks so that the organization’s business resilience framework has taken all points of view into consideration.

Besides covering risks within and without the organization’s purview, business resilience must also address operational grey areas where the boundaries between internal and external risks tend to blur. Delegating roles and responsibilities, as well as holding individuals accountable for the completion of specific tasks can be tricky in such cases.

One of the main challenges for the business resilience executive team is to distinguish what’s within and beyond the organization’s control, based on which BCDR teams can arrive at tangible response mechanisms.

Extending Business Resilience to External Entities

Business operations often extend beyond the organization’s local environment to include dealings with third-party entities. Resilience measures in such cases are limited only to cyber security, data protection and other commonplace issues, and lack the capability to handle sustained outages. Even business resilience audit drills seldom tackle the major pain points that can severely hamper the delivery of mission critical products and services.

For most businesses, these shortcomings were exposed during the COVID-19 pandemic.

BCDR teams are being forced to ensure that the organization’s vendors have adequately equipped and tested resilience plans and that their employees have been sufficiently trained to execute them.

Response strategies designed for the long haul have become extremely relevant in the wake of recent events and vendors are expected to protect their operations for a minimum of two to three months, or even more.

Businesses must also steer clear of extreme dependence on vendors from a specific region. To protect against location specific risks, the organization’s vendor base must be spread out across a wide area span. Even if all the vendors are located in the same region, the business must ensure that these vendors have alternate facilities in geographically dispersed locations from where supplies or services can be procured.

There’s no harm in managing a vendor list that includes a list of second and even third alternate suppliers that will inevitably become necessary during a pandemic such as COVID-19 where everyone in the business world is impacted.

Revisiting the Organization’s Macro Level DR Solution

Staffing constraints, intermittent external service slowdowns or outages, and many other issues during this pandemic have obliged businesses to migrate operations beyond the confines of conventional workplaces.

Giving undue importance to minor details can also hamper the plan’s overall effectiveness at the macro level. Frequently conducted testing drills can protect business from as many different types of crises as possible. Given the strategic importance of connectivity during this pandemic, network infiltrations or an IT shutdown could be severely damaging. So organizations need to ensure that both their and their vendors’ IT infrastructure is doubly protected.

A detailed scrutiny of DR solutions from close quarters would reveal that most of the plans aren’t being updated at the rate at which production environments evolve. Testing exercises don’t exhaustively test all components of the plan. Another issue that became relevant during the pandemic was how key personnel implemented different plans from a remote location.

As a result, provisioning geographically dispersed human and data center resources became important. Businesses now need to monitor environments that comprise multiple, dissimilar platforms, and respond to issues, remotely. This requires numerous checks and controls to keep a constant tab on all performance parameters across the IT infrastructure. Unavoidable disruptions can be anticipated well in advance, giving BCDR teams sufficient time to prepare for the same, and mitigate their impact.

Embracing Learnings from COVID-19 for a Resilient Future

Many businesses found their pandemic preparedness falling short of the COVID-19 requirements and were still holding on to archaic approaches. Now, having gone past the initial hiccups of adjusting to the new normal, organizations want to ensure that their response to the next pandemic, whenever that occurs, is smoother and more seamless.

Some companies are already laying the groundwork as the time is ripe to make arrangements for the next pandemic.

In addition to conventional constraints such as the simultaneous unavailability of an extended number of employees, BCDR teams are also revisiting current and yet to be developed plans to revamp them so that they address the entire gamut of health and safety hazards.

Some focus areas of this initiative include:

• Preventive, mitigation and recovery measures to safeguard the health and well being of permanent employees, contractual staff and guests
• Keeping mission critical processes up and running, which includes provisioning backup support staff, services and vendor supplies
• Leveraging flexibility across all response plans so that businesses can adapt in an environment where there is a constant interplay of multiple factors
• Establishing norms for sharing low and high priority information within the organization and with external entities as well
• Delegating roles and responsibilities to individuals who are held accountable for the proper execution of specific tasks

A pandemic-ready business resilience capability is the new need of the hour that businesses around the world are working towards.

Conclusion

The COVID-19 pandemic has driven home the importance of business resilience through the better part of 2020 and enterprises are gearing up for a more robust operational model as their monetary benefits are undeniable.

Enterprises that follow the best practices outlined in this article can be rest assured of insulating themselves against disruption without compromising on business speed.