The Glo-cal Approach for Business Continuity across Multiple Locations

DRI ANZ

To view this article in its original location, please click here.

What is the common factor between worldwide fast-food chains and successful business continuity management in different offices of the same organisation? The answer is that both use a combination of global and local approaches, otherwise known as ‘glo-cal’. For the fast-food restaurants, global rules that must apply everywhere include safety, hygiene, accounting and branding policies. However, on a country-by-country basis, establishments may be able to offer their clientele supplements or variations to the standard menu. A similar idea can be applied to implementing business continuity planning and management across different branch or country offices.

Business continuity standards and best practices are relevant to everyone. They describe the principles to be used, as well as the key processes. This foundation is essential if business continuity is to work correctly. Consistency between locations is important for ensuring efficient use of resources. It also allows different members of staff to step in and maintain business continuity if necessary. In addition, using the same proven process to reliably assess and plan for business resilience means that items are less likely to be overlooked.

However, local adaptations in business continuity management are also possible. For example, communicating and educating employees about business continuity might be done in different ways. In one office or country, the business culture may be to have formal training sessions. In another, on-the-job instruction and monitoring of employee business continuity awareness may work better. Part of the art of good business continuity is finding the right balance between defining policies and procedures that must globally be observed, and allowing suitable local flexibility to enhance people’s acceptance and enthusiasm for following them.

Have You Completely Understood Your Data Recovery Needs?

DRI ANZ

To view this article in its original location, please click here.

The whole is greater than the sum of the parts. Although you may have planned for individual components of data recovery after an incident, the overall impact must also be assessed. An example is the need to recover operations that have been successfully transferred to a disaster recovery backup site, in order to have them running once again on the primary site. In some cases, this final step can be even more complicated than the initial move out to the secondary site. Or you may have forgotten to include computing systems that live outside the perimeter of ‘official’ enterprise backup. A combined top-down and bottom-up approach can help to cover all the bases.

The top-down part of your understanding is driven by knowledge of the organisation’s overall objectives and critical sub-objectives. When you know which the mission-critical activities are, you can establish which data must be safeguarded and recoverable at all times for those activities. You can map out the systems they run on, the people who use those systems and the ‘go-to’ person for the security of any given system. With this portfolio of goals and systems in mind, you will be able to define any necessary priorities and take precautions to make sure that data recovery is done as fast as possible, but without overwhelming any individual application.

The bottom-up part requires observation of what is in fact being used by different employees or departments. Bring Your Own Device (BYOD) computing may mean data being stored on mobile computing devices that have not yet been included in systematic data safeguards. Strategically important spreadsheets may be held on local systems that are isolated from your data centre servers. All these devices need a suitable path defined back upwards to bring them into the data recovery plan. When you can track every top-level goal down to its constituent systems and data, and every IT resource back up to a business activity and objective, your understanding of your data recovery needs will be measurably improved.

Supply Chain Business Continuity and the Weakest Links

DRI ANZ

To view this article in its original location, please click here.

The supply chain is one of the few possibilities left for a company to be truly competitive. Technology can be copied rapidly and Internet has leveled the playing field for advertising and marketing. However, getting customer satisfaction and loyalty right through supply chain optimisation still offers considerable possibility for differentiation. That opportunity also comes with significant business continuity challenges. Supply chains are complex assemblies of many moving parts that require skill and good judgment to extract the best performance. In many cases, it also only takes one part to break for the whole chain to stop. How can better business continuity and resilience be achieved?

A first step to improved business continuity is better supply chain visibility. But organisations need to know more than just what is going on in their own supply chain operations such as warehousing, production, sales and logistics. They also need to know about the resilience of their upstream suppliers and their downstream service providers. If you can’t get the raw materials you need or if you can’t get your finished goods delivered to points of sale, your business will still suffer. It’s important to understand that your weakest link may be completely outside your own organisation.

As supply chain thinking continues to evolve, so do opportunities for improving business continuity. One idea is to increase the modularity of the supply chain and the possibility to use ‘commodity’ resources that can be swapped in and out according to requirements. That won’t stop breakages or interruptions, but can shorten them and make it easier for an enterprise to cover all the bases. Another possibility is to replicate supply chains to have one per business unit, rather than just one for the whole company. With proper overall resilience built-in, an outage in one supply chain should not affect the operation of the others, and the enterprise as a whole becomes more robust.

Threats and Horizon Scanning Make Lateral Thinking a Must for Business Continuity

DRI ANZ

To view this article in its original location, please click here.

“Be prepared”, say some. “Expect the unexpected”, say others. But predicting the future is a delicate matter at the best of times. There’s a balance to be found between preparing for visible, likely and significant threats, and trying to root out business blind spots. If your enterprise is located in an area prone to bad weather, earthquakes or unrest, you’ll already have those items on your business continuity checklist. But what about the unseen, unsuspected threat, also known as the Black Swan event, of the type that has already wiped out companies and even complete industries?

Asking how you can prepare to counter a Black Swan event is of a trick question. According to Nassim Nicholas Taleb who coined the description, the whole point about such an event is that you cannot predict it. It comes as a complete surprise. However, you can turn your thinking around and consider areas of vulnerability in your enterprise. This is the same as focusing on outcomes of events, rather than the individual events themselves. For instance, lightning strikes, hacker attacks and computer operator error are all different events. But their common outcome may be that your IT facility fails to continue operating as it should.

A few mental gymnastics like this will also help you to limber up for the rest of your business continuity management. By looking at situations, threats, vulnerabilities and resources in different ways, you are more likely to improve the overall effectiveness and the efficiency of your BCM. Better still (and this sometimes requires even more lateral thinking), you can also start to identify ways in which good business continuity management has a net positive effect on profitability and productivity, instead of just preventing negative impact.