January 16, 2004—Just because you have a business continuity plan in place doesn’t mean your organization is safe from disaster, especially on the IT front, new research has shown.
A study undertaken by Compass Management Consulting found that 98% of companies questioned had business continuity plans, but over half (58%) still suffered an IT disaster during the last five years. Of these companies, despite having the plans available, only 38% actually invoked measures to solve the problem. What is most concerning, says Compass, is the finding that of those that invoked their plans, 71% still reported that business was impacted.
A combination of factors result in measures often being inadequate, the research reveals. Failing to review plans on a regular basis to ensure that all current eventualities were catered for, not viewing business continuity planning as a dynamic process that requires adaptability, and failing to incorporate critical elements such as risk analysis and business impact analysis into plans were all responsible for allowing problems to develop.
Compass advises organizations to undertake a complete review of their business continuity plans, including risk analysis and business impact analysis, on an ongoing process—rather than as a one-off or irregular event. Companies need to view this as an investment in the future that provides valuable competitive advantage, the firm argues.
Says senior consultant Debbie Rosario: “When you consider that large companies spend small fortunes on implementing a business continuity plan, these results are very surprising, and indeed, very worrying. She adds: “There is a tendency to assume it always happens to someone else, and hopefully these figures will shake companies from their complacency, help educate them and encourage the implementation of appropriate measures.”
“Corporates need to adopt an end-to-end approach to business continuity planning, considering risks across the supply chain. Senior executives need to first identify the critical business operations that are dependent on SME suppliers and then take steps—working with their procurement departments—to ensure that these suppliers are compliant within a corporate governance framework,” Debbie Rosario said.
—Elliott Chase
Reprinted with permission; copyright 2004 i-FM
