The Modern State of Business Continuity
- Dec 03, 2019
“Crisis management,” “disaster recovery,” “organizational resilience.” Are these all just big words? What do they actually mean for organizations? And, how can managers actually use these concepts to protect their businesses?
Great questions. We have some answers.
If you’re a business leader, or anyone who wants to get up to speed on business continuity, crisis management, and organizational resilience in a quick, 5-minute, easy-to-understand read, checkout what Howard Mannella had to say.
Clarity & definitions around business continuity
First things first, Howard offered some clarity about terminology.
- Business continuity: The reestablishment of business operations and people productivity
- Disaster recovery: Concerns itself with the reestablishment of the IT infrastructure and the production of the environment
- Organizational resilience: The overarching discipline that pulls these ideas together to ensure the organization is able to withstand difficult circumstances
- Resiliency: Has to do with being flexible enough to overcome situations
- Recovery: Has to do with fixing something that’s broken and achieving a new normal
Analogy of resiliency vs. recovery
While some professionals use resiliency and recovery interchangeably, they are two different terms. You can have resiliency against events and recover from events. Howard broke this down further in the following analogy.
Think of two different planes: one is single engine and the other has multiple engines.
Business recovery is the “engine out” checklist for the single-engine plane. When something breaks, you have nothing to do but to try to recover from losing that engine.
Business resiliency is having a multi-engine plane. If an engine goes out, the flight will remain largely unchanged.
Example of resiliency vs. recovery
Here’s a practical example to understand the differences between resiliency and recovery.
Consider a company with multiple call centers, but each call center can handle only specific call types in specific languages. That company has little resiliency. Any impact to one call center would impose a need to recover from that event in such a way that had major impact to the business.
A more resilient business model would be geo-diverse and multilingual call centers. Then any event to one call center would cause little impact to the business overall.
What has (& has not) changed in modern business continuity
Positive changes in business continuity
In the last few decades, technology has allowed for better collaboration tools and has made becoming a geo-dispersed enterprise much easier. Further, communications platforms are now far more refined.
Also, a positive development is in how organizations use business continuity. Previously, it was called “business continuity planning,” but, now, we use “business continuity management.”
This change isn’t just a semantics game: It underlines a fundamental shift in the way business continuity is perceived. Before, it was a plan that went in a box and was casually reviewed for compliance reasons on an annual basis.
Now, business continuity is managed as part of the ongoing operations of a business. This means if and when an event occurs, the practice of continuity is not a shock to managers.
New challenges for business continuity
Cyber has opened up a whole new gap in potential outages.
Unfortunately, far too often, businesses don’t recognize that cyber outages are real business outages.
What’s on the horizon for business continuity
We asked Howard to pull out his business continuity crystal ball. He gave us a quick synopsis of what he sees coming in the near future:
Technology: Technology will continue to evolve and improve and so will business resiliency enabling.
New methodologies: New business continuity players are using adaptive business continuity methodologies and uprooting long held ideas. Some of these new methodologies are controversial, like streamlining or eliminating previous recovery steps. Some are innovative, like new ways to look at capabilities. Others are modern updates to best practices.
Exercises: In the past, one large quarterly or annual disaster event was practiced or planned for. Now, organizations are seeing the benefits of frequent, smaller, “flash events” that help build organizational “muscle memory.” These flash events create environments with truer-to-life scenarios that require more immediate decision-making.
Example: 10 years ago, managers would meet once every 12 months for a drill. They would pull out a large binder that discussed all the different scenarios. They would have a few days to put together a plan for xyz scenario. Good training now looks something like giving managers an hour to come up with a plan for a random scenario.
RACER (a quick cheat from Howard!)
As part of continuity best practices, Howard noted BC professionals have to remember things to use them. He created a little acronym for business leaders so they can easily remember some basic steps during a business continuity issue. He calls it: “RACER.”
Business never stops.