Business Continuity Management (BCM): Why You Must Refresh Your Strategy Now

By on
Business Continuity Management (BCM): Why You Must Refresh Your Strategy Now
While most business leaders didn’t traditionally take Business Continuity Management seriously enough and would rarely consider an infrequent event such as a pandemic, COVID-19 has certainly changed the course of thinking.

What a difference the past decade has made on business and IT operations from a business continuity management (BCM) perspective.

When the Swine Flu hit in 2009, the biggest challenge for organisations was how they would operate with a 40 per cent workforce absenteeism rate.

In 2020, advances in remote work and remote access technologies has reduced the need for onsite operations for many organisations. This has meant that the biggest challenge during COVID-19 has been how to continue business if it required face-to-face experiences or production operations. For those workers that didn’t need to be there in person, the challenge was how to establish a strong and robust remote work strategy. Now, and into the future, we see many employees not wanting to go back to the office due to health concerns, family management issues and overall work/life balance.

The impact on business operations and Business Continuity Management has been swift and comprehensive, mainly because of how workforces and facilities were affected. Most organisations have planned for traditional crisis events that last up to 30 days at most, or that may affect a single site, but COVID-19 has been an entirely different ball game.

Not surprisingly, Gartner has experienced a huge increase in interest in BCM recently. Organisations are looking at either starting a program; maturing an existing one; and carrying out or updating their risk assessments and their business impact analyses. They’re also revisiting how the BCM program is governed, while expanding the focus from recovery to organisational/operational resilience.

Focus on Business Continuity Management recovery plans

Since the Swine Flu, pandemic management plans — if they existed — were more likely organisational “history books.” Few organisations maintained their plans created in 2009, leading to a near complete ad hoc response to COVID-19.

While the experience is still fresh, update your recovery plans based on findings and lessons learned from the COVID-19 response. The threat of a pandemic will always be present. Having a pandemic Business Continuity Management plan is of vital importance as you don’t want to make decisions in the heat of the moment when resources are restricted or unavailable. Put heavy focus on crisis management – how will the business manage the event overall?

Conduct a business impact analysis

When COVID-19 hit, many organisations didn’t understand what business processes, personnel, facilities, IT and suppliers/third parties were mission-critical to the organisation.

Carry out a business impact analysis for your organisation and update it regularly for changes to business and IT operations. Having this analysis allows organisations to more smoothly respond to a pandemic or any other business disruption. They also incur less expense with remote work activities due to a pre-defined level of equipment (laptops, printers, monitors), remote access and collaboration/meeting needs.

Expand crisis management function

A Business Continuity Management program and crisis management team must include representatives from all business units from all geographic regions. Plan for frequent crisis communications to employees, as well as to external stakeholders such as suppliers, customers and regulators.

There are tools that can help:

  • Emergency/mass notification services send messages to employees when they’re not in the traditional workplace.
  • Business Continuity Management program software can be used for recovery plan access, mission-critical business processes, personnel, facilities, IT, suppliers/third parties and equipment.
  • Simulation software helps exercise response and recovery for pandemic management plans, as well as for multiple crises occurring at the same time.
  • Hazard/threat intelligence services and a crisis/emergency management solution can be used for managing the entire business disruption.

Don’t forget third parties

Assess the importance of third parties when considering Business Continuity Management, then develop recovery strategies for those deemed mission-critical. Ecosystems that include the supply chain, business and IT outsourcing, multi-government systems and other third parties create a ripple effect when one piece isn’t operable.

If we look at cloud services, for example, don’t be lulled into thinking that they have their own recovery strategy. There’s little evidence that providers are well-positioned to address the recovery needs of clients, especially around data. A focused contingency planning practice must be implemented for every provider.

Tap into IT disaster recovery strategies for Business Continuity Management

The response to COVID-19 didn’t have a direct impact for organisations to activate their IT disaster recovery plans. However, some portions may have been activated in support of remote working – added network capacity, increased remote VPN licenses and instability of home networks all contributed to activating portions of the recovery plan.

With many business models forced to become more digital during this time, a more resilient infrastructure will be required to support higher degrees of availability, which often takes it out of the realm of IT disaster recovery. Other scenarios such as cyberattacks or natural disasters will have an impact, so advanced planning is required for a prepared response.

Weather the storm

While most business leaders didn’t traditionally take Business Continuity Management seriously enough and would rarely consider an infrequent event such as a pandemic, COVID-19 has certainly changed the course of thinking.

By having short and long-term BCM plans in place, your organisation will be in a far better position to ensure continuity of operations

Roberta Witty is a VP analyst at Gartner, in the security and risk management group. Her primary area of focus is business continuity management.

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?