The Y2K phenomenon provided a clear demonstration that organizations were willing to commit financial resources to combat a problem that had been clearly identified. With the millennium changeover now safely tackled, however, the problem of planning for emergencies has become vague and less menacing.
Contingency plans drawn up to deal with the millennium bug lie discarded; the sweat and toil that went into them forgotten. But why let all the hard work, time and money that went into the creation of those plans go to waste? Why not profit from the experience, and turn them into something more generic and permanent?
The biggest lesson of the Y2K experience was the awareness of risk it created, including the importance of risk management and the realization that contingency planning involves more than IT infrastructure alone. Organizations now realize that planning should involve the business as a whole, including links with partners, suppliers, customers and the general public. This does not mean that anyone can turn their Y2K contingency plan into a generic business plan by waving a magic wand. To accomplish the transition successfully, it is essential to take into account a number of critical factors.
In today’s fast-moving business environment, plans cannot afford to be stagnant or rigid. A plan developed for a particular scenario today will be worthless in a matter of months, given the speed of evolution. One-off Y2K contingency plans, for instance, were worthless after the event.
A good plan is a ‘living plan’, one that is continuously maintained and updated – and is flexible enough to be adapted to constant change. A conscious effort is needed to achieve this. It is recommended that such planning be a permanent function of business; otherwise it is all too easy to forget how important it is.
The key to evolving successfully to general business continuity management is to build business continuity practices, rather than simple contingency plans. Business continuity is a permanent function, and should be managed by skilled personnel in permanent positions. This means the task will receive the attention it requires in terms of time, resources, budget and management support. Appointing dedicated personnel to the task also provides a central point of control and ensures a continuous process of maintenance, training and testing.
Effective business continuity management is a mindset, a permanent part of the corporate landscape – and it begins at the top. The support of senior management is essential in aligning corporate risks with corporate strategies. Integrating crisis management with formal strategic management enables organizations to improve their ability to avoid crises. Traditionally, organizations have handled crisis management and strategic management separately, with far more attention and resources devoted to the latter. By folding crisis management into the regular strategic management process, organizations can create a defensive capability for preventing crises – or at least minimizing their effect.
Integrating these two areas effectively means that companies are crisis-prepared rather than crisis-prone. The broader strategic approach makes businesses more aware of potential disruptions and of their vulnerabilities. It results in a sharper focus on the design of plans and systems, which allows companies to resume critical business operations quickly and with the least possible damage.
All too often, different departments within an organization do not talk to one another; they make decisions without considering the wider consequences. In the telecommunications industry, for example, high levels of competition and rapid technological advance mean that marketing personnel are under constant pressure to get products to market in the shortest possible time – often without giving sufficient warning to other parts of the company on which they rely for support.
Consequently, one discovers that the network department is not ready with the necessary support infrastructure, suppliers can barely keep pace with demand, the accounting department cannot handle new billing requirements, and so on. Risk assessment should have been carried out in the first place, long before the product reached the marketplace. A business continuity plan can act as a central point of communication, ensuring that all initiatives meet strategic management goals and mitigate the corporate risks arising from them.
Nevertheless, there are some important differences between the planning that went into solving the Y2K problem and the planning needed to deal with the unpredictable events that could potentially disrupt business. When using a Y2K contingency plan as the basis for an overall continuity plan, one has to reconsider its assumptions carefully. A general plan will probably be more flexible – and it will need to be.
With Y2K, for instance, it was known exactly when the event was going to occur and organizations could therefore be prepared for it. This of course is not the case with an unforeseen event. Monitoring of events in the first countries to hit Y2K gave an indication of possible problems and their magnitudes for those following behind. There is unlikely to be any such early warning system with an unknown event. With Y2K, many of the ‘work-around’ procedures were based on features specific to the problem (for example turning back the clock) or were feasible because all the forms and data for manual processing were prepared in advance. Since a general business continuity strategy is intended to manage unexpected events, many of these procedures are not universally applicable.
As Y2K was a global event, everyone was working with similar resources. Most other events will be more specific, meaning that resources might have to be found elsewhere. With Y2K, crisis management was invoked prior to the event, whereas with an unknown event it can only be invoked afterwards. This should be taken into account when designing procedures for factors such as detection, notification, invocation and escalation.
The exposures, vulnerabilities and risks arising from the millennium bug were different from those relating to an unknown event. This means that the approach to planning and the possible solutions will also be different – or at least in part.
No organization can simply adopt their Y2K contingency plan as its general business continuity strategy. However, the experience gained from Y2K will be useful in the development of such plans, at least in terms of mindset, thought processes and preparatory work, such as the documentation of process flows and updating of inventory lists.
For many years to come, any new major crisis will inevitably be compared with the event of the century. A few organizations will be ready for battle, having put to good use the knowledge they had gained. There will, however, be many who think that the Y2K phenomenon was a unique event, and the lessons they learned will quickly be forgotten. But as history shows us, those who fail to learn from experience are doomed to repeat it.
Content Provider: http://www.my-articles.com
More About Sharon Antonio: This article was first published in the International Journal of Business Continuity Management by Survive, The Business Continuity Group. |
