Co-author: Pranay Prakash
Business continuity management (BCM) for organizations generally has taken a back seat due to the notion that organizations are foolproof and safeguarded at all times and things can never go wrong. However, due to the evolving & complex nature of businesses in the 21st Century, as well as factors such as diversification of businesses and faster adoption of new technologies such as Cloud, IoT, and Digital - IT environments have become increasingly heterogeneous. It becomes absolutely imperative to have a robust business continuity management charter as the sustenance pillar in the event of the unforeseen. It’s not about “When disaster strikes, what should I do?” but “When disaster strikes, I know what I have to do.”
A Glance into BCM History
Business Continuity Management started with the desire to deal with the impact of natural disasters, be it earthquakes, hurricanes, and floods, in the 1970s in countries like Japan and New Zealand.
As we entered the ’80s and technological advancements started defining market trends at a rapid pace, government bodies across the globe realized the importance of BCM. The USA introduced the first regulation in the business continuity management space with the Expedited Funds Availability Act.
The dawn of the new millennium brought about the year 2000 problem, also known as Y2K, which affected business dependent on IT, most importantly the banking sector. This highlighted the need to prioritize as well as evolve business impact analysis to proactively mitigate risks during disaster and acceptance for the need to have contingency plans in place.
The key inflection point which reinforced the need for a robust business continuity was the terrorist attack on the World Trade Center which took several successful businesses out of the mainstream. Similarly, over a period of time, other threats like pandemic attacks, e.g., bird flu in 2005, swine flu in 2009, extreme weather conditions like the hurricanes in 2005, and superstorm Sandy in 2012 started disrupting businesses.
In the modern era, new threats like cyberattacks have stalled organizational services and businesses. This led to the inclusion of these new-age threats under the business continuity management system umbrella, emphasizing that these risk scenarios should be addressed to avoid any disruption in service continuity, providing uninterrupted and consistent user experience.
Global regulations and standards, be it GDPR, SOX, HIPAA, ISO 27001, NIST etc., categorically mentions business continuity and disaster recovery as a must-have. More than 120 such regulations, standards, and good practices across the globe highlight the need for business continuity which goes way beyond simple compliance measures.
Just About Right: Largely Reactive
Traditionally, business continuity has always been a reactive measure to a disaster. Most organizations still tend to follow business continuity processes just to fulfill legal or regulatory compliance requirements, without taking due cognizance of real risks. This essentially leads to the superficial readiness of organizations’ capability to respond and recover from unwarranted events when they happen.
Even organizations which take business continuity seriously are, at times, not able to set their priorities right. They tend to focus too much on the IT part of it rather than an integrated approach that takes every component into consideration and work from a strategic standpoint rather than just at an operational level. There has been too much focus on fulfillment of compliance requirements in order to avoid penalties which takes away the key essence of a business continuity management system.
Doing it right – Being Proactive
The way globalization and technology have penetrated every layer of business, it of utmost importance that organizations must now have BCM solutions at the center of their business strategy — driven by a proactive approach that should be applied to attain the right degree of alignment of business continuity activities with the overall business objectives.
Be proactive - Don’t wait for a disaster to ruin your business. Plan well in advance and study all applicable threats to your business be it people, processes, facilities, or critical organizational assets.
Move away from silos – Various departments, functions, or facilities in an organization follow different business continuity strategies that are completely out of line from the overall organizational objectives. Organizations’ business continuity program should be aligned with the overall business objective and should cascade down all levels across the organization.
Beyond compliance - BCM should be implemented and followed to ensure the business is capable of handling any major widespread incident or disaster and is not implemented just for compliance requirements. It should be continuously tested and drills should happen frequently to check its effectiveness and readiness of organizations sustenance.
Leveraging automation - The evolution of new-age technologies and automation helps in real-time control and management of overall BCM programs. It helps in areas such as performing risk assessment, business impact analysis, or conducting a recovery test and helps in reducing manpower and cost.
At HCL, we offer robust BCM solutions for our clients with the spectrum of services covering end-to-end horizon, across advisory to technical disaster recovery management. Our expertise in executing and managing large infrastructure operations and application development for our clients globally has helped us draw insight over the years which in turn have helped us create robust BCM solution and services that amalgamate seamlessly with the client’s overall business objective. We are continuously abreast with newer automation technologies in the BCM arena and have a dedicated center of excellence.
Undoubtedly, there has been a radical shift in business continuity management from largely being reactive to proactive from an adoption standpoint. A greater degree of sensitization has been seen among mature organizations where they ensure, as well as focus on, a robust BCM program. BCM as a function has gone from being a mere tick in the box to being the fallback pillar which empowers organizations for continued sustenance.