Managing and Preparing for Cyber Incidents - 7th-8th October - London

Bulletin / Is Your Business...

Is Your Business Continuity Old Skool?

Author: Charlie Maclean Bristol, Training Director, FBCI, FEPS

Charlie looks at how business continuity techniques and methodologies have evolved and why we have moved on from some of the classics.

“Tainted Love” by Soft Cell and “Love Is a Stranger” by the Eurythmics were classics in their time, but the world of music has moved on with new genres, artists and styles. In the same way, business continuity has moved on, and techniques which were cutting edge in the late 90s and noughties are now less relevant in our current, more agile, always connected and faster changing world. In this week’s bulletin I thought I would share some thoughts on the techniques and methodologies which I still see in use and were classics in their time, but the world has now moved beyond them.

1. Call Trees

For those not familiar with the concept, maybe younger members of the profession, call trees are a means of mass notification. One staff member would call several other staff members in their team in order to get the message out to all staff, such as, the BCP has been activated and staff should report to the recovery centre. The first flaw is that it is almost a full-time job keeping up-to-date with changes in staff and changing phone numbers. Secondly, if one part of the chain breaks then all staff under that person are not informed.

With mass notification systems like OnSolve and Everbridge, or those built into business continuity software, such as Catalyst, there is no need to rely on others to get the message out. One person can inform thousands of staff within minutes, they can use a number of different platforms to contact them and can have the system record that they have received the message and are acting on it. For those not paying for such systems, WhatsApp groups have replaced the call tree, alongside corporate communications platforms, such as Skype for business, Yammer or Slack. As we invariably check our phone several times an hour, it is likely that any message we receive will quickly be seen. Voice calls from unknown numbers are often left unanswered, as they are usually from PPI or “I understand you have been involved in an accident” lawyers, so calling staff is likely to be ineffective. I believe call trees are time-consuming to keep up-to-date and are ineffective as a means of communication, so if you are still using them, they should be scrapped.

2. Telephone Numbers in Plans

Within our plans, we used to keep a long list of key suppliers’ and stakeholders’ telephone numbers. Like call trees these must be kept up-to-date. Delete them! Google, if asked, knows almost every number there is and keeps them up-to-date for us. If we need to contact a particular person within an organisation, we will usually have the number on our phone already, as we need to contact them regularly. In the same way, we may have the numbers saved in our phone for staff within our own organisation and therefore don’t need to have them written into a plan. If they are a close colleague, we are likely to have their personal phone number, as well as their work one. Home telephone numbers are dying out, so there is even less need to record people’s numbers in the plan. I personally have a home number, but it is not even connected to a telephone handset. Having channels such as work emails on our personal devices or using WhatsApp and social media for both work and personal use, means that it is much more likely for messages to be seen.

3. Multi-tab BIA Spreadsheets

The days of taking two years to complete the organisation’s BIA are long gone. Even the six-month BIA is ineffective, as the organisation will change quicker than the ability to record the details within the BIA. Old skool BIAs capture lots of information, which is often inaccurate, as the people filling in the template have had a minimal amount of training, have not bought in to the concept at all and do not provide useful information which informs the recovery requirements. As long as all the multi-tabs in the spreadsheet are filled in, that’s okay. The information collected sits gathering dust with the odd revisit, until someone comes along five years later with a new template and the process is repeated.

4. Business Continuity Champions

Old skool business continuity has a vast number of business continuity champions, the majority of whom have no interest in business continuity, are usually volunteered by their boss, have limited training and muddle through doing the bare minimum in terms of work, just to make sure that their annual requirements are met. Their plans are unrealistic, vague and won’t work in reality. The only enthusiastic champions are those who are in non-time critical activities with long RTOs, who make it almost their full-time job to manage their department’s business continuity. My solution is to have a very limited number of champions, BIAs and plans, and for the Business Continuity Manager to be the one writing the plans and BIA. This way you know they will be accurate, useful and workable. The time that the business dedicates to business continuity can be used for training on incident management and exercising, which will improve their response. Time spent learning to fill in BIAs is a waste.

5. Concentration on PPRS

When teaching business continuity, the scope is defined as premises, people, resources and suppliers. Old skool practitioners stick to that remit and don’t embrace the wider threats, such as cyber, Brexit, product recall and reputational issues, amongst others. If there is a risk out there which we have the skills to mitigate, develop a response and train people on, then embrace the challenge. As businesses continuity people, we almost have to be seen to be adding value and taking responsibility for increasing the resilience of the organisation we are employed by.

Like in all professions, business continuity tools and techniques move on. Sometimes these methods come around again or are reinvented and come back in fashion - my kids are actually quite keen on my 80s music! Although I suspect most of the techniques mentioned above will not come back into fashion as they are time consuming, ineffective and have been replaced by new technologies. So, to ensure I am not considered old skool, I am off to explore Stormzy tunes!

You might be interested in the following stories

How communication technology helps meet the duty of care

BC Basics - The BIA

The Role of the Business Continuity Manager

You may be interested in the following course

BCI Incident Response and Crisis Management course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
Has the crisis communications ‘golden hour’ disappeared?

This week's bulletin has been written by guest author Victoria Cross, who suggests that the rapid growth of social media has resulted in the disappearance of the traditional ‘golden hour’.

23 August 2019

“James [McAlister] was a fantastic tutor, knowledgeable and easy to understand.”

Gary Stevenson
Student Loans Company
View further testimonials