Business continuity will win IT a place in the boardroom. Ross
Bentley talks to an expert about how the events of 11 September
earned it a place at the heart of long-term strategic
planning
Since 11 September, business continuity has been back on the
agenda. Jim Burtles has also been in demand because if you want to
talk business continuity then you need to strike up a conversation
with someone like him.
He has been involved at the sharp end of business continuity since
the concept evolved. In 1980 he was one of only two disaster
recovery experts in the whole of IBM worldwide; in 1988 he became a
founder member of the UK's first specialist business continuity
company, Survive. He is also a fellow of the professional body, the
Business Continuity Institute (
www.thebci.org/).
In the wake of the terrorist attacks in the US many companies
perceive an increased risk in two areas, he says. "There is a fear
of traditional terrorism and a new angst about biological warfare.
Poisons in the water supply and viruses in the post are difficult
to detect and easy to carry. Suicide bombers are a new concern. As
companies become more global and distributed they become more of a
target - we are packaging our businesses ready for attack."
The events of 11 September may have been seen by opportunists as "a
good day to bury bad news", but the business continuity industry
has also been accused of trying to reap a grim harvest from the
dreadful events. It is an accusation Burtles has heard before and
one that he denies.
"We are not ambulance-chasers," he says. "Incidents like these
serve to act as a wake-up call for many organisations, although the
sheer scale of it was so great that many companies think it won't
happen to them."
Burtles saw that attitude prevail after the IRA Commercial Union
bomb in London in 1987. People thought it was a one-off and only
took business continuity seriously following a second explosion on
Bishopsgate a year later. "But even then people were really only on
the alert for about four years," says Burtles. "That's what happens
with business continuity - it progresses in little steps."
This progress has manifested itself in the concept of business
continuity growing beyond the boundaries of IT.
"In the late 1970s we called it 'disaster recovery' and we talked
about how we would recover the central IT system in the case of a
calamity," says Burtles. "The early 1980s saw the terminology
change to 'contingency planning', which referred to the recovery of
IT, not just for the IT department but for the users as well.
"The term 'business continuity' came into use in about 1986 and
means the recovery of the whole business operation." In this way
the changing face of business continuity mirrors the changing role
of IT and its integration into the rest of the business. "We have
expanded our universe," says Burtles.
This trend, he says, also puts IT in an ideal position to drive a
business continuity agenda through the organisation.
"Where does continuity start? In IT, of course. It is the brains of
the business. IT people are always fixing things - they are
project-oriented and forever looking over the horizon - planning
what to do if all goes wrong."
Burtles says that because of the relative immaturity of the
business continuity arena most companies do not have anyone
dedicated to business continuity. And here lies a great opportunity
for IT to gain influence with the rest of the business.
"IT is the keyholder of business continuity - it should grab that
responsibility and run with it. It will mean thinking beyond the
remit of IT and spotting the business continuity gaps in other
parts of the business. But if you want to be a big boy you have to
see the business as a whole."
Burtles says that ultimately it does not have to be someone from IT
who carries out the practical tasks of putting non-IT business
continuity plans in place. "But it can be you who goes to the board
with recommendations, options and budgets.
"In today's organisations there are not many places that IT can go
to get extra gravitas. But taking responsibility for protecting the
whole of the business is a realistic addition to the IT portfolio,"
says Burtles. "And with that role IT can become the lord of the
empire."
Routine failures pose bigger risk
Although terrorism
has been high on the agenda, most business continuity problems
result from more mundane occurrences. Problems are often caused by
multiples of these, where one problem will trigger a domino effect
collapse.
- Engineering failures - oversights in systems testing
- Hardware and software failures - technology is complex
- Power cuts - on average these happen six times a year
- Fires
- Flooding - burst water mains, adverse weather conditions, or in
the aftermath of fire
- Internal strife - industrial action or sabotage and
vandalism
.
Jim Burtles was speaking at the annual conference of The
Infrastructure Forum earlier this month.www.tif.org/