UK business is facing several key business continuity
challenges, according torisk managementconsultancy
companyDeloitte.
These include dealing with non-physical events,
global operations,
outsourcing, technology complexity and regulatory
expectations.
"There are some real challenges still ahead and true resilience
and capability ultimately have to be measured through testing your
ability to co-ordinate your activities with others," said Rick
Cudworth, EMEA head of business continuity and resilience at
Deloitte.
He said this would be one of the key messages he plans to
communicate at next week's Business Continuity Expo in London.
It is becoming increasingly important, said Cudworth, for
organisations to be able to co-ordinate business continuity
activity with all stakeholders in the business, to do that a global
scale, and to do it for non-physical events.
According to Deloitte, most organisations fail to recognise that
non-physical events such as
data leakage can damage the organisation, and consequently do
not plan to deal with them in the same way as they do for physical
events such as fire and flood.
Global organisations typically deal with about three natural
disasters a year and frequently have to deal with minor events
almost on a weekly basis, such as power failures in Johannesburg,
fires in California and floods in the UK, but few have the
processes in place for co-ordinating decision-making throughout
their organisations.
"Setting up clear co-ordination and communication between their
teams around the world remains a challenge for many global
organisations," said Cudworth.
Outsourcing and offshoring is a challenge to business resiliency
because it is often not clear in the event of a disaster who makes
the decisions on invoking disaster recovery plans, said
Cudworth.
Deloitte has found that many organisations have gone backwards
instead of forwards in recent years in terms of IT disaster
recovery capability.
"At a time where people are looking for increased speed of
recovery and more confidence in being able to recover, fewer
organisations are able to demonstrate either," said Cudworth.
He said this had been the result of a massive increase in data,
which is impossible to recover using traditional approaches, and
the fact that many organisations are confusing systems and service
availability with disaster recovery.
"Organisations typically start building what they think is a
disaster recovery plan by looking only at recovering their critical
applications, but in a disaster, it is not about a single
application - it can be about whole datacentre, but if all the
interdependent applications have not been included, the recovery
plan will not work," said Cudworth.
Finally, as regulators and customers place organisations under
closer scrutiny, businesses are increasingly facing the challenge
demonstrating their true business continuity capability, and not
just their ability to draw up and manage a plan.
"Demonstrating true capability means that organisations have to
move from merely assessing the continuity capabilities of key
suppliers to integrating their continuity planning with those key
suppliers and then conducting testing to ensure it all works
together," said Cudworth.