No Disaster is Too Large to Plan For

With Business Continuity at the forefront of my mind, I was interested to read that Bruce Schneier’s recent comments on pandemic planning had attracted some criticism from journalists and analysts. Surprisingly, he suggests that it “really isn’t the sort of disaster worth planning for”, i.e. because the scope of the disaster would be so large, that business continunity planning would be ineffective. He believes that “the proper place for bird flu planning is at the government level…real disasters don’t exactly match our plans, and we are best served by a bunch of generic disaster plans and a smart flexible organization that can deal with anything”. It’s an interesting view and he’s right to some extent, in that it’s often better to focus on good response skills, rather than prescriptive plans. But not every crisis is the same. And many, like an Avian Flu pandemic or a London flood, require considerable advance planning.

Planning for a pandemic requires a detailed analysis of the vulnerability of critical business processes, supply chains and essential services. Organisations need to single out key staff required to support critical business processes and take appropriate steps to enable them to carry on working as long as possible through the crisis. They should assess the vulnerability of suppliers and outsourced services, and identify whether changes are required in business strategy or operations. They should consider the impact on IT services, especially communications, and assess whether they should extend or upgrade home working capabilities. They should consider office layouts that reduce the spreading of germs. They should consider the impact on the future business environment and adjust their investments accordingly. And of course they will need to prepare the HR function for dealing with large numbers of absent personnel, some of whom might not return. Pandemic planning is a big job, and it shouldn’t be dismissed lightly.

Schneier and others are also wrong in suggesting that business organisations shouldn’t bother planning for huge catastrophes, such as nuclear wars. In my view, you can and you should. The Shell Group, for example, managed to operate through many conventional wars, such as Biafra. They also prepared themselves for a Cold War conflict by maintaining secure, remote, archive sites in separate hemispheres. Good crisis planning is about addressing the unthinkable. That’s how you ensure the long-term survival of your organisation.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close