We have computers to thank for teaching us the importance of business continuity planning. The real objective might be to keep the business running rather than prop up the technology, but the approach and plans largely grew out of computer fallback planning. That’s why the manuals tend to be so thick. Business continuity planning is a simple process spoilt by consultants copying manuals from other clients.
But today’s computer systems failures have a much wider impact than business processes. The consequences ripple down the supply chain affecting large numbers of customers who have grown to depend on just-in-time supplies of money, goods and transport. The problem is that unlike enterprises, consumers don’t do contingency planning. It’s understandable of course, given that nobody has encouraged them to do it.
Security and contingency planning are similar in that nobody bothers to do them unless forced to by compelling legislation or after experiencing a life-changing incident. Even with the highest levels of education, people won’t pay attention unless the perceived consequences of not doing so are personal, immediate and certain. And they’re not or rather they haven’t been in the past.
In the last few months however we’ve seen some compelling incentives for UK citizens. Major UK banks have failed to work as expected, in one case for a couple of weeks. Floods have disrupted travel. Immigration queues have caused travellers to miss connections. And the forthcoming Olympic Games threaten to bring parts of London to a standstill.
How should a citizen react? The answer is by anticipating disaster and preparing practical continuity plans. It’s nothing new, it’s just rarely practised. I have one neighbour for example with a relatively sophisticated disaster plan. We’ve been briefed in detail on how to respond to virtually any major disaster affecting their property, whether fire, flood, earthquake or theft. But this is a rare exception.
Today, every citizen should be prepared for extended bank outages, petrol shortages, power outages, travel disruptions and other major disasters. Fifty years ago many people worried about nuclear war. Today we need to worry about how to survive when ATMs and transport fail.
Earlier this year I published the first ever book (as far as I know) on business continuity planning for small and medium businesses. With this year’s hindsight, I’d admit that I probably didn’t go far enough. We now need citizen continuity plans. Because information systems and process control systems are far from foolproof and given the pressures placed by management on IT development and operations staff, they are likely to stay that way for a long, long time.