Skills continuity should form the heart of any organisation's disaster recovery plans, says Colin Beveridge.
The horrendous railway bombings in Madrid have provoked companies to dust off their business continuity plans and think again how they might have to react if they were affected by a similar tragedy.
Heaven forbid that such an event does occur again – but the hard truth is that we now live in a world where terrorism is spreading relentlessly and can, apparently, strike wherever and whenever we least expect it.
A frightening prospect indeed, but from a hard-nosed commercial point of view, we should be taking steps to reduce our exposure to the risks we all face from the potential loss of key people with their business-critical skills and knowledge of our operations.
I have been concerned for some time that too many IT disaster recovery and business continuity plans have focused too closely on the technical and physical facilities required at the expense of the real nuggets of skills and knowledge. After all, it doesn’t matter how much we spend on contingencies for stand-by systems and buildings, we will be out of business very quickly if we don’t have precisely the right mix of people to reconstitute and operate our interrupted processes.
Which is why the recent atrocities in Madrid should make us all take a long hard look at our most precious asset, our people.
I realise that this is a much-maligned business cliché, but it is a truism that we ignore at our peril.
And yet, in my experience, the majority of us do overlook the importance of planning properly for knowledge sharing and succession. In most cases we don’t even give it a second thought.
If you don’t believe me, just sit down for 10 minutes and think what precautions your own organisation has in place for knowledge and skills continuity. How well would your business cope with a large-scale disaster, affecting a number of your key people during their journey to and from work? Not very well, I suspect.
I appreciate that not every organisation is ignoring the risks of non-work related incidents – be they man-made or natural disasters – but, for every company that is alert to the increased risks, there are dozens who are either blithely unaware of the issues, or who have consciously discounted the possibility of being personally affected.
Either way, we all make our own individual coping strategy by taking a personal view of risk probability, impact and the cost of mitigation/avoidance. In some cases, hope is the only strategy and it all depends on how much time and money you have available to address the problem.
There is an added sting in the tail that I believe very, very few people have yet recognised – it’s what I call the “Business as Usual” people risk. All of us are exposed to the BAU risk to our business continuity plans, not so much from disasters but from those routine, everyday events - such as holidays, training courses and jury service – that can take key people out of the business at critical times.
In these days of frequent reorganisation, business consolidation, outsourcing, offshoring and redundancy, more and more of our business-critical knowledge is invested in fewer and fewer individuals.
Who is really keeping track of the tremendous risk we are introducing into our organisations through this knowledge consolidation? I don’t see much evidence of it happening. I suppose it is somewhere. Or is it?
What do you think?
Does your organisation have a contingency plan in place to ensure knowledge continuity? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Colin Beveridge is an independent consultant and leading commentator on technology management issues. He can be contacted at firstname.lastname@example.org