Since 11 September, business continuity has been back on the agenda. Jim Burtles has also been in demand because if you want to talk business continuity then you need to strike up a conversation with someone like him.
He has been involved at the sharp end of business continuity since the concept evolved. In 1980 he was one of only two disaster recovery experts in the whole of IBM worldwide; in 1988 he became a founder member of the UK's first specialist business continuity company, Survive. He is also a fellow of the professional body, the Business Continuity Institute ( www.thebci.org/).
In the wake of the terrorist attacks in the US many companies perceive an increased risk in two areas, he says. "There is a fear of traditional terrorism and a new angst about biological warfare. Poisons in the water supply and viruses in the post are difficult to detect and easy to carry. Suicide bombers are a new concern. As companies become more global and distributed they become more of a target - we are packaging our businesses ready for attack."
The events of 11 September may have been seen by opportunists as "a good day to bury bad news", but the business continuity industry has also been accused of trying to reap a grim harvest from the dreadful events. It is an accusation Burtles has heard before and one that he denies.
"We are not ambulance-chasers," he says. "Incidents like these serve to act as a wake-up call for many organisations, although the sheer scale of it was so great that many companies think it won't happen to them."
Burtles saw that attitude prevail after the IRA Commercial Union bomb in London in 1987. People thought it was a one-off and only took business continuity seriously following a second explosion on Bishopsgate a year later. "But even then people were really only on the alert for about four years," says Burtles. "That's what happens with business continuity - it progresses in little steps."
This progress has manifested itself in the concept of business continuity growing beyond the boundaries of IT.
"In the late 1970s we called it 'disaster recovery' and we talked about how we would recover the central IT system in the case of a calamity," says Burtles. "The early 1980s saw the terminology change to 'contingency planning', which referred to the recovery of IT, not just for the IT department but for the users as well.
"The term 'business continuity' came into use in about 1986 and means the recovery of the whole business operation." In this way the changing face of business continuity mirrors the changing role of IT and its integration into the rest of the business. "We have expanded our universe," says Burtles.
This trend, he says, also puts IT in an ideal position to drive a business continuity agenda through the organisation.
"Where does continuity start? In IT, of course. It is the brains of the business. IT people are always fixing things - they are project-oriented and forever looking over the horizon - planning what to do if all goes wrong."
Burtles says that because of the relative immaturity of the business continuity arena most companies do not have anyone dedicated to business continuity. And here lies a great opportunity for IT to gain influence with the rest of the business.
"IT is the keyholder of business continuity - it should grab that responsibility and run with it. It will mean thinking beyond the remit of IT and spotting the business continuity gaps in other parts of the business. But if you want to be a big boy you have to see the business as a whole."
Burtles says that ultimately it does not have to be someone from IT who carries out the practical tasks of putting non-IT business continuity plans in place. "But it can be you who goes to the board with recommendations, options and budgets.
"In today's organisations there are not many places that IT can go to get extra gravitas. But taking responsibility for protecting the whole of the business is a realistic addition to the IT portfolio," says Burtles. "And with that role IT can become the lord of the empire."
Routine failures pose bigger risk
Although terrorism has been high on the agenda, most business continuity problems result from more mundane occurrences. Problems are often caused by multiples of these, where one problem will trigger a domino effect collapse.
- Engineering failures - oversights in systems testing
- Hardware and software failures - technology is complex
- Power cuts - on average these happen six times a year
- Flooding - burst water mains, adverse weather conditions, or in the aftermath of fire
- Internal strife - industrial action or sabotage and vandalism
Jim Burtles was speaking at the annual conference of The Infrastructure Forum earlier this month.