The Benefit of Foresight
Managing the impacts of the 'pingdemic'
Daily reports tell of increasing numbers of people having to self-isolate because of the so called ‘pingdemic’. Organisations across every sector are left making hard decisions to fully or partially close down operations because of staff shortages, thereby reducing availability of essential goods and services.
The combined forces of pandemic, Brexit and shipping delays mean supply chains are disrupted for the same reason with soaring costs.
As we move out of pandemic incident response mode and progress to recovery, this is when business continuity really proves its worth. Whilst possibly it was unforeseen that this shortage of staff and supplies would be an outcome of the pandemic, rather than working in reactive mode and trying to make decisions “on the hoof”, this situation is just one of the resource loss scenarios that business continuity planning is there to support and should have been built into plans accordingly. If you haven’t already done this, now is the time.
Preparation is key
Well prepared organisations already know the minimum people, skills and supplier services required to perform their critical activities and have defined triggers and milestones for moving to different operating modes.
They will have identified their pinch points and implemented risk mitigation and contingency measures to ensure that these are addressed for their most critical activities. This may involve cross training, documenting procedures, reallocation of resources, contingency supply arrangements, and numerous other options.
Every business should have their critical activities defined and against each of these have mapped their minimum personnel requirements over time (e.g. 1 day, 3 days, 1 week, 2 weeks, 4 weeks) – this can be expressed in number, percentage, skills or other forms suitable for the type of organisation, facility, or activity.
For each critical activity, operating modes should be defined, for example: normal operations, reduced operations, critical activity and shutdown modes. Minimum manning, critical suppliers, and other key resource requirements can be allocated to each of these modes.
Ideally this type of planning should be undertaken before the resource loss event has occurred because pre-incident actions may be needed to address any gaps between “required” versus “achievable” based on feasible worst case scenarios, taking account of potential lead times.
Response Procedures
Response procedures should also be drafted. Better planning always reduces the need to adopt fire-fighting mode and ensures a more proactive and effective response. It’s not rocket science, Teed’s consultants have been working with clients since 1999 to ensure that they will be in control and continue essential operations in the event of resource loss incidents.
The complexities of the past eighteen months have thrown up a myriad of reactions by governments and organisations alike. All should be thinking through the “what-ifs?” every time a different phase, new system or procedure is implemented, including how to adapt Covid secure requirements and guidance, as we move through the final stages of recovery. When “bumps in the road” arise, it is much easier to refer to pre-prepared protocols rather than “hoping for the best”. Critical industries, sectors, and infrastructure should be clearly defined and considered alongside all the potential challenges that may be faced.
Other threats have not gone away
Many organisations have suspended their annual business continuity exercises during 2020 and 2021 as they are already responding to the pandemic incident, thinking that this in itself constitutes an almost perpetual exercise. Whilst this approach is understandable, in hindsight not ideal.
Other threats have not gone away and there may well still be some unexpected surprises to come before we get back to business as usual mode. A prime and very real example, is the cyber security threat; an increased focus on testing and exercising the response to cyber security incidents is paramount, due to several factors coming together thereby increasing the associated risks:
· More dependence on technology availability due to lockdowns and contingency measures being adopted
· Less understanding and adherence to security controls by homeworkers
· More cyber attacks are happening because exposures and opportunities are being exploited by criminals
· More demanding customers and stakeholders seeking evidence business can still stand up when ‘under attack’ – there is no longer any excuse for not having effective business continuity plans and strategies in place.
It is not just the security/technical response, containment, assessment, and recovery capabilities that should be tested. It is imperative that the overall incident management and business continuity responsibilities, and activities, are clearly defined and regularly exercised to allow the consequences and workarounds to be managed effectively.
Contingency Mode
Contingency modes should be documented and exercised for the most critical activities to deal with a security incident that leads to an extended unavailability of IT services and data. Measures need to be put in place to ensure executives are never put in a position where they need to consider paying a ransom demanded by cyber criminals.
Looking on the bright side, many lessons have been learned during the Covid response and everyone should now be adapting their incident management and business continuity protocols accordingly.
Teed’s tried and tested business continuity methodology and consultants are available to support this process which will allow the most well-prepared managers, executives and ministers to sleep soundly at night, knowing that they are ready, willing and able to deal with future disruptions, whatever form these might take.
We can manage your planning project within your budget and timescales, freeing up your time-pressured staff to get on with their day jobs.
Please get in touch with David Teed, david@teed.co.uk / 01786 406370.
- Date: 27th July 2021