Disruption is anywhere and everywhere. It has become a clichéd term but still gets the executive leadership and the Board of Directors excited because they want to know where the next big wave is going to come from. Every leader wants to understand if their organisation can withstand the strong winds of disruption be it social, economic or technological disruption. The world has witnessed a major social disruption during the COVID-19 pandemic, economic disruptions from the geopolitical conflicts plaguing today’s world and is currently witnessing the rise of Artificial Intelligence (AI) as a potential technological disruption. So how can leaders and organisations prepare themselves and their organisations to withstand these turbulent headwinds while delivering value to their end customers. One solution is to design, develop and enhance their business continuity planning process that considers factors influencing their business both within and outside of their industry. In this article, I outline a three-step approach to get your business there:
Step 1 – Knowing what is critical to your operations:
In the world of cybersecurity, leaders are now imbuing an ‘assume breach’ mentality which means a mindset that assumes a breach has already taken place and being prepared to execute a timely recovery back to normal business operations. For this mentality to actually work, a leader first needs to be aware of what is critical to their business operation and their dependencies. In this interconnected world, this has become increasingly challenging given the technology sprawl across the enterprise. The need of the hour is an impact analysis that identifies your business processes, resources and their interdependencies. The analysis will determine which functions are vital for the survival of the business and hence the safeguarding of the key stakeholders and technologies involved in that function. A useful tool in identifying this is to leverage process flow mapping solutions that help document your unique business functions, the business units they are a part of the functions they support today, the systems as well as teams that make the process work and the interdependencies with upstream and downstream processes. Once you have identified your critical people, processes and technologies, we then move to step 2 and formulate a plan to protect them.
Step 2 – Preparing a plan to persevere:
The importance of business continuity planning can be realised from the obsolescence of technologies such as floppy disks. The last major manufacturer of floppy disks stopped making them in 2010. The machines that rely on them – from embroidery machines to plastic molding, medical equipment to aircraft, still live on, relying on a dwindling supply of disks that will one day run out. The lifespan of some of the industrial machines that rely on floppy disks can be 30 to 40 years and many of them are only 20 years old. If you are a company in one of these industries, it means you have to upgrade to the latest technology and a significant investment of capital or having contingency plans to recover data when the machines are not functional. As an organisation, you need a well-defined and easily accessible business continuity plan that documents your key personnel, emergency responders who we will reach out to, communication protocols in the midst of an incident or disruption and the response times needed to get the business operations back to normal. Your plan should also include the necessary redundancy and response mechanisms needed to outline steps to recover during disruptions resulting from different types of incidents. This step will include deep collaboration and working relationships with your organisation’s executive leadership, business unit leaders, Board of Directors, legal and IT teams. After documenting the plan, it is imperative to finalise a testing process and calendar for your plan.
Managing Director
Optiv India.
Step 3 – Testing that plan to failure:
I would like to bring to attention the example of Netflix in how they demonstrated the concept of testing continuously and rigorously. Netflix wanted to enhance availability and reliability of its cloud infrastructure which is essential to deliver content anytime and anywhere to its customers. They had to design a cloud architecture where individual components can fail without affecting the entire system. However, they had to also constantly test their ability to survive rare failures. They built Chaos Monkey, a tool that randomly disabled production instances in the middle of a business day to learn about the weaknesses of the system and build automatic recovery mechanisms to deal with them. Based on the success of Chaos Monkey, Netflix ended up developing a virtual Simian Army to induce various kinds of failures or detect abnormal conditions. Similar to Netflix’s Simian Army, we as leaders need to test our business continuity plans continuously to maximise our chances to respond to unforeseen disruptions in an agile and streamlined manner.
In a world where change is the only constant factor, leaders and enterprises need to continuously learn and adapt to stay relevant. They need to prioritise use of their limited resources and skills to plan and test multiple scenarios in order to embrace change and thrive in the age of disruption.
