Business Continuity or Bust

Business is inherently risky and many of us thrive on risks associated with starting, running and growing a business.  New staff, new customers and new products are all inherently risky: these are the risks we seek.

However, there are risks that we don’t seek, risks we need to plan for, and those we want to positively avoid.  We need to ensure that businesses can plan its future and mitigate any risks to ensure its survival.

These risks come in many different shapes and sizes and after a number of major, if not spectacular, bank and company failures, these risks are usually discussed under the rather academic banners of “business continuity” or “corporate governance”.

Recent research by the Business Continuity Institute examined the impact on the UK economy from disruptions caused by everything from IT outages to bad weather and supply chain problems.  It found that 40% of organisations in the UK suffered from at least one disruption and estimated the cost of downtime at £11.1bn.

Additionally, other reports, particularly the Turnbull report, suggest that organisations need a system for identifying and assessing risks not directly associated with the management of the business but which, with the right (or wrong) environment, could damage the business or cause it lasting harm.

Mark Woods of Statius commented “….even in the good times, problems of this nature hurt …. in the current climate they can and will be the difference between survival and failure”.

This is an evolving area for management systems and there are a number of standards which set out good practice and can be used as a checklist against which organisational processes can be tested.  The information security management standard ISO 27001 focuses, as its name suggests, on IT.  There is also another standard, ISO 25999, which takes a broader view of business continuity management.