Articles

Back

Business Continuity Planning: The Good, the Bad and the downright Ugly

What is BCP?

Business Continuity Planning (BCP) is commonly defined as “…the process of creating systems of prevention and recovery to deal with potential threats to a company”. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. BCP is a subset of risk-management and deals with your organisation’s resilience to function in the face of adversity.

The approach is common practice for major global companies across a variety of sectors – especially in the IT sector, financial institutions and companies that manage a complex network of supply chains and data or hospitality organisations such as Four Seasons Hotels or Marriott International – they all have  a range of diverse BCPs in place, national or regional risk management committees etc. But, how does this relate to the real estate industry? Do all the managed buildings for PRS or B2R follow the same best practises?

Are you ready?

In view of the global CORVID-19 crisis, how does the resilience planning and preparation in PRS/B2R sector feature, how well is your organisation prepared to deal with this threat – on local level as well across your organisation? What have you done to pre-plan for your staff and customers to continue to enjoy a safe environment when faced with adverse and dangerous situations – are you prepared or helpless?

Let us have a closer look at what is the importance of BCP and what are you potentially missing out on? As the threats can change based on your location there is not a one-fits-all approach, but you can start thinking about what could go wrong and start the process. The most frequent disruptors for your business are the obvious ones:

Cyber attack Random failure of mission-critical systems
Data corruption Sabotage (insider or external threat)
Earthquake Single point dependency
Epidemic Supplier failure
Fire Telecomms outage
Flood Terrorism/Piracy
Hurricane or other major storm Theft (insider or external threat, vital information or material)
IT outage War/civil disorder
Power outage Water outage (supply interruption, contamination)

Whilst some of the above might not immediately jump out, think across your organisation – do you have assets that could be impacted by earthquakes or floods? For example, recent meteorological events in the UK suggest that flooding and strong winds will become more and more a two to four year reoccurrence – irrespective of you believing  in global warming or not – your organisation faces a real threat with reputational and financial consequences.

Or think of 2011 – civil unrest in most parts of England following the death of Mark Duggan – did you think it possible that your business is interrupted by riots?

The crucial element in BCP is to maintain fluid in your planning approach – as life changes all the time, so does needs your planning – the need to remain agile in the heart of your preparations is paramount; to counter-act all possible changes, regular and meaningful reviews as well as training are part of it, similar to a targeted procurement plan for first hour responses (flashlights, blankets, high-viz clothing etc.)

If your business has a BCP framework, you will typically have an annual or 6-month cycle of “BCP maintenance” for each of the scenarios:

  1. Confirmation that all the information in the manual is valid (such as addresses, phone numbers, processes etc.) and training across the organisation/business unit to staff or critical individuals is done – and documented
  2. Testing and verification of your solutions to the threats and mitigation measures
  3. Testing and verification of the recovery operations of your organisation

Any deviation / change to the original process must be analysed, documented and implemented. This part is vital to ensure that your BCP is a “living and active” document and not a painful corporate initiative that is relegated to the bottom shelf as soon as possible, in order to tick a box or to make time for more pressing issues.

The Business Continuity Management Cycle

The Good

A good organisation would have a range of scenarios identified as threat to the business, complete with the appropriate measures to bounce back in due course. Plans are implemented and trained throughout the business and rehearsed, re-trained and re-calibrated at least once a year to guarantee functionality. In case of a scenario the planned response is initiated without delay and struggle, the entire organisation is pulling in one direction to prevent a major loss for the business.

The Bad

The bad way is having some sort of plan in the beginning, but over time this is not made a priority and therefore most of the content is outdated and obsolete. In case of adversity the organisation is depending on few individuals that are alert and in key positions to “muddle through” the crisis, whilst accepting that there will be a felt impact on the business – be because of financial loss, damage of goods and installations etc.

The Ugly

The ugly scenario is – well, you guessed it: there is no BCP planning, your employees are not trained and are likely to panic and your fate hinges on the luck of having a few individuals that may keep things together until the crisis is over. You can assume greater financial losses, loss of reputation- and in the worst-case, severe damage to your business and/or loss of life of team members or customers. I don’t think that in today’s environment you can let chance decide about your business’s reputation and survival by not having a planned resilience approach.

I have worked on several BCP projects – specifically for hotels and residences. Being IOSH[1] trained, I am fully qualified to write risk assessments. I am very familiar with the creation of BCPs and can assist your business with the planning of your specific threat mitigation processes. My hospitality experience combined with property management knowledge enable me to adopt a very varied approach to your organisation’s requirements.

Contact me for a review / assessment of your set-up and processes and find out how I can help you secure a more risk aware future for your team, your customers and your business.


[1] IOSH: Institution of Occupational Safety and Health