Fast development of technology as well as extreme weather events faced by organizations worldwide in the last few years have re-emphasized the importance of the business continuity management process. If only few years ago the development and implementation of business continuity plans were seen by most as a necessary evil, most often a legal requirement which did not generate anything but additional costs, now organizations have started to recognize more and more the proactive role and importance of a business continuity management program. At the end of 2011, KPMG, together with Continuity Insights magazine, launched a global survey on the status of the implementation of business continuity programs within organizations. The objective of this survey was to determine the maturity of the processes implemented by organizations worldwide (including Romania) to ensure business continuity whenever needed.
The results of the
study showed that the business continuity management processes has not only remained on the agenda of top management, but also has become more significant and aligned with recent challenges in the market, regardless of whether they are related to new technologies or a change in the way business is carried out (such as the implications of cloud computing and social media). “60% of the organizations that participated at the survey have an appropriate business continuity management program implemented” states Gheorghe Vlad, manager responsible for the business continuity services which KPMG offers its clients in Romania. “The result is not entirely satisfactory taking into consideration the events of the last few years: devastating earthquakes in Japan, New Zealand and Italy, volcano eruptions in Europe and extreme weather in the US. I believe that the number should be much higher, and that a larger number of organizations should be prepared to effectively respond in the case of a major incident that could affect their operations,” he continued.
A key aspect in defining and implementing the business continuity management processes is the identification of those triggers or business reasons that could lead to operational unavailability of every organization. From this perspective, the survey showed that organizations are paying much more attention to reputation impact than a few years ago. More specifically, while four years ago only 14% of the participants in the survey stated that impact on reputation was one of the reasons they decided to implement a business continuity program, currently almost 40% have said that reputation is one of the key reasons for deploying the program. In addition, in line with the results of the previous survey, ensuring operational continuity, as well as the legal requirements or the recommendations received following external or internal audits remain the main reasons why organizations are developing and implementing business continuity management programs. “This increase is not random at all” continues Gheorghe Vlad. “The fast development of social media has and will continue to have a significant impact on the way organizations are doing business. More and more companies have become active on social networks and consequently news about these organizations is travelling more rapidly. Most likely, an incident that could affect the capability of a company to do business will be made public more quickly than it would have been a few years ago and consequently the reputation of the organization will be more affected”.
A surprising result of the study is that not less than 40% of the participants stated that they do not know how much of their company data is stored in cloud computing systems, although an increasing number of organizations are using or intend to move a part of their information systems into the Cloud. “A lack of comprehensive information about how and where their data is stored, exposes organizations to the risk of business continuity planning failure from the very early phases of the program” says Gheorghe Vlad. “Organizations do not collect and consequently do not have relevant data about the impact an undesired event could have on their business and consequently the sizing of the preparation effort is not adequate. This often leads to significant investments in the business continuity management program which are not necessarily justified by business reasons” he continues.
Although moving information systems into the Cloud has its benefits (both from an operational point of view as well as from the point of view of reducing the risks of unavailability of information systems), organizations face an additional problem when it comes to their business continuity management program: integrating their own business continuity plans with those of the cloud computing services supplier. The KPMG and Continuity Insights survey shows that the degree of integration is still low. Less than a third of participants said they had a high degree of integration of their plans with those of their suppliers (i.e. suppliers which they depend on to do business).
Another important topic the KPMG study emphasized was the way organizations are considering the new challenges of the market, more specifically mobile applications and social media. “With an increased number of mobile applications and/ or social media users, organizations are pushed to change the way they think and do business and this is consequently reflected in the preparations they are making for unexpected situations. Over 40% of participants in the survey stated that they use mobile applications and a large proportion of these have a disaster recovery plan for them,” states Mihai Rada, Technology, Media and Telecommunications Director at KPMG in Romania. “Also, an increasing number of organizations (almost 18%) have included aspects related to social media in their own business continuity plans. Although social networks raise additional risks (as shown at the beginning of this article), they can be useful tools in extreme situations, when for instance, communication with employees following an incident that has caused disruption to business will be the key element in the effort to resume business” he continues.
As Mihai Rada concludes: “Overall, the survey shows that the business continuity management process is developing continuously and becoming more and more a key discipline that adapts to changing market trends and threats generated by the technological progress. The business continuity management program must remain permanently on the agenda of each organization. It must be tested and updated periodically to ensure that its objectives (i.e. to ensure business continuity) will continue to be successfully achieved.”