This is the view of Clifford Ferguson, chairperson of the South African BCI Forum and Government Pensions Administration Agency (GPAA) BC Committee, who says that when business continuity is top of mind, companies can deal with any eventuality.
“The problem – particularly in government departments and parastatals – is that business continuity is seen as disaster recovery. But disaster recovery is only a component of business continuity. So organisations may know how to evacuate a building or locate the disaster recovery site, but they don't necessarily know how to keep their business in full operation in the event of a problem,” he says.
Ferguson says most organisations tend to draft a business continuity plan and shelve it until they face a disaster. “Most companies don't implement their business continuity strategies properly,” he says.“A comprehensive programme needs to be put into place and be made a business culture. You need a top-down, bottom-up approach, with awareness at lower level and implementation from the top.”
Ferguson highlights his agency's experience in changing its corporate culture to focus on business continuity.
“In line with the requirements of our two major customers – the National Treasury and the Government Pensions Fund (GEPF), we had to implement a comprehensive business continuity plan. We engaged an international consultant and began training and implementation around two years ago.”
The strategy included training and BCI international certification for representative senior management, the appointment of a business continuity committee, including three Exco members, followed by the training of other practitioners. Some staff volunteers also trained as practitioners. The programme did not end with training, however. It is an ongoing project, which includes fortnightly review meetings, desktop exercises, training and awareness days, and live evacuation drills at least once every quarter.
Ferguson says, as a work in progress, the plan is constantly tweaked and revised on the feedback of emergency services and staff.
“For example, we physically move staff to our disaster recovery centre during a drill, and then ask them to report back on possible improvements after the exercise. During an evacuation drill, the emergency services will give us feedback on any problem areas.
“This is unusual – organisations or companies could have a disaster site, but not everyone moves people to test their plan on the site. We make the people own the business continuity plan. We are doing more now and cascading the plan down so every single business unit has its own plan and its own emergency box, too,” he says.
Even though the business continuity programme is relatively new, Ferguson feels the heightened awareness has already benefited the agency.
Unforeseen incidents, such as the mail server going down or the water supply being cut off for days, could previously have caused problems. However, with the new staff mindset, these problems arose recently but caused no disruptions in the agency's work, says Ferguson.
“For example, we had no water and the sanitation facilities became clogged. In a building with hundreds of staff, this was a problem. But we were well prepared, made alternative arrangements and business continued as normal – albeit with some complaints. On another occasion, we experienced power cuts, but it was business as usual. So the training paid off.”
Ferguson concludes: “Business continuity planning is critical – unexpected things can happen to anybody. All the incidents we had could have happened to anybody and we didn't know they were coming. However, just having a plan and heightened staff awareness allowed us to continue operations without a hitch when problems occurred. If something big should happen tomorrow, we would probably be prepared, and as business continuity culture improves, so will our preparedness.”
Ferguson will address the upcoming ITWeb Business Continuity 2012 Conference, at The Forum in Bryanston, on 13 November. For more information about this event, click here.
Our comments policy does not allow anonymous postings. Read the policy here