Business continuity and data security are firmly on the boardroom agenda, as legislators and regulators focus on risk governance, says ContinuitySA.
As a result, more attention is being paid to formulating plans that protect the business and ensure it can continue trading, no matter what happens. "But plans are just words on paper until they have been properly tested," says Jaun Harmse, senior business continuity management advisor at ContinuitySA.
"Of course, the only true test is an actual disaster, but that's really not the time to find that your crisis plan has some holes. The only prudent course is to undertake a regular crisis simulation."
According to Harmse, crisis management forms part of the overall strategy for business continuity management and has two components: the crisis management plan itself and the communications plan.
Crisis management plans detail responsibilities in the event of a crisis.
"In today's world of instant communication and overwhelming media scrutiny, the communications plan is more important than ever to help manage the impact of a disaster on a company's reputation across its stakeholder community as well as the market as a whole," says Harmse.
For example, look at the proactive communications stance that helped New York's mayor, Rudolph Giuliani, manage the media storm in the wake of the 9/11 attacks, compared with the damage caused to the BlackBerry brand by the silence of its owners, Research In Motion, in the wake of the infamous network outage in 2011. The once-proud brand has never recovered.
"Training people how to use the multiple communications channels available in a time of crisis is vital," Harmse argues. "Used properly, communication can help turn a negative event into something positive, but this is not something that can be done on the fly. Immediacy is important, and mistakes have huge ramifications."
Harmse mentions that, by their very nature, crisis plans are general because they have to cope with a wide range of possible scenarios. By contrast, the crisis simulation has to be very detailed and specific. Careful research is needed to identify a company's pain points when constructing the script for the crisis simulation, and then a third party is required to monitor what each member of the crisis team does.
He explains that, one critical success factor is the quality of the person leading the team. One needs an individual who is confident, able to deal with pressure and can delegate, somebody who can look at the situation as a whole and keep track of all the moving parts.
"Again, the only way to ascertain whether one has the right person in place is to see how he or she performs in the crisis situation."
Crisis simulation is established as part of business continuity management strategies, but, Harmse believes, it is also essential when it comes to IT continuity and physical/data security.
"Typically, many of the same people are involved in each instance, so it makes sense to see crisis simulation as a way to ensure the company's risk governance is not only in place, but actually works," he concludes.
Share
