The title of a book and a theory articulated by author Nassim Nicholas Taleb, a Black Swan is an event or situation that adversely affects an organization or its customer base on a major scale that could not have been predicted. Nassim Nicholas Taleb himself defines a black swan as an incident, such as a moment in history or an invention that is a genuine outlier. For example, no one could have predicted or mitigated against the ramifications of the invention of the World Wide Web. This is because, in his words, nothing in our collective past could have signaled or prepared us for this potential future. As such it has become a very prominent theory and term within the business continuity planning community.
Business continuity is how an organization continues to perform following a serious incident, such as an IT failure, a meteorological event or a sustained risk to public health. Therefore, business continuity represents an organization’s tactical and strategic capability to identify and plan for any negative impact and mitigate against any potential risk to Business As Usual. Business continuity means having a plan in place that will assure the organization can continue operating at an agreed performance level following a disruption.
Business Continuity Management
Business continuity management is how a company knows what steps to take when faced with disruption. It’s an all-encompassing approach to managing and identifying potential threats and understanding and accounting for any material impact these threats will have on the company’s day-to-day operations. A key element of this discipline is developing an environment where responses to or reliance against these threats can live and be accessed if and when necessary.
Business Continuity Plan (BCP)
A BCP is a clearly articulated set of steps to take and procedures to follow in the event of disruption to ensure a business has the greatest opportunity to recover and continue operating to an agreed level of performance.
Business Continuity Strategy
The Business Continuity Strategy is a key element of Business Continuity Management. Undertaken at the planning phase once a Business Impact Analysis has been conducted it draws upon expertise from across an enterprise to understand how any potential risk or event could have an impact on individual operations and functions and the course of action necessary to mitigate any negative impact.
Business Impact Analysis (BIA)
A BIA is the process of assessing, measuring and understanding how an event – whether foreseeable or unforeseeable – would affect different aspects of an organization and their ability to operate at an acceptable level.
For Business Continuity purposes a Business Interruption is defined as any event that can change the normal course of operations for a business at any of its offices or locations, be it something unforeseen such as a loss of power or something that arrives with prior warning such as severe weather, a protest, a pandemic or industrial action.
A potential situation – internal or external – that if it became a reality would expose an organization to danger in terms of its ability to meet service-level agreements (SLAs), key performance indicators (KPIs) or any other pre-agreed client performance measure.
Disaster Recovery (DR)
Disaster recovery is the sum of the steps taken to get an organization’s mission critical systems and operations, such as IT infrastructure, for example, back online and functioning properly after a disaster. Although a crucial element of business continuity, disaster recovery is not the same thing as business continuity. Whereas disaster recovery is about getting things back online and running again as soon as possible following an interruption business continuity is more holistic in that it should be focused on keeping the business functioning while the disaster recovery plan is activated.
Disaster Recovery Plan (DRP)
The clearly articulated set of steps to take and procedures to follow in the event of a disruption so that mission-critical operations and systems can be brought back online as quickly as possible. In an increasingly digital world these steps and processes will be focused mainly on a company’s technology – its IT infrastructure, data centers and data protection.
To be resilient is to accept and endure disruption. So in terms of Business Continuity it’s about understanding not simply how well a business can weather a storm but also how well prepared it is for a sudden change.
If something is described as pandemic it has affected an entire country and then spread to other regions throughout the world. If, for example, the term is to be applied to a disease, the World Health Organization states that a new illness has affected people around the entire world. The definition should not be confused with epidemic or with endemic. If an illness is described as epidemic it is because it is spreading throughout a given population in an abnormally quick space of time. Whereas if an illness is endemic the levels of infection can be high, but are at the levels that are normally observed and monitored – such as for chicken pox or influenza example. A pandemic does not, however, mean the illness has mutated or changed its behavioral pattern.
When applied to a disease, epidemic refers to the speed at which people within a given community contract an illness. According to the World Health Organization for an illness to be declared epidemic, it has to have impacted a large number of people In a short space of time. So, with an illness like meningitis, if 15 cases per 100,000 residents were reported every seven days then the outbreak would be deemed an epidemic.
If an illness, infection or disease is described as endemic, it is because that particular condition is behaving normally. In other words it is following forecasted infection rates. The common cold, the flu, chicken pox and even measles are endemic in that they have a constant baseline in terms of infection. This baseline could be 1% of a given population or it could be zero (due to vaccination). When those figures change, so do definitions.
Coronavirus disease 2019 (COVID-19) (also known as Wuhan Novel Coronavirus) is an infectious disease caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2), a virus closely related to the SARS virus.
Social distancing is a proven method of keeping sick or infected people far enough from others in a community or environment, such as the workplace, to minimize the possibility that an illness spreads. In practical terms social distancing can range from maintaining a distance of 1-2 meters from others in the immediate vicinity to enacting and following quarantine or reduced mobility procedures as prescribed by a local or national government.
What is the potential impact on business during an outbreak?
When it comes to an outbreak, the impact on business could range from minimal to severe. The virus has so far affected countries that represent 40% of the global economy and it doesn’t show signs of slowing down. Yet, even though this is an unprecedented event, what is already apparent is those organizations with a clear Business Continuity Plan recognize the vital role their people – rather than just their systems or IT infrastructure – play in driving business resilience. These are the businesses best placed to maintain operations at an acceptable level and mitigate impact.
How do I know if my Business Continuity Plan will work?
Unlike other risks, disruptions or interruptions, this situation is unique in that it impacts your people, your customers, the physical locations from which organizations operate and the infrastructure, from health provision to transport services, that underpin the economy. Therefore traditional BCPs might not factor in the length of time an organization will be operating at a lower, yet predetermined and tested level of performance.
How do I mitigate the risks of coronavirus?
Your organization needs to never lose sight of the fact its people are its most important asset and that this is a threat to their health as well as to their role within the company. Therefore it’s imperative that you open clear channels of communication and use them to keep your people informed of everything you are doing to protect their health, and every step they can take to protect themselves. Crucially, this needs to be personalized, omnichannel and in real-time. Most workforces are now multigenerational and each generation has a language and channel of choice. For example, at Sitel Group we have been using social media channels as well as email, direct mail and site-specific messaging to keep our people educated, informed and safe.
What’s more, you need to remember a channel is for dialogue not a monologue. You must be active in responding to your people’s questions, providing support and guidance and reassurance, whether it’s to someone worried about contracting the illness or someone who is already self isolating and feeling lonely because they’re away from their colleagues.
What is Business Continuity Management?
In order to meet the universally recognized ISO 22301 standard, Business Continuity Management must integrate the disciplines of Emergency Response, Crisis Management, Disaster Recovery and Business Continuity. Furthermore, it must represent the sum of the management processes that identify potential threats and their impacts to business operations, and provide a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
What is a business continuity plan?
A business continuity plan is the steps an organization must take and the procedures it will need to follow to maintain operations in the face of a disruption, disaster or unforeseen occurrence, such as a freak weather system or a pandemic like the coronavirus.
How much time does it take to implement a business continuity system?
A business continuity system is a living, breathing set of documents and processes. It should be updated constantly based on lessons learned from risks that have become a reality and from new threats that have started to materialize. Therefore, there should be no fixed timeframe. However, with expert guidance, it is more than possible to create a framework for an initial business continuity plan based on the systems, talents and safeguards an organization already has in place.
Is there an international standard for BCM?
ISO 22301 is currently the globally recognized standard for Business Continuity Management. Though last updated in 2012, it still represents the clearest way for an organization of any size to demonstrate independently that it has taken and continues to take every step possible to mitigate the associated impacts of a disruption, whether foreseen or unpredictable. Find more information about the ISO standard here.
What is the difference between BCM and disaster recovery?
Disaster recovery is focused on getting things back online and running again as soon as possible following an interruption. Business continuity management is more holistic. A clear BCM plan will give an organization the tools and processes to keep the organization functioning during an incident or disaster while the disaster recovery process is in action.