In 2013 we will continue to see a shift in the way business continuity (BC) and disaster recovery (DR) professionals view and approach their roles. As our industry moves forward we will eventually see two types of practitioners emerge: risk managers and outage planners.
Risk managers will learn so much about their organizations that some will be groomed for a much bigger role, possibly in the C-suite.
Outage planners have an important role, but with a different perspective. These practitioners will continue to focus on reacting to the outages and planning the recovery process, adapting the trends along the way. Outage planners certainly provide a critical and needed role, but, in my opinion, have a different long-term impact and opportunity in the organization.
I think there are four trends that need to be watched:
- The shift to continuity risk management.
- The evolution to externally based services -- the supply chain.
- The impact of social media technologies and adoptions.
- The continuing shift toward resiliency.
Let’s look at the implications of these four trends at a high level.
The Shift To Continuity Risk Management
The shift to continuity risk management, which is already in motion, will be driven by the less obvious, more likely and significant risks in the broader ecosystem on which an organization depends. Attention must focus on non-data center assets including public infrastructure, service providers, business offices, factories, logistics and human assets.
Continuity risk management is all about understanding what the risks are to the organization and then deciding how to accept, manage, mitigate or assign the risk. It is about prioritizing the risks so that the attention of planners can be focused on the next most important thing to address. Why spend time developing plans for a building outage if a manufacturing plant outage could cripple your revenue and profits in a much shorter and more identifiable timeframe.
This trend calls for new and innovative approaches to risk identification, essentially re-working the whole business impact analysis (BIA) process.
Risk managers will evolve their focus to understand and help to manage risks, prioritizing them to lessen the impact on the organization.
Outage planners will engineer and execute the required tasks to respond to the unmitigated risks, should they occur.
The Continuing Evolution To Externally Based Services -- The Supply Chain
Some, but certainly not all organizations will operate entirely in the cloud with IT delivered as a service. Similarly, other back office processes like payroll, human resources, telemarketing, customer services and legal will continue to be outsourced to external organizations. The shift from internal to external provisioning brings with it a bevy of benefits and savings, but also dramatically shifts the risk from something internally controlled to something out of our control.
So, you can see that supply chain continuity is an issue all of us have to address in one form or another. There are many different ways to approach the issue, but the end result should be the same and should answer the following questions:
- Do I know who all of my suppliers are?
- Do I understand the impact on my business if a supplier were to go out of business or be disabled for a significant period of time?
- Do I understand which suppliers are single- or sole-source suppliers, meaning that you don’t have a readily available alternative to them?
- Do I know which suppliers provide more than 50 percent of the supply of a specific set of goods or services?
- Have I had a discussion with key suppliers to determine if they have a BC plan/program or IT DR plan/program?
- Have I reviewed my key suppliers’ BC programs and plans to determine what their recovery times are?
- Do I consider their BC program capability when I evaluate new suppliers or re-contract with existing suppliers?
Wow, that’s a long list of questions, but they are all questions to which you should know the answers.
Whether you pick a few key suppliers and start with them or develop a broad based program of supplier evaluation, the important thing is to understand how a supplier could impact your company and decide what you want to know and /or do about the issue.
Risk managers will need to understand the pros and cons of outsourcing and supply chain risk, and work with procurement and finance teams to understand the impact on their risk profile.
Outage planners will be faced with trying to understand the risk strategies of external providers and develop strategies to operate during a provider outage.
The Impact Of Social Media Technologies & Adoptions
Social Media is everywhere in today’s society. Whether it is Facebook, Twitter or any of the other ways we keep in touch, these tools and the impact they have on our ability and approach to communicating is dramatic.
Many organizations are currently assessing the impact these technologies can have at the time of an incident. What will your staff post about an outage you experience. What will your customers say about recalls or lack of products due to a fire in a plant? Also, how can you use these tools to help manage an incident?
I can tell you first hand that when I was running Comdisco’s recovery business and we were trying to manage 97 concurrent 911 declarations, having Twitter feeds or a Facebook page to track what hundreds of recovery staff were doing to support clients would have been immensely helpful.
Risk managers will need to understand the impact that social media trends and tools can have and devise approaches to benefit from or lessen the impact of these growing ways of life.
Outage planners will need to understand how these tools might fit into their planning efforts and utilize these capabilities to improve their effectiveness.
The Continuing Shift Toward Resiliency
I define “resiliency” in the context of our industry as the integration of disaster recovery, business continuity, security and production high availability.
As the recovery and continuity industry flourished in the 1980s and 1990s, we created new roles specifically focused on recovery and continuity. Disaster recovery coordinators and business continuity planners were hired to focus only on the recovery side, and often reported outside of the production IT organization. The significance wasn’t the reporting relationship, but that the two disciplines, production and recovery, began to drift apart.
You might say that isn’t the case in “my” company, but I assure you a lot of the problems companies have keeping their production and recovery requirements in sync is a direct result of this separation of responsibilities.
Resiliency is all about keeping things operating and having the capability to scale up or scale down as business demands dictate. It is about maintaining operating capability through a disruption, and making it as transparent to your customers, employees and stakeholders as possible. Bringing the disciplines of high availability, security, recovery and continuity together allows us to better leverage personnel, skill sets, technology and capabilities, most probably at a more effective, efficient and economical level than before.
Continuity practitioners need to be aware of this trend -- and embrace it. Our primary mission is to provide solutions that allow our organizations to weather outages and disruptions, and resilience might just be an appropriate strategy to consider.
Risk managers will understand that the best approach is to avoid the impact on the organization, wherever possible, and look for ways to improve resiliency at every level.
Outage planners will accept that while resiliency is certainly a sought after goal, not all incidents will be avoidable, and quality, actionable plans are still required.
It is safe to say that the trends of the past are in the past and a whole new set of issues is in front of practitioners today. Whether your role is in risk management, incident management, disaster recovery, business continuity or a related role, these four trends will shape what you do and how you do it in the years to come.
In some cases, these trends are opportunities to have a greater impact on your organization. In other cases, they will impact how you do your job. Embracing them may be difficult, but they are here to stay.
It’s up to you, but in my opinion, the practitioners who embrace the trends and move towards a risk management approach will be the more sought after professionals and have a broader set of opportunities in the years to come.