Business Continuity

The well prepared business has a contingency plan that covers as many possible disruptions as possible. Once such a list has been made, the next part of contingency planning is to prioritize from most likely to least likely, so that resources can be allocated accordingly.Most people would put power outage on the list straight away, but prioritizing involves asking the questions anyway: How badly would a power outage really impact the company?

If your company was, for example, providing a telephone helpdesk service, since telephones operate on a different power system, it may be possible to keep working and hence not as important an emergency than a company providing fresh food that may spoil in hours if the refrigeration or cookers stop working.Thus, the best planning does indeed take into account the obvious dangers, such as power outage, but still assesses how deeply such an event may affect it; for some companies power outage may be serious enough a danger to consider specific contingencies, such as a backup generator. For others, it may consider the loss of productivity less of a threat than the costs involved with fitting uninterruptable power supplies to its computers or installing a backup generator.

The law relating to a company must also be taken into account. Providing certain services imposes legal requirements for contingency and redundancy safety systems, and this raises the priority of these scenarios on the list, since government inspection of contingency planning can take place at any time – often with little, if any, notice.

So once a full list has been drawn up, it can be prioritized. Since a responsible company will have already allocated a budget to deal with contingency, prioritizing makes it much easier to decide what percentage of the budget needs to be allocated to each item. There can often be many solutions to each problem, with varying costs and varying levels of protection, and although there is little point in spending too much on each problem, equally there is little point on spending not enough, since doing so may not procure a solution which, when the worst happens, turns out to be sufficient to deal with the crisis.

Since the entire point of contingency planning is to continue to be able to operate the business throughout potential crises, there should always be sufficient budget to handle solutions; if the solutions are inadequate, there is no point in having them in the first place, since an inadequate solution will lead to the business grinding to a halt, avoidance of which is the entire point of a contingency plan.

Even so, it is still important to ensure that budget is allocated and spent responsibly. Dividing the list into three levels of danger – critical, serious and annoyance – can help. Critical dangers will stop business dead, within minutes. Serious dangers will require an immediate response and may require some form of third party backup for which the costs need to be assessed, but will only lead to business being brought to a standstill if such responses are not initiated. Annoyances impact the productivity and ability of the company to operate at normal levels, but do not cause business to halt altogether.

When it comes to budgeting, the responsible company allocates its resources in such a way that it can cross as many critical dangers off the list as possible, as well as minimizing – if not totally eliminating – the impact of serious dangers. Often annoyances have to be tolerated, since the costs involved in eliminating those would be more expensive than tolerating the loss of productivity or profit, but even in those cases re-allocation of manpower or a re-alignment of direction can provide an effective response to such annoyances.

So this stage of the planning is complete when the full list of dangers has been categorized and a budget has been set to cover each category. At this stage in the planning the budget is not totally fixed, as this should not be done until the costs imposed by third parties have been assessed – which is the next stage in contingency planning – and thus, it should still be possible to alter the level of budget given to one category at the expense of the others. The budget for each category will dictate what can be purchased or leased to deal with threats from that category.

With list and budget in hand, the manager overseeing contingency plans will now be in a position to proceed in contacting third parties and negotiating solutions. Third party providers and suppliers who are aware that they are competing for a budgeted amount with little flexibility are more likely to lower their prices to be competitive since it is an assured contract. Somebody will be getting the job and it might be them. The prepared manager will at this stage be ready to bargain, and bargain hard, to get the contingency facilities in place.

With list and budget in hand, by this stage in contingency planning the planning manager is finally ready to shop around. Dangers to their business have been assessed for level of danger, budgets have been allocated to spend on each priority level of danger and it’s now time to start sourcing solutions.There can be many levels of solution for a given problem, depending on scope and level of response. The contingency manager has to make the important decision about what level of response is appropriate to each problem.

Does an IT company go full out and install a backup generator to protect itself from a power outage, or does it spend much less money on uninterruptable power supplies for key machines that can be shut down in an organized manner resulting in as little data loss as possible even though for the duration of the power outage productivity will be lost?

The levels of solution will also be affected by the type of business. A shipping company can likely make do with an uninterruptable power supply on its server machine, with possibly a second means of backup power to give temporary switchboard power since a power outage for this company is not going to affect its trucks already on the road.

There are also degrees of scope within the identified danger as well. Uninterruptable power supplies can keep 110v or 240v appliances, such as fridges and cookers or computers and switchboards, running for a short time but they are not powerful to operate industrial plant or heavy duty equipment. Is the cost of a backup generator too much given that it is a gamble on an event which might not even happen, or is it essential to have regardless of cost because the lost productivity or efficiency costs outweigh the cost of the initial standby equipment?

Also requiring assessment is the market for a given solution. How many providers are there and how easily can they be made to compete against one another, potentially lowering the cost of that solution to the purchasing company? How new and untested or how proven is a technology or solution that a provider is offering, and is it worth going “cutting edge” on an essentially mainly untested solution that may be being offered at a lower, introductory price over an established and effective but equally expensive solution?

All of these questions will affect how quickly the contingency budget is spent, and how effective the resulting solutions are to the crises they are purchased to prevent. Given that the importance of making sure a solution – regardless of how much or how little it costs – must be affective in addressing the problem it is purchased for, since there is no point whatsoever in having an inadequate solution as it simply won’t work, it is vital that a balance be found between cost and effectiveness. Newer solutions may have more up to date technology and may have the latest in methodology, but is it reliable? And is it more expensive because it is new or is there negotiation room since you will have to be trusting untested solutions and thus can negotiate a better price to compensate for the potentially increased risk.

Once all of these factors are taken into account, then the list of potential solutions and providers of potential solutions can be narrowed down to a shortlist for which further competition among the remaining companies or solutions should be sought to further lower the eventual cost. Companies who find they are ‘shortlisted’ as among the finalists to be able to pick up a lucrative sale or contract are even more likely to be persuadable to make further concessions in order to be the eventual winner of the tender.

Finally, legal responsibilities must be compared with the potential shortlist. Will the shortlisted companies’ solutions still meet the legal requirements of your company, if there are any. If not it does not matter how cost effective a solution is, the solution has to be crossed off the list because the selection criteria – from a legal standpoint – cannot be met.

By the time all of this has been taken into account the result of all this planning should be a short list of providers of either services or equipment that matches the available budget and is suitable for overcoming the obstacles it is being purchased for. Finally the concept stage is over and it is at last time to move on to the action stage, purchasing the solutions and beginning to integrate them into the business. Finally the theory stage is over and the practical stage begins, remembering that at this point it may still be necessary to replace certain parts of the plan if they later turn out to be unworkable from a practical point of view. But at this stage, the contingency manager is ready to implement and fine tune the plan. The end of the procedure is finally in sight.