Our business is all about helping our clients to survive disasters, so to some extent it’s just business as usual for us—our data centres and work-area recovery facilities are designed to keep operating in all circumstances. Because of the nature of our business, we have very stringent specifications, but nonetheless the measures we have in place might help other businesses come to some conclusions about what they should be doing.
All our facilities have alternative power in the form of UPSs and generators—our business can keep operating and, as important, so can the work-area recovery facilities we provide for clients.
UPSs and generators run in parallel, with automatic failover.
Our Midrand data centres have several diesel tanks, and diesel can be pumped to the various buildings are needed.
Diesel supplies are sufficient for four to five days of continuous use.
We are not reliant on local suppliers for refuelling. If needed, we have a mobile tank that can be put on one of our own vehicles to fetch our own diesel.
Our generators are on a full maintenance plan.
As regards telecommunications, we have multiple providers, so communication links can be failed over between them.
In addition, our Midrand and Randburg sites are connected by a dedicated fibre link. Thus if only one site can connect to the communications network, it can link in the other.
We have multiple sites in Gauteng, KwaZulu-Natal and the Western Cape, as well as internationally, all on different parts of the power grid. This enhances our ability to help clients recover their ICT environments.
All our sites have auxiliary water tanks.
All of these measures make our sites more resilient to the benefit of our clients—but also could serve as prompts for what companies should consider putting in place at their own facilities. Power shortages are going to be a fact of business life for the foreseeable future: What’s your strategy?]]>
In our previous blog, we examined some of the wider impacts of load-shedding that businesses should integrate into their thinking. Others include:
Impact on security. Most access control and building management systems rely on power to continue functioning so alternative power plans must include security and access control to avoid the business becoming a soft target during load-shedding.
Impact on society. One might argue that coping with load-shedding could create a kind of nation-building based on the feeling that “We’re all in this together”. More likely, particularly as the crisis drags on and on, is that existing social tensions will be exacerbated. When traffic is repeatedly disrupted thanks to non-working traffic lights, for example, incidents of road rage are likely to escalate, perhaps along with other forms of aggressive behaviour. Among these could be wildcat strikes and incidents of opportunistic looting, particularly when businesses start to shed jobs as they must surely do.
Once these inter-connecting risks are well understood and integrated in the business continuity plan, companies can put the appropriate backup power plans in place. These are likely to revolve around generators and uninterruptible power supplies (UPSs), both of which have their own requirements.
Here are some practical guidelines:
This blog series concludes with a look at what ContinuitySA is doing to mitigate the risks it and its clients face from load-shedding.]]>
As Africa’s premier integrator of business continuity services, ContinuitySA’s team spends a lot of time identifying risks and how to mitigate them.
The first order of business is to understand the true nature of the risk—only then can we truly mitigate it. Consequently, we are advising all companies to undertake a thorough review of their business continuity plans—this will provide a structure through which to understand the impact of load-shedding on a particular business, what the company’s risk appetite is and thus what plans should be put in place.
Because electricity is integral to a modern society, load-shedding creates a complex and interdependent set of risks over and above the primary risk of the company’s being unable to trade. These risks need to be understood within the context of each business’s strategic plan.
Some of the wider risks are:
Impact on employees. Regular and extended outages will disturb family life in all sorts of ways, from transport difficulties to care of children and elderly relatives. Employers need to understand the impact on absenteeism and be empathetic to employees’ personal challenges.
Impact on vital services. Power outages are likely to affect water supplies periodically and also telecommunications. Businesses can solve the water issue relatively easily by installing their own gravity-fed tanks that act as an emergency store replenished by the municipal water supply. More serious, however, extended power outages could be more than battery backups at some telecommunications sub-stations can cope with, leading to interruptions in communications. In particular, the impact of load-shedding on ICT disaster recovery should not be ignored.
Impact on the supply chain. Power outages in other areas will not only affect your employees’ ability to get to work, but also the operations of suppliers and clients. Today’s supply chains are both long and complex, and many companies use just-in-time inventory systems. It’s thus imperative that companies understand the impact that load-shedding has on suppliers’ ability to meet their commitments, and what any defaults will have on their own operations. ContinuitySA believes that companies need visibility of their suppliers’ business continuity plans, and also to understand the impact that load-shedding could have on their clients’ demand (and ability to pay) for their services. For more, read Make 2015 the year for becoming resilient and also Outsourcing: Know your partners’ business continuity plans.
Next time, more on the less-obvious impacts of load-shedding.]]>
Skills shortages. Specialist human resources are a feature of the health care industry but they are in short supply. An organisation can find itself reliant on certain individuals who cannot easily be replaced. Exacerbating factors include high attrition rates in the sector owing to low morale, and lengthy recruitment processes.
Crime. While all South African businesses face high risk from criminal activity, health care companies have a higher risk because goods/samples/specimens are often stolen from research and / or storage facilities because they form critical evidence impending court cases.
The loss of years of research findings, or the theft of patient information during a robbery also constitutes a risk as the findings are often irreplaceable and patient information can be highly sensitive in nature.
Inadequate buffer stocks. Industry standards stipulate that health care facilities must carry at least 30 days’ worth of buffer stocks. Complicating factors for health care providers to adhere to these regulations include the limited shelf life of some products, and a lack of funds to build and manage stockpiles.]]>
Some of these risks mirror those faced by health care companies globally, while others are dependent on geography. Combined, they add up to a distinct risk profile that companies should be aware of—though many overlook or don’t properly scope them.
ContinuitySA believes that the following 8 risks particularly affect the South African health care sector, and should be factored into organisations’ business continuity planning schedules.
Outdated buildings and infrastructure. This risk is particularly high in the public sector as many buildings are leased, and landlords do not undertake proper maintenance. In addition, many public health facilities are in old buildings in which wiring can be faulty, or in which sprinkler systems are not installed due to heritage regulations. Working in such conditions can negatively affect staff morale and pose a threat to the safety of both staff and patients.
Over-reliance on third-party suppliers. For budget reasons, a lot of specialised equipment is leased and is often outdated. This in turn places the organisation at the mercy of suppliers and service organisations: because maintenance engineers, or replacement equipment in the event of a breakdown, are scarce, important medical tests or procedures can be delayed. Another supply chain vulnerability is the industry’s heavy reliance on drivers and couriers for the transport of specimens to medical facilities—union activity can thus impact heavily.
In addition, the public health sector is bedevilled by slow procurement processes.
Power interruption. Power outages are set to increase in frequency and severity for the foreseeable future, a definite risk for organisations dealing with life-and-death issues. Too many healthcare organisations have generators with limited diesel supply, and with uncertain maintenance and testing schedules. A crisis or power outage is the wrong time to find out your alternative power source is inoperative or can only sustain you for a short period of time.
Poor IT infrastructure and disaster recovery. All businesses are dependent on IT, but none more than medical laboratories or research facilities. Another problem is that business critical and client-sensitive data is frequently stored on unsecured laptops.
Despite their high reliance on IT, health care companies often do not have adequate IT disaster recovery plans in place, and testing is not performed regularly to ensure both data and systems can be restored within specified time limits.
Another critical IT dependency for health care is bandwidth, particularly when it comes to remote facilities.
Read our next blog for the remaining top four risks faced by the South African health care industry.]]>
A company that assesses and prioritises these risks in a methodical way is obviously going to be much better placed to bounce back from a disaster—and we all know just how frequently they seem to occur nowadays. The fact of the matter is that because supply chains and markets are now global, a natural disaster in Japan or Iceland can affect a business in Port Elizabeth, a bank failure in Spain or Hong Kong can delay a production line in Rosslyn, and a flu pandemic in Atlantis can affect a store in Joburg.
In this way, BCM can actually improve a company’s overall governance by bringing all its financial liabilities into view—some may have been hidden from board members owing to the complexity of the business environment. BCM, in other words, enhances sustainability.
Another big benefit of BCM is the fact that it increases the confidence employees have in the company, thus contributing to employee engagement. It’s a truism of corporate jargon that “our people are our competitive edge” but it’s true nonetheless. Anything that makes employees want to stay with the company and give it their best efforts is a plus. The same is true of clients and business partners, provided that the company’s proactive BCM stance is properly communicated to them.
This type of proactive approach, too, we at ContinuitySA believe, creates a company that is generally more forward-looking—not only when it comes to risk. Such a company is also more likely to be alive to new opportunities as well. When a company really becomes BCM-savvy, it really does set itself on the path to success.]]>
Such an approach is always a mistake because it means the company simply incurs extra expense and trouble for no real benefit. It’s a common attitude towards governance codes like King III, for example—and companies with that attitude are the ones that always complain that it’s just an added “cost of doing business”. In fact, good governance can mean good business, as international research (and experience) shows.
The same is true of BCM. Approached in the right spirit, it can deliver much more than the ability to survive a disaster—it can create a stronger, more resilient company all round.
Growing awareness that the process of assessing risk and putting contingency plans in place to mitigate it can generate wider benefits are evident in the way that old-style IT disaster recovery has mutated into something much more. In fact, the 2012 ISO22301 standard for BCM places it within the context of “societal security”, thus placing the discipline clearly within the broader drive towards corporate sustainability.
Sustainability has become such a buzzword in the past several years because it’s become so clear that companies’ success is due not only to their own efforts but those of a broader community of stakeholders, including employees, business partners and so on. The flipside is that a company’s failure affects not only its shareholders but its staff, their families, the staff and families of business partners and a much broader community of people and companies who depend on them.
In other words, “No man [or woman] is an island, complete of himself.” A company that realises this also starts to look at the risks it faces in a similar way. It no longer sees risks as internal only, but also external. Putting risk-mitigation strategies in place for this broad portfolio of risk has far-reaching consequences for its overall sustainability.]]>
The same logic is true for your company. If the parachute (so to speak) doesn’t open, then the destruction would affect not only your employees but also their dependents—at least four per employee when one takes into account their families, suppliers and their families, the people supported by the tax they all pay and the charities they support—in fact it’s probably more like 10 people per employee in reality.
Such an event is particularly devastating in South Africa, where unemployment is high—officially it’s 25 percent but we all know it’s much higher.
The truth is simple. Nobody—and particularly anybody with responsibilities—would jump out of a plane without a backup parachute. And yet many, if not most, businesses are blithely operating without business continuity plans, despite the fact that the only certainty is change and that Murphy was an optimist.
As Socrates said, “If a man truly understood the consequence of his actions, then he would do no wrong.” Now consider the consequences of a disaster if you don’t have a business continuity plan in place. Think of your staff and their families, your shareholders and other stakeholders and what would happen to them.
And then then make sure you have that second parachute ready, just in case.]]>
Based on its extensive experience helping clients integrate their contact centres into their business continuity management—and of running such sites—ContinuitySA believes there are five important considerations when assessing recovery options:
Does the recovery site operate on the infrastructure-as-a-service model? If a company is taking care of its own recovery, then it risks underspending on technology and spreading its resources too thin. If a third party is being used, make sure the infrastructure-as-a-service (IaaS) model is used. This shifts expenses onto the operational expenses budget; more importantly, it means the technology, facilities and bandwidth are able to be scaled as needed.
Is the technology at the right level? When assessing the merits of a site’s technology infrastructure, the following four areas need detailed scrutiny: PBX, switches, routers and phone/ data lines. A related question is whether the building is serviced by multiple telecommunications providers–being restricted to one supplier is not acceptable, from the cost and redundancy points of view.
Is the building itself adequate? Here one should consider not only the question of whether the space on offer is sufficient but also security. If the contact centre is a 24/7 operation, for example, does the security accommodate shifts? Does the building have enough generators and fuel reserves, as well as uninterruptable power supply units? And is it on good transport routes for staff?
Have the seats been purchased under the right model? Seats in a recovery centre offered by a third party can be purchased either on a syndicated or dedicated basis. Syndicated seats are shared with other clients, reducing the cost considerably but are offered on a first-come-first-served basis in the event of both companies experiencing a disaster at the same time, in the same geographic location. Even when this happens, says King, if the service provider has done its capacity planning well, it should still have enough seats for both clients.
Can you test if your contact centre is ready for an incident or disaster? The contact centre recovery site has to be tested thoroughly and regularly, or it cannot be assumed to work. Companies find this virtually impossible with in-sourced sites because of the impact on current business operations.
Contact us for any of your work area recovery requirements.]]>
Last time, we introduced reasons why retailers need to pay particular attention to their risk profiles, and began looking at some of the most common risks they face. Other risks they should consider include:
Reputational risk in the era of social media. Increasingly, people are connecting to the Internet via their mobile phones, which means that they can go online to express dissatisfaction about a retail experience almost in real time. Social media firestorms can quickly get out of hand, so a robust crisis communications plan needs to be in place to deal rapidly with adverse comments on social media sites. It’s a good idea for the spokesperson to be relatively senior—the temptation to give the social media role to a young and possibly inexperienced person can backfire dramatically.
ICT failure. Retail is already hugely dependent on its information and communications technology (ICT) systems, from tills right through to the back office. In addition, retailers rely on ICT to collaborate with members of their supply chain and manage complex logistics. It’s therefore vital that a proper disaster recovery plan forms part of the business continuity plan—no ICT system, no business.
An additional (and growing) risk is the fact that most retailers have an online presence, which consumers use either for product comparison or actual purchase. ICT failure can literally turn out the lights of online stores.
Buildings, including warehouses. Natural disasters can compromise a retailer’s outlets or warehouses, and so imperil the business. But the risks are broader, and should include fire, particularly at warehouses, which can be somewhat neglected in comparison to the customer-facing outlets.
Employee injury. With large staff complements, retailers need to be extra certain that they are compliant with all the applicable occupational health and safety regulations. Again, warehousing operations operating to tight deadlines, and where heavy equipment like forklifts is used, are a particular vulnerability.
While this does not pretend to be an exhaustive list, it makes a good starting point for retailers. Contact ContinuitySA for help in identifying and prioritising your particular risks when preparing your business continuity plan.]]>