Business Continuity and the critical Role of Emergency Communication
Why Business Continuity Fails
Business Continuity often fails, and reasons are manifold. If no business continuity plan exists, there will be ineffective emergency communication and any response to emergency situations depends on the capabilities and action of solitary individuals and its efficacy is random. For large-scale events this can be disastrous.
But even an existing business continuity plan is no guarantee for safety as it might be outdated, poorly drilled and exercised or even badly designed. There is also the danger that a business continuity plan is too much based on a risk assessment or threat and risk analysis (TRA). In such case it is derived from predictable or highly probable events and situations only.
Unfortunately, rare “black swan” events are the worst and often result in disaster. Prominent examples include the Deepwater Horizon Oil spill in 2010, the Fukushima nuclear power plant disaster in 2011 or the sinking of the “Costa Concordia” cruise ship in 2012. Even events that are known and somewhat predictable like the SARS Cov2 Pandemic are ineffectively handled and preparation was poor.
Though Fukushima is a typical example of a disaster caused by a large-scale Tsunami event, one of the characteristics of many bad incidents is their non-linear development. A small malfunction (typically handled by low-level troubleshooting, in this failure of electricity power systems which were flooded) results in an emergency situation or disaster. Due to the non-linear nature of disaster evolvement, each malfunction, if poorly handled, already has the potential of ending up in disaster.
Accepting the “event continuum” is essential in understanding why business continuity planning needs to span from low-level malfunctions to disastrous events. And why instant emergency communication of small incidents leading to instant response can become the key in preventing disaster.
Maintaining Business Continuity
One of the core principles of maintaining business continuity is to ensure there is an effective response to disruptions in place which minimizes the impact on the organization. That is why organizations design business continuity plans. They typically include various measures at different frontiers of the “event continuum”:
Figure 1: Measurements to ensure business continuity (Source: BSI and Loomans & Matz)
Organizations are facing a multitude of threats to their business continuity. The first aspect of planning is Prevention. Organization set policies, e.g. for using IT, accessing important information and so on. They implement security systems, firewalls and campus fences, etc.
When Prevention fails, incidents need to be detected and Detection is worthless without communicating the detected deviation or malfunction.
For instance, in IT, detection is handled by IT monitoring systems. Their job is to detect any deviation from “normal” and signal it effectively in order to ensure a swift response to an incident. However, monitoring tools are natively weak in effectively communicating incidents. They mostly rely on simple emails or sometimes a basic mobile notification capability like sending a text message to a group of admins. There is great danger in this communication gap and that is why there are some very valuable tools (like SIGNL4®) which overcome the shortfall of monitoring and service desk systems in effectively communicating incidents, tracking delivery and response.
Because, if incidents go undetected or if the response fails, an organization might end up in an emergency or even worse. And chances are what can go wrong, will. Especially, with humans at the receiving end of those signals or as the transmitter of signals, e.g. from Network Operations Center (NOC) personnel monitoring screens to responders on duty. Such response teams are designed to remedy problems or to coordinate recovery actions.
The Critical Role of Emergency Communication
Failing business continuity often involves or even starts with poor communication. Signalling malfunctions and critical incidents is often slow, ineffective, reaches the wrong people, or responders are unable to distinguish between relevant and irrelevant alerts. Involvement of C-level executives happens too late to benefit from their access and command over resources to successfully prevent an evolving disaster. So, communicating the right information to the right people at the right time is essential in dealing with threats to business continuity.
After their investigation of the Deepwater Horizon Oil Spill the National Committee concluded:
”In light of the potential consequences, it is no longer acceptable to rely on a system that requires the right person to be looking at the right data at the right time, and then to understand its significance in spite of simultaneous activities and other monitoring responsibilities.”
This forms a strong pledge for effective alert notification and alarm management systems. Effective alert notifications represent an essential contribution to maintaining business continuity, especially for detecting and responding to incidents. But there are additional areas where effective emergency communication comes into play.
The Right Communication Tools
Tools for automating (and thus speeding up) critical communication processes have been around more than two decades and have very much matured. Spanning both cloud solutions (software-as-a-service) and on-premises, classic software, they deliver the accuracy and speed that is needed to respond effectively in all stages of the “event continuum”.
While operational alerting tools like SIGNL4® (www.signl4.com) allow for a rapid response in case of smaller malfunctions and help to avoid the development into major infrastructure incidents, mass-communication oriented tools (“emergency mass notification software”) help reach out to larger groups of people or even the public in case of natural disaster or other large-scale events.
About the Author
Matthes Derdack is Co-founder and CEO of DERDACK and SIGNL4. Matthes’ core responsibility is the vision and strategy behind Derdack and its products.
If you want to increase your Organizational Resilience, start with preparing a Business Continuity Plan and check out BCP Builder’s Business Continuity Planning Templates.
