We should always be performing risk analysis, even if it is ad hoc or a thought exercise. As the new year is now well underway, we have forgotten about our New Year’s resolutions, and are back into projects and issues. As you begin the review of risks and plan updates, with what type of events should you be concerned?
In a recent blog, we talked about a couple of events that demonstrated our potential lack of functional recovery. This week, we will expand that list to include many of the business continuity disasters that we have seen in the last few years.
Common Business Continuity Disasters
- Self-inflicted outages
Critical application outages due to human error in implementation or errors not found during testing.
- Employee sabotage
Employees changing admin or critical processing passwords with no way for the organization to correct them.
- Third party outages
Software as a Service (SaaS) or Infrastructure as a Service (IaaS) providers having an issue impacting customers’ ability to use the services. Think about Google outages or a virtual server/storage provider such as Amazon Web Services. Were you impacted by the SalesForce, Office 365 or Symantec outages this past year?
- Power outages
These could impact your own facility or data center, but could also be the cause of third party outages.
- Natural events
Hurricanes, recent winter storms, earthquakes, and localized storms (in Arizona we have micro-bursts each summer that impact individuals or a few businesses).
- Wildfires
For those of use in the West, this is an annual news event. Last year both California and Tennessee were heavily impacted. While these typically do not impact larger metro areas, if your organization is close to forested areas, these types of events can cause evacuation or building impact very quickly.
- Flooding
Think not only in terms of heavy rains such as the August storms in the southern U.S., but flooding that is caused by water main breaks or sewer backups.
- I spent an afternoon with a wet/dry vac trying to clean up under a raised floor before sewage hit the power outlets.
- Communications outages
These could be considered third party outages, but since we leverage these for core business processes, losing just this function could cause major business impact. Consider what you use for communication.
It is more than just a phone – VOIP, LAN, mobile – but also social media and messaging. What is the impact to your organization when any of those are unavailable?
- Internet (ISP) outage
Given the importance of SaaS, remote access, and other internet-based work, an internet outage could have a similar impact as a data center outage.
- Network provider
Again, this could be under the third party provider category, but given the criticality of your network access, network issues outside of your control can impact the entire organization.
Comparing this list with your BC Planning
No one likes to think about any of these potential business continuity disasters, but knowing what others have encountered encourages preparedness. Are any of these examples events you may not have considered in previous risk assessments? If so, now is as good a time as any to ensure your plans and strategies are robust enough for any potential situation. Though it may be uncomfortable to think about this happening to you, lost inventory, reduced productivity, property damage and the all-important revenue loss are more uncomfortable. Take a few minutes to consider the planning and strategies you have in place. Will they reduce or eliminate the impact of the scenarios above? Hopefully, this will trigger ideas on other potential risks to your locations.