This week is Get Ready Queensland Week – an initiative of the Queensland government that aims to raise awareness of the need to prepare for natural disasters. With the storm season soon upon us, this initiative is a timely reminder to businesses, community groups, sporting clubs, and individuals to think about preparation.
The 2011 Queensland floods had a devastating effect on businesses and a significant impact on economic growth with the net economic impact of the floods to exceed $2.9 billion according to the Queensland Government*. Coal miners, tourism operators, sugar growers, cotton growers, construction companies, transport operators, retailers, insurance companies, and businesses in Brisbane city were all impacted by the floods. In fact we were unable to access our own offices for two weeks. But is there more businesses can do to prepare for and manage the effects of an unpredictable disaster?
Business resilience is a term increasingly used in relation to business continuity. It’s about rapidly adapting and responding to internal or external changes – opportunities, demands, disruptions or threats – and continuing operations with limited impact to the business. It takes into consideration all aspects of a business including its people, facilities, IT systems (hardware, software,) and data.
Most organisations address some aspect of business resilience – whether it’s hosting IT systems offsite or taking out insurance to cover their known risks. But businesses can and should do more to improve business resilience. Ask yourself these questions to see how your business rates…
1. Are all risks covered?
Not just the obvious operational risks which are generally within your control, but the risks that could come from left field. The AON 2011/2012 Australasian Risk Survey found that companies see external risks as the highest concern with market environment, regulation, corporate governance, business interruption and natural disasters all rated more highly than previous survey years. And at the top of their list for the fifth year was reputation. These broad risk areas need to be part of your risk management strategy. It’s also important to not just assess risks but prioritise them – identify the risks impacting the most critical elements of your business and put in place mechanisms to manage those risks as a priority.
2. Have we addressed the needs of our people?
In the event of a natural disaster, your people will be key to the organisation’s ability to effectively respond and recover. It’s the simple things that often get forgotten, for example, do you have access to an up-to-date contact list in hard copy? If you rely on your server to hold your contact lists they may not be easily accessible. How will you keep your staff regularly updated on the disaster (i.e. text messaging, phone calls, Facebook)? Who will be responsible for this important task? How will you manage and communicate with staff who are dealing with their own personal response to the disaster? All these questions should be asked and plans put in place to manage these issues.
3. How will our facilities be impacted?
Natural disasters can be unpredictable and the length of their effects unknown. In the 2011 floods, one of Queensland’s leading retailers was placed in a trading halt as the company assessed the impact of the floods on a distribution centre which serviced 90 of its 211 stores. Organisations need to ask what are the minimum facilities and IT resources required to maintain business delivery. Could the company continue to operate if facilities were impacted? What other facilities can be accessed if your main facility is out of operation? If you have warning, what can plans can you have to reduce impact on your facilities?
4. How could a natural disaster impact our IT systems?
Many organisations now have back-up IT systems located off-site and replicated at another data centre in a different suburb, city, state or country. In the 2011 Queensland floods, a major Queensland engineering firm could not access their IT systems for over a week which had a significant financial impact. Do you understand the critical components in your IT infrastructure and what have you done to protect them or have redundancy for them? Do your IT disaster recovery priorities actually align to your business priorities and critical functions? Do your teams have alternate arrangements ready to go if they can’t use their IT systems? If you don’t have technological redundancy, what can you do to mitigate data loss and disruption?
5. Have we educated and trained our people sufficiently?
A plan is only as good as the people who use it, and to be of use, it needs to be understood and practised. When was the last time your team was reminded of their role and responsibilities under your business continuity plans? Have all your new people been appropriately trained? Are your plans robust and have they been put to the test?
Now might be the perfect time to review and test your plans before your organisation faces a real disaster.
*Queensland Government – Queensland Chief Scientist