Plan Net Logo

T: +44 (0) 20 7353 4313 | E: info@plan-net.co.uk

social media icons white twittersocial media icons white linkedin

Arrow
Arrow
Slider

.

1
2
3
4
5
Slider

broken chainBusiness continuity planning has been an important part of any well-run organisation’s approach to dealing with unexpected events that might impact upon their operations.

However, in an increasingly outsourced world, businesses need to plan for interruptions to the third-party services upon which they depend.  

Here's our views on the importance of business continuity planning across your supply chain.

Business continuity planning has been an important part of any well-run organisation’s approach to dealing with unexpected events that might impact upon their operations.

However, in an increasingly outsourced world, businesses need to plan for interruptions to the third-party services upon which they depend.

Here's our views on the importantce of business continuity planning across your supply chain.

Barely a week seems to pass without there being another report of an IT outage affecting a significant number of organisations or the wider public - Outlook.com’s overheating infrastructure and Nationwide Building Society’s disappearing online services being two of the more recent examples.

These events are perhaps to be expected as organisations increasingly look to online solutions to provide and receive services. But then there are the truly unexpected events that can also take a business by surprise - the London office that becomes inaccessible because a helicopter has crashed nearby, or the New York data centre going offline because of a ‘once-in-a-lifetime’ storm.

Whilst large organisations typically have considerable resources at their disposal to support contingency planning, smaller organisations often cite a converse lack of resource and competing priorities, as reasons for not giving business continuity the attention it deserves.

The scale of the issue amongst smaller organisations is significant. In research published by Vodafone in 2012, 22% of large SMEs surveyed indicated that they still operate without a BC plan. Worryingly, this trend increases to 57% of the small SMEs (with 10 or less employees) surveyed.

These figures are further exacerbated by the finding that, of those responding as having a BC plan in place, only 58% had tested this in the last year. Proficient business managers know that an untested or outdated plan is as good as having no plan at all and, to counter this, there needs to be a management framework in place for assuring themselves that their BCP arrangements remain relevant in respect of changes to the business, such as new business activities, technologies, changes to premises and suppliers.

However, the real concern behind these figures arises when one considers the changing landscape of business - the increasing use of outsourced services to support key business functions. The reliance on contractors (and several layers of sub-contractors) means that those responsible for business continuity planning need to adapt to take complex third-party dependencies into account. In some cases, this can see the core operations of large, global organisations coming to rely on the resilience of very small businesses.

Wary of these potential weaknesses, large organisations are increasingly looking at their supply chains to determine how weaknesses in vendors’ (and even their vendors’ vendors) resilience and contingency planning might affect their own business continuity capabilities. Crucially, they are having to consider dependencies, both in terms of being able to provide effective support during an incident and recovery phases, as well as not being the cause of an incident in the first place.

For smaller organisations, the inevitable increase in assurance being sought by commissioning organisations will lead to a situation where business continuity is no longer just about satisfying oneself in regards its ability to cope with operational disruptions, but a  vital aspect of winning and retaining business.

Organisations that exist within the supply chain need to consider how they can easily assure multiple clients of the adequacy of their business continuity arrangements, without getting into an administrative tangle. Perhaps certification to the International Standard ISO 22301, demonstrating that a robust business continuity management system has been established, is the answer.

But then every organisation is different and therefore needs to adopt an approach to business continuity that suits them. The one approach that small businesses can no longer afford to take is that of denial, because in this increasingly connected and competitive world, the reliance on someone else’s  contingency planning is becoming more important each day.