As Per GJTA (Global Job Task Analysis) 2009 analysis Business Continuity and emergency preparedness is added as one of the Core competency of FM to its 9 competencies of 2007 analysis, by IFMA : Are Facility Managers ready for it? Read, Understand and Apply and one of IFMA FM Competency is yours: Disaster recovery and Business Continuity has often been overlooked and sometimes even ignored. Managers could have been excused for thinking it wont happen here. However, the series of recent tragic events since 2001 have made businesses sit up and consider how and what they could do in the event of a disaster to protect their staff, customers and properties, and business. The continued operations of an organisation depend on management awareness of potential disasters, their ability to develop a plan to minimize disruptions of critical functions and the capability to recover operations expediently and successfully. This article try to explain The role of facility management in Business Continuity Planning (BCP) and disaster recovery, and what sort of issues facility managers should consider when preparing a BCP. It will introduce the scope and importance of involving the facility manager in business continuity planning. Furthermore this article discusses the sorts of issues that you should consider when planning for business continuity, and will introduce the scope and importance of involving the Facilities Manager in Business Continuity Planning and Management. It will help FMs to formulate an in-depth understanding of the principles of Business Continuity Planning, and to consider how to apply Business Continuity Planning processes depending on your business support services and infrastructure. The Role of Facilities Management in managing Support Services Most businesses depend heavily on technology and automated systems, which if disrupted, even for a few days, could cause severe financial losses and threaten survival. The continuous operation of an organisation depends on management awareness of potential disasters, their ability to develop a plan to minimise disruptions of critical functions and the capability to recover operations expediently and successfully. According to Meier and Khun (1998)The extent of the business interruption depends on the time taken to restore the company’s commercial operational readiness: The restoration of any building affected by the loss event, The repair and replacement of machines and installations, The replacement of damaged raw materials, work-in progress or finished products Whilst Facilities Management will be a central element in Business Continuity Planning, perhaps taking the lead responsibility in the coordination of preparation or post-event expediencies and continuity or recovery of the key business support functions, business continuity planning should be viewed as being broader in scope than FM. As it is also a highly integrative function, successful Business Continuity Planning will require the coordination of many, if not all, of your non-core business support services. It is a key management task, which requires a good degree of forethought about the inter-relationship and interdependency between core and non-core functions – not least in terms of functionality in the business process, but also in the critical area of communications and responsibility lines. The key message here is that if business continuity is dependent on the continued or recovered inter-operation of core and non-core issues, FMs need to think in these terms during the consultation and pre-planning stages. Holistic solutions require holistic planning. BCP is the systematic forethought about responses during and immediately after an event, and is usually based on pre-planned and optimized solutions. Its function is to minimize the consequences of disasters for the core business. BCP is usually concerned with singular events rather than the day-to-day issues which business support services management is concerned about. Hence Business Continuity Planning is an extension of the business support services management remit. It involves securing continuity of communication, IT support and the real estate and facilities, and ultimately the Business. The Business Continuity Institute (BCI) distinguishes between Business Continuity Management (BCM) and Business Continuity Planning (BCP): Business Continuity Management: Those management disciplines, processes and techniques which seek to provide the means for continuous operation of the essential business functions under all circumstances. Business Continuity Planning: The advance planning and preparations which are necessary to identify the impact of potential losses; to formulate and implement viable recovery strategies; to develop recovery plan(s) which ensure continuity of organisational services in the event of an emergency or disaster; and to administer a comprehensive training, testing and maintenance programme. Note the distinction between Business Continuity Planning and Disaster Recovery Planning. Business Continuity Planning relates to ensuring that an organisation can survive an event that causes interruption to normal business processes – Disaster Recovery Planning is the process that takes place during and after an organisational crisis to minimise business interruption and return the organisation as quickly as possible to a pre-crisis state. Business Continuity Tasks. Many events can affect businesses, the core business of your company as well as the supply chain or your outsourced providers of key support services. The first thing to recognize is that the more inter-dependent a business and business process is on other organisations, the more the chances are of being affected by the spin-offs from another organisation’s business disaster. In business continuity management, the supply chain can act as a snow ball. So decision to outsource business support operations may lead to the transfer of control over vulnerability as well as risk. Figure one illustrates such a scenario. Start by thinking broadly about the profile of risk and disaster consequence that your business is potentially subject to. The core business needs to be protected against a direct and collateral loss of the business facilities – which can be series of events such as the direct or collateral loss of production facilities (from fire, explosion, bomb, flood, earthquake, insurrection); access (from bomb warning for instance); staff loss (temporarily through strikes, or permanently following illness, death, or headhunting of key personnel); and loss of knowledge and information (including records and IT-based material, but also through the loss of key personnel). There are also major potential implications for the core from financial turbulence, and other political, social, or technology affecting your organisation, your suppliers and/or your customer base. Protecting your Business Protecting the physical and informational assets should be a major issue for every company running a business. Some companies have learned the hard way the importance of safeguarding their information. It is estimated that more than 40% of banks don’t have any recovery plan, yet for a call-centre based business the IT system and the facilities which support its availability and use by core staff at all material times is a main working tool. Not only is such a business critically dependent for its core processes on these facilities and the associated support services, there is also the secondary issue of customer confidence. Holland (2002) stated more than a third of senior IT executives believe that there is a serious threat of a cyber-terrorism incident this year, according to a poll by vnunets sister publication Computing. But more than 95% believe that companies have not adequately improved the security of their IT systems, despite the events of 11 September last year. Investments had been made in disaster recovery, but many businesses are failing to consider the potential impact of a cyber-attack. Romano (1995) estimated that “within ten days of an extended computer outage, a company loses an estimated 2 to 3% of its gross sales and most companies will never fully recover from 10 days without computers.” Innocent events could greatly damage any business as much as vandalism, theft, sabotage, personal assault and other criminal acts affecting a company facility. The challenge is to think broadly enough about the vulnerabilities, and then put in place the provisions and authorities for the necessary contingencies. There are 5 initial steps in the Business Continuity Planning process: The Initiation of the Business Continuity Planning Process and the Assessment of Risks The Conduct of a Business Impact Analysis The Analysis of Critical Processes Related to the Identified Key Business Impacts The Creation of an Initial Business Continuity Plan The Testing and Revision of the Business Continuity Plan and Management System. There is also another vital stage, the updating of Business Continuity Plan and Management arrangements, which will usually also require all the other phases in the Business Continuity Planning cycle to be systematically revisited. Step 1: The Initiation of the Business Continuity Planning Process and the Assessment of Risks A thorough understanding and analysis of your business process is pre-requisite for any successful Business Continuity Planning process. The facilities manager or business support services managers should be in the best position to inform the executive on the support implications for business-critical areas of the core company, and should also be able to relate these to the business-critical aspects of the business support functions – which could easily disable the core functionality if they were to fail or be affected collaterally by a disaster. However, the quality of their foresight is critically dependent on the level of understanding the FM has of the core business operations and relationship with support services and facilities. This may be a challenging integration issue for those non-core services which are not strategically partnered, but if un addressed the vulnerability will remain and the planning may be seriously jeopardized. This dimension of ensuring business continuity will also arise later, in the operational phase, when the issue of authority and communication chains across inter-dependent operations are considered, and these both have to be clear and unbroken. Step 2: The Conduct of a Business Impact Analysis The Business Support Services Managers and Facilities Managers will be central to this. FM, the practice of co-ordinating the physical workplace with the organisation’s people and work, requires integrating the principles of business administration, architecture and the behavioural and engineering sciences (Gregory, 1994). The role of the FM and/or business support services manager in preparing the Business Impact Analysis is critical – they should be alert to the key issues required to evaluate and implement plans that meet the numerous demands and objectives of their core business. Step 3: The Analysis of Critical Processes Related to the Identified Key Business Impacts Before to start to draft a business continuity plan, it is vital to define the functions which are critical or in some way irreplaceable to the continuity of your business. This is where the deep vulnerability lies. In conjunction with thinking about this issue, the FM should consider whether the existing balance of in-house and outsourced provision and management/ coordination of the business critical support processes gives an appropriate balance between dispersal of vulnerability versus level of control and coordination. There is no universally right combination (there are plenty of wrong combinations!) - it depends on your business needs. Bearing in mind that the robustness and resilience of any business support services to any disaster of their own as well as to the core business must be considered very seriously where these services are themselves critical to the core business. Also consider the supply chain. Step 4: The Creation of an Initial Business Continuity Plan The characteristics of a Business Continuity Plan are of course very specific to the organisation and the business activity. Assuming that the aim of the BCP is to recover a business then the emphasis is probably going to be on rapidly re-occupying the premises in order to ensure the continuity of the business activity with as much being left to the longer recovery period as is acceptable. changes, or as the circumstances in which the business operates change. In order to create a Business Continuity Plan it is important to consider the following issues: An accessible and authorized budget for immediate use A clearly identified Business Continuity Management team, comprising the key planning business continuity planning members (probably as a standing committee); probably with membership to include the CEO or MD, Financial Director, Marketing, Key Engineers / and Technicians, and representatives or managers for the business support services that affect all the key operations of the core business. Plus any other specialist knowledge, and for the planning team, a business strategy planner, a business process manager, and a risk analyst. For the creation of a Business Continuity Plan: Think who, what, where, when, why, how… …and how much (rationalize the provision across the risks and knowing where the domain of core and business support services finish, especially the delineation between in-house and outsourced functions, and between functions which conventionally fall under separate coordination or communication channels) Be careful to avoid over-providing for the controllable at the expense of the highly critical or unstable. Focus on instability. Plan your real time communication chains (with back-up). Set your Business Continuity targets – for example time to recovery (what level of partial recovery can you actually cope with in the first instance) … Create a detailed (chronological) hypothetical scenario or scenarios to design and brainstorm the BCP. Focus on realistic scenarios in sufficient detail to make the planning worthwhile. The next stage after the creation of the initial Business Continuity Plan is to plan its operation and management. There is no point to write a Business Continuity Plan if the organisation is not able to operate it on the day of the event, and in a disaster situation, movement of people and the knock on of shock and many parallel attempts to deal with unpredictable issues arising from the disaster is inevitable. Consider the following: Who decides, and how, and then activates the Business Continuity Plan? (and with what back-up, from whom?) Is it a single person to decide, and if so what is the immediate communication chain? Who decides, and how which version of a staged or flexible plan is sued? How and by whom is this to be interpreted by in an event which somehow differs materially from the scenarios which were used to design the plan? Do they know? What can be left to after the event and what is better planned live (this depends on the level of confidence that you have in your team and understanding of the key business issues)? Within the Business Continuity Plan, reserve the resources and try to create the scope for mental ‘space’ to allow this to be done properly under stress. Assess the likely consequences of an event and the BCP on staff, work in progress, access to equipment, materials, records, documents, and stock. Steps 5 and 6: The Testing and Revision of the Business Continuity Plan and Management System. We said earlier that your Business Continuity Plan should be a “live” document, and as such it must be test and updated regularly. The needs and resources of any organisation or business will change, be improved, or maybe decrease. It is also an excellent way to assess the strengths and weaknesses of your plan, and to gain an appreciation of the inherent safety factor in your operations. There are likely to be spin-off benefits in terms of the formalisation of better internal communications (especially between the core and non-core) and the scope to test your own company and resources. It will not be cheap however if it is done properly, and especially if the BCP is refined as changes in circumstance arise (especially those which involve delayering or fragmentation of the core and non-core processes). However not having a BCP could ultimately be fatal for the company, and not maintaining and updating a BCP could seriously limit it value also. Concentrate on the key characteristics of the BCP – flexibility, realism in terms of timescales, effort and resources compared with the seriousness of the event; a process designed to suit the chain of consequences and adaptable to the particularities of the event; and a plan for the medium to long term recovery of the full activities of your business. Since people will enact the plan, be sure to have all the key parties represented. And bear in mind that there are four distinct phases involved – reviewing the hazards and assessing the risks and their potential impact on the organisation and business; developing, maintaining, auditing and testing the contingency plans; management of the incidents and coordinating the implementation of plans during an incident and the immediate aftermath; and making the recovery to normal business operation. Conclusion: The interaction of the Facilities with the organisation, is a strategic objective that is fundamental to the planning of a facility that supports the core business activity. Being prepared is the key. Business contingency planning must be integral part of any business. The role of the FM in BCP: FM is a central element of the BCP Lead responsibility broader in scope than FM. BCP is a highly integrative function. FM acts as a liaison and Coordinator. FM requires a degree of forethought about inter-dependency and inter-relationship between core and non-core functions.
Posted on: Mon, 11 Aug 2014 07:29:24 +0000
Trending Topics
Recently Viewed Topics
© 2015