Crisis management

No comments

Why do a significant number of businesses still not have any formal plan for managing a crisis, or indeed for maintaining business continuity?

Why do a significant number of businesses still not have any formal plan for managing a crisis, or indeed for maintaining business continuity? This was one of the questions addressed by this month’s roundtable participants. They largely considered that, while businesses may not have documented their arrangements, most probably had a reasonable idea of how they would respond to incidents, even though they might erroneously think that they could manage their way through fairly simply.

Indeed, it became clear throughout the discussion that there is a fair amount of jargon pervading the business continuity profession with a whole range of terms meaning different things to different companies. This can be daunting for companies contemplating business continuity and crisis management planning for the first time.

Two of the key drivers for establishing business continuity and crisis management plans are regulation, for example the requirements of the Financial Services Authority and Sarbanes-Oxley, and customer pressure. The latter seems the most likely to push survival planning to the fore in unregulated businesses.

Just as occurred in the run-up to Y2K, some corporate buyers are now requiring assurances from their suppliers that they have robust plans, but this time in relation to a flu pandemic. It seems likely that when the business continuity standard, British Standard 25999, is finalised, published and auditable, procurement departments will expect their suppliers to comply with this within the tender process. And there was general agreement that having a robust plan gives a supplier a competitive advantage.

However, our discussion group stressed the fact that merely producing a plan to satisfy regulatory or customer requirements is insufficient. In order to be effective, plans need to be specific to the organisation concerned, exercised regularly and appropriately, and to evolve in parallel with the business.

Should a crisis occur, protecting reputation is a key consideration which needs to be managed at the highest level.

Response has to be fast and while some strategies and ‘trigger points’ can be pre-planned, it is dangerous to be too specific.