Picture this scenario:
Your company is busier than it has ever been. Product is moving out the door, customers are happy, and your hiring rate is at its highest in company history.
Then – suddenly – the bottom falls out.
A tornado blowing through Texas levels your finance department’s office. The damage is devastating, employees are displaced, and work comes to a complete stop.
So now what?
You knew that office’s location in “Tornado Alley” was a business risk, but did you have a plan? The reality is, many organizations do not.
Just like with personal disasters, companies think, “It won’t happen to us.” Additionally, facility- and site-related planning is often disconnected from an organization’s business continuity program, leaving businesses unprepared for potential disruptions to the sites where key operations take place. This can prove to be a fatal mistake that halts business operations, or worse, puts a company out of business completely.
To prevent this worst-case scenario, companies must establish a methodology to collect data about threats to all of their sites and facilities, and ensure that all staff and stakeholders are engaged in the plans for responding to natural disasters, data breaches, loss of power, employee error and other disruptions.
This practice allows for real-time, situational-based analysis; expands enterprise engagement; and augments baseline data with more comprehensive assessments.
Getting Started
The most effective way for a business to ensure it is protected from all angles is to take a risk-based approach and add site assessments to its traditional business continuity program. And, that means all sites related to operations in any way, including data centers, corporate sites, and distribution centers.
There are decision-makers in every industry who think they only need to evaluate obvious facilities, such as data centers, for possible disruptions. This is a huge mistake that could cost an enterprise dearly. In fact, other sites could be even more vulnerable. Site assessments are crucial for just this reason – to ensure vulnerabilities are identified and assessed at all locations.
When an enterprise undergoes a traditional business impact analysis (BIA), the goal is to determine what business processes are vital, and what purposes they serve. The processes and activities that are most important to the company then are identified, based on how detrimental the impact would be if they were disrupted.
Companies that are the most prepared and resilient have taken the traditional BIA a step further by incorporating comprehensive facility and site assessments. In order to ensure maximum protection of information like corporate and customer data, financial records, and employee information, organizations have to consider the big picture when it comes to business continuity and disaster recovery – and that picture is not complete unless site vulnerabilities are understood and defended.
To fully protect an enterprise, organizations must identify all critical departments – from the IT shop to distribution centers and corporate headquarters – and then fully vet the locations that support those functions. Once that is done, a plan can be put into place to not only protect those locations, but also ensure all critical recovery procedures are documented and understood, should a natural disaster or other disruptive event occur.
Third-Party Vendors
In a BIA, companies must assess not only their own sites, but also their vendors’.
Vendors are increasingly important to an enterprise’s success. They process payments, deliver products, provide staff and store data. In many cases, if a third party’s services fail, the company using those services fails as well.
When engaging with third parties, an enterprise needs a process in place that mitigates all associated risks, which includes the sites and facilities where those partner companies do business. Without this step in place, even a company with a topnotch BIA for its own operations can still experience crippling failures.
Third-party facilities throughout the supply chain must be carefully vetted to ensure there are plans in place to deal with any disruptions that might occur. If a vendor has done their own site assessment, they should share that information with their partner companies, providing assurance that they have plans in place to deal with any issues that might arise.
Location, Location, Location
Imagine putting on a blindfold and throwing a dart at a map. While this practice is a fun way to pick a spontaneous vacation destination, it’s completely irrational for companies when it comes to choosing a new site. Enterprises need to implement the same risk assessment standards and analysis when selecting new sites as they do for their current facilities and offices.
To determine how complex each assessment needs to be, define any inherent threats stemming from the new sites’ geography and environments. These include crime rates, the probability of natural disasters or terrorism, the condition of critical infrastructure, and so on.
For each potential threat, the company then can assign a likelihood of such an event occurring, along with the level of impact an organization would experience for each scenario (devastating, severe, noticeable, minor, etc.).
Based on findings from the site assessment, companies then must identify the countermeasures that can be taken to lower the various levels of risk, and what personnel are critical to both mitigating risks and managing recovery processes. That can often mean additional costs. While no company is excited to spend more money on its operations, the price of proactive measures has to be weighed against the financial impact of a disaster for which an organization is unprepared.
Minimize Your Blind Spots
It is unfortunately all too common for a company to do a BIA and leave out a site and facility assessment. The people putting together the analysis and resulting plan may say, “We cannot function without our finance department,” but will create business continuity plans that do not take into account that department’s location. However, the site and the function are inexorably linked, and steps must be taken to ensure business continuity at each of your organization’s critical sites.
Enterprise organizations with multiple locations often find that juggling the issues and needs of each site is overwhelming – but if solid assessments and plans are in place, it becomes much more manageable.
It is imperative for a company to understand the types of impacts a location might have on their operations, and take the necessary steps to mitigate those risks. Partnering with experts to analyze all sites, and making sure the best plans for continuity and resilience are in place, will go a long way toward ensuring a business can withstand threats to its physical environment.
Recommend0 recommendationsPublished in Physical Infrastructure
Leave A Comment
You must be logged in to post a comment.