Business Continuity And Crisis Management Commerce Essay
Business Continuity Management is a holistic management process that organisations need to embeds in their business culture by adopting several different methodical approaches including disaster recovery planning, business resumption, contingency planning, and crisis management planning etc. (British Standard Institute)
Business Crisis and Continuity Management (BCCM) program is of vital importance for all organisations, due to increasing incidence and threat of major disasters such as terrorism, natural, social, technological, manmade, chemical, or environmental incidents affecting the organisations in UK and worldwide. It can provide the focus and guidance for the decisions and actions necessary for an organization, whether business or government to prevent and mitigate crisis. It prepares organisations to respond in a manner so as to easily resume, recover and restore the normalcy of its business from a disruptive crisis or event that is consistent with its strategic objectives. For this purpose a BCCM program should be on the place that clearly defined and accepted framework of the various functions supporting BCCM and their integration. The appropriate level competency, leadership and authority to carry out such plan and accomplish integration are also very important.
The possibility of facing threats and devastating aftermath and huge costs after the serious incident such as 9/11 terrorist attacks and the experience of 7/7 London bombings raise the question about the readiness of the UK organisations to effectively deal with such large scale disasters.
Now a day’s people think that we must embrace the fact that no matter how solid any business or service is, things may go wrong at any time. Some incidents like Volcanic Ash and BP oil Spill and research results also support this fact. So to generate resilience in entire business operations or services various organisation fells immense pressure and have started practicing world class Business Continuity & Crisis Management to avoid this kind of catastrophic situation and also to uphold the shareholder’s value or service recipients’ satisfaction. The impact of these incidents on BCCM planning in UK is discussed in following section.
BCCM PLANING IN UK ORGANISATIONS
After 9/11 and 7/7 terrorist events all Businesses and government organisations in UK feels an immense responsibility for their continuous operation under any circumstances in case of any such unfortunate events of terrorism or any other natural or manmade crisis events. Business Continuity has been, and remains, high on the board-level agenda.
Since the atrocities of 9/11, in UK the government was more responsive towards crisis management but most of the businesses were not much prepared to response such incidents. But after 7/7 London bombing, increasing global threats now make the resilient organisation a strategic imperative as no organisation can ignore that its value, reputation, employee safety and shareholder value at stake. Accordingly we can see that BCCM planning in UK was shaped in two different phases. First phase was the post 9/11 government response heavily centred on the emergency or crisis management and the second phase was post 7/7 London bombing that emphasis more on Business Continuity in case of crisis.
A CRISIS MANAGMENT APPROACH: POST 9/11THE GOVERNENT INITIATIVE
In UK the Y2K (the Millennium Bug), flood events and Fuel Blockade crisis of year 2000 raised the question about complexity and lack a central focused and framework for responding and preparing for emergencies at national, regional, and local levels. As a result Civil Contingencies Secretariat (CCS) was established within Cabinet Office, with lead responsibilities were transferred to it, in July of 2001.
The aftermath of 9/11 New York terrorist attacks and increasing threat of manmade disasters brought question about the readiness and sufficiency of the UK government emergency management structure with the intent of providing effective civil protection. The concern of terrorism and establishment of effective disaster response framework led to structural change and reformation (O’Brien & Read 2005).
The 9/11, New York terrorist attacks highlighted the vulnerability of critical infrastructure to terrorist attacks around the world. The UK government focused on security of critical infrastructure from manmade attacks such as Nuclear Power Reactors.
The UK Home Office and Civil Contingencies Secretariat has therefore underscored the importance of physical protection of Nuclear Power Plants against future possibility of terrorist attacks and tightened security standards (Moss 2002).
The Civil Contingencies Act (CCA) of 2004 introduced a single framework for civil protection in UK and brought new changes to the table such as replacing and updating former Civil Defence and Emergency Power legislations.
The CCA – Part 1 defines regulations, guidance, clear set of goals, and responsibilities for all involved organizations at the local level. The local responders are divided into different sections and categories based on their specific duties and roles.
The structure of emergency management in UK is decentralized. Most emergencies are handled at local level with no involvement of Central Government
Local agencies – mostly police – are always the first and leading responders. They carry the burden of emergency management. However, in different disaster cases as animal disease outbreak, if local police are not the prime responding agency, the management of disasters is performed through local offices of the lead governments with the support from appropriate Government Offices.
For this purpose a three level framework of management of response and recovery was established. These levels are:
Gold Level: It is strategic level. The Strategic Coordinating Group (SCG) is formed by the personals from appropriate organizations and agencies – generally chaired by the police department- is responsible for overall crisis response.
Silver Level: It is tactical level that ensures that actions taken by bronze level are coordinated and integrated so as to achieve maximum effectiveness and efficiency. Silver Level command may locate nearer to incident command point.
Bronze Level: It is operational level at mostly local government organisation, which the management take immediate steps and provide possible support within their area of responsibility and in specific tasks of the emergency on the site or other affected areas. They must act together and coordinate with all other agencies in order to sustain integrated effort. Bronze level responders will
The CCA- Part 2 updates Emergency Power Act of 1920 and focuses on most serious emergencies and future risk profile
If the impact of the emergencies is within the boundaries or capabilities of local government, appropriate local emergency services and authorities are being activated to take control of the situation.
In more serious emergency, the coordination and response is provided by the Central Government through appropriate Lead Government Department (LGD).
Civil Contingencies Secretariat (CCS) supports Civil Contingencies Committee (CCC) in dealing with terrorism and natural disasters and in an emergency situation with big aftermath and impact, CCS will work with lead departments.
In case of any incident of national significance the Cabinet Office Briefing Room COBR is being activated to support coordination and decision making of LGDs, for overall management and response to the incidents.
Further the incidents were classified in three different Levels as follows.
Level 1: level of significant emergency: is any disaster with small impact which requires narrow focus. The support of central government is provided through LGD.
Level 2: These are the serious emergency or disaster having wide and prolonged impact such as major terrorist attack or outbreak of disease. Response is coordinated from COBR by the LGD
Level 3: Any catastrophic emergency or disaster such as 9/11 with widespread impact and requires immediate involvement of central government, leading responding agencies will be COBR/Civil Contingencies Committee (CCC)
The establishment of CCA brought core changes to emergency response and crisis management. The government has made changes in the definition of the term emergency, identify the clear boundaries, roles, and responsibilities of all involved organizations and parties in depth and look at the new duties of local and governmental agencies. It replaces outdated system of emergency powers; and, in general, giving UK government ranging powers in an emergency (O’Brien & Read 2005).
A BUSINES CONTINUITY APPROACH: POST 7/7 LONDON BOMBINGS
London bombing of 2005 pause a new challenge for UK government. Vulnerability of critical infrastructure made the government to reconsider effectiveness of current emergency management system. The Government requires thinking about an effective system with the collaborative efforts of local and central governments to fight against terrorism and other crisis and the continuity of business in wake of such incident.
The Government has developed frameworks at local and national levels to support planning in the public, private and voluntary sectors. It is crucial that organisations from all sectors work together and share good practice in order to secure the resilience of the UK. In accordance with the Civil Contingencies Act 2004, Local Authorities has the duty to provide businesses and voluntary organisations with advice on Business Continuity Management. This duty aims to ensure that local businesses are able to quickly recover from disruptions. A resilient business community creates a better society. According to KPMG, for business organisations becoming a ‘resilient organisation’ is now the ultimate goal. Such organisations are defined by KPMG as those that can maintain their most critical operations, and ultimately, survive all but the most extreme forms of disruption.
The paper concludes that
The Business Continuity Institute has stated that effective BCM for the business is built on seven Ps these are:
1. Programme – proactively managing the process
2. People – roles and responsibilities, awareness and education
3. Processes – all organisational processes, including ICT
4. Premises – buildings and facilities
5. Providers – supply chain, including outsourcing
6. Profile – brand, image and reputation
7. Performance – benchmarking, evaluation and audit
Planning
All major business and public organisation have BCCM planning and are reviewing all their critical business processes and conducted Business Impact Analysis (BIA) of all these processes and its dependent technology & IT systems.
People
Kate Nowlan, corporate psychologist speaking at London seminar about how 7 July had affected organisations and employees, observe that businesses are still not paying enough attention to the people aspects when it comes to planning for disaster.
Kate Nowlan said that some organisations had placed greater emphasis on contingency plans and implemented trading programmes addressing the psychological effects of emergencies.
Process
Through some rigorous analysis organisations has been able to find out the areas where it needs special attention. After successful completion of BIA, many of them formulating the BCM Strategy, Disaster Recovery Plan, Department of Continuity & Recovery plans etc.
Premises
Some company have a separate location built only to handle the crisis or disastrous situations.
Some have shared service centres.
Performance
To enhance crisis management capability some organisations are even conducting international level Crisis Management Exercise at their own crisis management centre.
Providers
Most of business mangers believe that their biggest concern is the disruption to their critical infrastructure or that of a supply chain partner, which could put their organisation’s financial viability at risk. Becoming more resilient, individually and collectively, is even more critical because of the highly interdependent supply chain.
Profile
(Source: CMI Report, KPMG Report)
EXAMPLE OF BCCM IN SOME COMPANIES
In current time, the Board and management of companies are greatly concerned about Business Continuity Planning According to the risk management best practices from sources such as the Turnbull Report and specifically 13 of the Basel II Capital Accord, the BOD and corporate management are responsible for the effectiveness of the Business Crisis and Continuity Management of an organization. Therfore, many internal and external observers and consultants are engaged to build robustness in management competence in BCCM.
Vodafone, Societe Generale, HSBC, Astra Zenca a Pharmaceutical company are examples of having World class international BCCM System in place.
Societe Generale, the French financial services group in UK, has well-developed crisis management plans with a dedicated operations centre for co-ordinating the response to any incident. James Coulson, UK CEO of the group believes that simplicity and flexibility are the two watchwords for effective crisis management.
INITIATIVE BY TRIPARTIATE AUTHORITIES
According to KPMG, terrorism threat and risk of global pandemic has made business continuity a collective challenge, so financial services firms must stick together. The Tripartite Authorities – HM Treasury, the FSA and the Bank of England – get conducted a detailed survey through KPMG of the UK financial sector’s BCCM ability and published result in December 2005. Around 60 of the UK’s most significant financial service firms take part in the Resilience Benchmarking Project to cope with major operational disruption, such as a terrorist attack or natural disaster. Many of them helped in its planning and design.
The survey aimed to answer the following questions:
How resilient is the UK financial sector?
How quickly could the sector recover from major operational disruption?
Do firms plan and prepare effectively?
Are there any concentrations or dependencies that could be potential areas of vulnerability?
What action is needed to improve the resilience or recovery capability of the sector?
The results of the survey reveals that,
1) Most of the financial services firms have highly resilient IT systems and could recover critical functions rapidly following major operational disruption.
2) The survey also highlights the significant geographical concentration of some critical business functions and back-up sites in and around London.
3) Moreover there is a high degree of reliance on financial infrastructure providers, on key providers of telecommunications facilities and on providers of disaster recovery facilities.
FSA currently sees no need to take a more directive approach, unlike in the US where firms deemed to be significant market participants, are required to have three back-up sites located at progressively greater distances from their main operation, as well as specified recovery times.
Subsequently from 2006 onward FSA promotes good practice through benchmarking. It has published Business Continuity Management Practice Guide that offer firms an effective self-help ‘toolkit’ in their efforts to improve their resilience and recovery capabilities.
INITIATIVE BYMPS & LCCI
Immediately after the tragic London bombings on 7 July 2005, Metropolitan Police Service (MPS) by initiative of Commissioner Sir Ian Blair, hold high level consultations with business and London communities affected by the continuing threats.
A Business Forum on Serious Crime was launched on 8 Nov 2005, to act as an interface between the MPS, London businesses represented by London Chamber of Commerce and Industry (LCCI), and its affiliate, the Asian Businesses Association (ABA). It was chaired by Michael Cassidy, the president of the LCCI. Its main objective is to facilitate structured dialogue, and to help disseminate information from the MPS to the people who run the businesses in the capital.
In the month following the 7/7 attacks, the LCCI produced a report looking at the economic effects of terrorism. The report made several recommendations concerning the need to bolster our economy in the wake of the bombings; to ensure that measures were taken to try and minimise the chances of a repeat; and to ensure that businesses were well prepared should they be attacked again.
STAMNDERDISATION INITIATIVE BY BSI AND CCC
BS 25999, the world’s first British standard for business continuity management (BCM), has been developed by a group of world class experts to minimize the risk of such disruptions. The standard is designed to keep the business going during the most challenging and unexpected circumstances.
BS 25999 comprises two parts, part 1 the Code of Practice that provides BCM best practice recommendations while part 2 the Specification, provides the requirements for a Business Continuity Management System (BCMS) based on BCM best practice that covers the whole BCM lifecycle. It is certified independently.
It provides a basis for understanding, developing and implementing business continuity within any organization, large or small, from any sector. Implementation of the standard enhances confidence in business-to-business and business-to customer dealings.
The Business Continuity Institute (BCI), the British Standards Institution (BSI) and the Civil Contingencies Secretariat (CCS) of the UK Cabinet Office jointly offer a free Workshop to the organisations currently pursuing an interest in BS25999. The purpose of these workshops is to disseminate information relating to the clarification, deployment and effective use of BS25999 and related guidance documents and to develop a two-way communications channel between the BS25999 user community and the BSI.
Audatex a market-leading provider of computerised insurance estimating and claims management in UK has achieved a global first by gaining simultaneous certification to two important risk-related management system standards the international standard for information security, ISO/IEC 27001 and the new standard for business continuity management, BS 25999.
WWWWWWWWWWWW
Business continuity is evolving and responding
A number of key trends are also highlighted in the paper, which provides evidence that leading financial institutions are refocusing their efforts beyond the traditional boundaries of business continuity, not only to survive crises stemming from the three major threat scenarios, but to protect and potentially enhance shareholder value in the long-term.
For example, the exercising of business continuity arrangements is becoming more regular, more sophisticated and more connected, both across the organisation and industry-wide. It is a notable feature that business continuity in the sector has, in recent years, become increasingly co-operative; the bar is being raised as a direct result of collective knowledge sharing. Nonetheless this does not diminish the underlying competitiveness of organisations as they seek to maximise the value of their investment, contain ‘recovery workspace’ costs and position themselves to seek commercial opportunity when a disaster strikes.
Flexibility and simplicity are key
However, whilst these complex issues and challenges must be addressed, our overall premise is also a straightforward one – flexibility and simplicity must be at the heart of successful business continuity. Arrangements must be integrated into the everyday business and look outside as well as inside the organisation. They must be regularly tested to ensure that they remain relevant, that staff are familiar with what is expected of them and updated to take account of changing threats, changes to technological sophistication and changes to the business.
Business continuity professionals must broaden their reach
To achieve the ultimate goal and enhance the reputation of business continuity within organisations, business continuity teams must embrace multidisciplinary skills; recognising that it is the ability to pull together specialists from a wide range of subject areas combined with a deep understanding of how critical business areas operate that adds real value.
Supply Chain Managment
Comunication
Alternative Site
Through a multi-disciplinary approach, there is also an opportunity to integrate operational and financial crisis management under a common framework for decision making, planning and regular exercising
Order Now