Common Business Continuity Disasters

We should always be performing risk analysis, even if it is ad hoc or a thought exercise. As the new year is now well underway, we have forgotten about our New Year’s resolutions, and are back into projects and issues. As you begin the review of risks and plan updates, with what type of events should you be concerned?  In a recent blog, we talked about a couple of events that demonstrated our potential lack of functional recovery. This week, we will expand that list to include many of the business continuity disasters that we have seen in the last few years.

Common Business Continuity Disasters

  1. Self-inflicted outages

    Critical application outages due to human error in implementation or errors not found during testing.

  2. Employee sabotage

    Employees changing admin or critical processing passwords with no way for the organization to correct them.

  3. Third party outages

    Software as a Service (SaaS) or Infrastructure as a Service (IaaS) providers having an issue impacting customers’ ability to use the services. Think about Google outages or a virtual server/storage provider such as Amazon Web Services. Were you impacted by the SalesForce, Office 365 or Symantec outages this past year?

  4. Power outages

    These could impact your own facility or data center, but could also be the cause of third party outages.

  5. Natural events

    Hurricanes, recent winter storms, earthquakes, and localized storms (in Arizona we have micro-bursts each summer that impact individuals or a few businesses).

  6. Wildfires

    For those of use in the West, this is an annual news event. Last year both California and Tennessee were heavily impacted. While these typically do not impact larger metro areas, if your organization is close to forested areas, these types of events can cause evacuation or building impact very quickly.

  7. Flooding

    Think not only in terms of heavy rains such as the August storms in the southern U.S., but flooding that is caused by water main breaks or sewer backups. I spent an afternoon with a wet/dry vac trying to clean up under a raised floor before sewage hit the power outlets.

  8. Communications outages

    These could be considered third party outages, but since we leverage these for core business processes, losing just this function could cause major business impact. Consider what you use for communication. It is more than just a phone – VOIP, LAN, mobile – but also social media and messaging. What is the impact to your organization when any of those are unavailable?

  9. Internet (ISP) outage

    Given the importance of SaaS, remote access, and other internet-based work, an internet outage could have a similar impact as a data center outage.

  10. Network provider

    Again, this could be under the third party provider category, but given the criticality of your network access, network issues outside of your control can impact the entire organization.

Comparing this list with your BC Planning

No one likes to think about any of these potential business continuity disasters, but knowing what others have encountered encourages preparedness. Are any of these examples events you may not have considered in previous risk assessments? If so, now is as good a time as any to ensure your plans and strategies are robust enough for any potential situation. Though it may be uncomfortable to think about this happening to you, lost inventory, reduced productivity, property damage and the all-important revenue loss are more uncomfortable. Take a few minutes to consider the planning and strategies you have in place. Will they reduce or eliminate the impact of the scenarios above? Hopefully, this will trigger ideas on other potential risks to your locations.

 

About
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
resiliency theatercyber security planning