What is a disaster? How can you resume operations after a disaster? You need to implement ISO 22301:2012, business continuity management system and ISO 27031: 2012 IT disaster recovery.
Disasters happen. A disaster is a sudden, tragic event that creates the inability to provide the critical business functions for some period of time and which results in great damage or loss.
At a national level, we have witnessed several disasters unfold. On 11th April 2016, it was reported in the press that “at least 8 people where reportedly killed when Kyaseka Towers a commercial building along Makerere Hill road after Ham Shopping Mall but before Makerere College School female hostels collapsed on Monday afternoon after the owners had added floors.”
On October 21th 2018, Bududa landslides reportedly killed over 60 people, and counting… and the number was still increasing at the time of reporting. At the company level, disasters do happen. Tragic events that are sudden occur and you cannot afford to get ready. You must stay ready.
Good governance recommend that you establish an effective business continuity plan and disaster recovery plan to facilitate your business continuity in case of a disaster. Many organizations, have document they call a BCP. However, few if any have every tested their BCP. Below is a tool to assess your BCP maturity. Print and share the tool to all your staff to complete it.
Tool: Business Continuity / Disaster Recovery Assessment
How to use it: Print and distribute to all staff to complete, by handwriting
Why you need it: Assess your BCP readiness to identify gaps and plan better for any sudden tragic events. BCP is also required as part of your customer charter, compliance mandate and it is a best practice. You must continue to operate after any disaster.
BCP starts where risk management ends. For example. If your critical asset is your office building, which is under insurance cover (risk transfer), in case of a fire outbreak, insurance may compensate you and save you from financial loss. However, your business reputation may be injured beyond recovery for failure to fulfill customer orders or serve contract commitments during the time of processing your insurance claim when the office is closed. You need a BCP in place to help you continue in business immediate after the incident in a way that even your customers do not notice it happened.
No Organisation is safe from disasters. Disruptive events can come from several corners. Below are classification of disaster threats according to the type of event:
- Acts of nature – hurricane, flood, earthquake, etc. this is a normal occurrence in America, Europe and parts of Asia due to their location in active regions of the world.
- External man-made events – terrorism, evacuation, security intrusion, etc. This can happen anytime. You must keep alert.
- Internal unintentional events – accidental loss of files, computer failure, etc. This happens often.
- Internal intentional events – strike, sabotage, data deletion, etc. This is a possible threat.
Accidents happen when we least expect them.
Take time to undertake self-assessment of your BCP / DR maturity. Feel free to contact us at www.summitcl.com for guidance on the next steps.