Published On: Sun, Oct 15th, 2017

Are We Ready? – Part Two

business continuity lifecycle

In most IT textbooks new topics are often introduced with case studies. As a matter of fact, when I was introduced to Business Continuity Planning it was through a case study discussing the effects of Super Storm Sandy on the northeastern coast of the United States. While Hurricane Irma was far more powerful than Super Storm Sandy and the effects were much worse, this was not only because of the strength of the hurricane but also due to a lack of adequate business continuity plans.

The extensive and destructive force of Irma left the local governments and businesses on both sides of the island overwhelmed by the loss of electrical power, cellular phone service, internet access, transportation and even running water. Losing telecommunication, in particular, had a domino effect on the island which crippled governance and isolated the population.

Military personnel and local law enforcement officers who have come to rely on modern telecommunications were unable to coordinate their efforts to maintain order and enforce the curfew. This led to widespread looting and chaos along with delays in scheduling evacuations and requesting much-needed aid. On a larger scale, a lack of communication from official channels (government) also led to miscommunication and misinformation. Cooperation between the French and Dutch side was hampered. Meanwhile, false articles and photos spread through social media causing panic and damaging the island’s image and tourism brand.

Business continuity can be defined as the ability of an organization to maintain its operations and services in the face of a disruptive event.

This is just a small sample of what stemmed from the loss of telecommunications. However, a great deal of the impact could have been alleviated with proper business continuity planning by government and telecom providers on both sides of the island. Business continuity can be defined as the ability of an organization to maintain its operations and services in the face of a disruptive event. This event could be as basic as an electrical outage or as catastrophic as a Category 5 hurricane.

Business Continuity Planning

Business Continuity Planning encompasses three main tenants namely Resiliency, Recovery and Contingency. Companies need to make sure their systems are resilient, this is usually done through fault tolerance and redundancy (removing single points of failure) which helps them keep going if any issues are encountered. Recovery is the ability to actually get the system back online in the event that it’s not resilient enough to skip over an issue or disaster. Recovery is achieved through back-ups, fault tolerance, failovers, etc. Contingency deals with your alternatives if you cannot bring that system back online. This usually means having more than one pre-established location so that operations can continue if the primary location sustains significant damage.

Business Impact Analysis

Business Continuity Planning begins with a Business Impact Analysis to understand the impact of the disaster on each area of the business and identify critical systems and components. Through the Business Impact Analysis, a cost is also assigned to each area of the business which helps determine how much it would cost to bring that area of the business back online in the event of a disaster.

The Business Impact Analysis also lays the groundwork for Risk Assessment and Risk Management. These are self-explanatory but it is important to understand this is a continuous process. It is important to periodically review and see if there are risks that were not noticed before or if advances in technology can provide better solutions at alleviating risks.

Companies like Amazon and eBay when assessing risk look at how much investing in a resilient network would cost, usually a few hundred thousand dollars vs. how it much it would cost to purchase and install new parts. Along with how much money they would lose if their site was down. For reference, in 2013 Amazon lost $66,240 per minute of downtime. Similarly, some investing in the Caribbean tourism industry have a similar way of thinking. Bird of Paradise Villas in Anguilla is built to sustain 200 mph winds. As a result, they suffered minimal damages from Hurricane Irma and resumed operations the following day.

At this point it should be obvious, having a resilient organization means recovery will be quicker, easier and more affordable. Imagine if this type of resiliency was implemented at the airports, utility companies and by our telecom providers as it is in larger countries. Our recovery efforts would move along much faster. In the long run, it is cheaper to invest in resilient architecture. The airport is a good example, the cost to construct the airport was 117 million dollars and post-Irma repairs are expected to cost over 100 million dollars. Wouldn’t it have better to build a more resilient airport terminal building to begin with? Keep in mind that over 100 million in material damages does not account for the amount the airport lost every day it remained closed and the residual damage to our tourism-based economy.

Another benefit to Business Continuity Planning is that it can help us make better use of our natural resources. As an example, GEBE currently experiences frequent outages and relies on fossil fuels to service an island dubbed “Sunshine City.” A potential solution for GEBE could be to set up a program to rent and maintain solar panels to residents. This could be done for residents whose houses are built to certain specifications along with government buildings. As a precaution, the solar panels can be retrofitted for easy removal in case of a storm. Implementing these changes would result in a GEBE that is more resilient due to a reduced load and a distributed network while providing an avenue for the company to pivot into renewable energy and use fossil fuels as a backup. After GEBE becomes proficient with solar panel installation and maintenance they could even consider servicing neighboring islands.

Business Continuity Planning is not my idea or a new concept by any means, these are security best practices that are followed by most of the businesses where I have worked, mainly to prevent the loss of customers and damage to their brand. In St. Maarten/St. Martin governments and telecom providers on both sides have better reasons, they have an obligation to the people because their decisions affect the livelihood of the entire population.

Admittedly, this level of foresight and advanced preparation is not common to our leaders, some would even say they are shortsighted. Nevertheless, after Hurricane Irma passed, many politicians praised the resiliency of the people of St. Maarten/St. Martin. I know this might have just been political rhetoric, but in this case, I hope our leaders can adapt and learn resiliency from the people of their own country and put business continuity plans in place before the next hurricane or disaster.

Ramzan Juman

Related article: Are we ready? – Part one