Why are large organisations so bad at business continuity?

Last night I was settling down to watch an episode of Criminal Minds on LoveFilm only to discover the service was unavailable. I waited to see if it would be restored but after 15 minutes there was still no resumption in service.

I was pretty annoyed – after all, I pay for a premium subscription and don’t expect the service to be unavailable when I go to use it. As such, it would seem LoveFilm are not the only large organisation that don’t have adequate measures in place to ensure the continuity of their business. It is not too long ago when several large banks experienced issues with their IT systems – specifically RBS and Lloyds TSB in the UK.

But why are large organisations so bad at business continuity? Surely they don’t want to suffer the damage that results from a business interruption?

Damage to an organisation suffering a business interruption can be manyfold but can include:

  • Damage to the organisation’s reputation and brand
  • The cost of lost orders
  • Compensation costs associated with customers not being able to access the services they pay for
  • Fines for not complying with industry or governmental regulations
  • Costs associated with resuming business as usual.

In short, the damage done to an organisation experiencing a business interruption could destroy it. They fail to plan for a crisis and as a result don’t have systems in place to ensure the continuity of their business.

‘By failing to prepare, you are preparing to fail’
Benjamin Franklin

But what can be done to ensure an organisation can continue business even when a major IT or other crisis strikes?

The answer is pretty simple really; they need to put in place an ISO 22301 business continuity management system (BCMS). ISO 22301 enables organisations to take a risk based approach to business continuity, putting in place adequate controls to manage the risks faced to the continuity of an organisation and mitigate them as much as possible.

Organisations can gain certification against ISO 22301 and thus demonstrate they have a system in place to ensure the continuity of their business and, more importantly, the services customers use.

Now, where is LoveFilm’s ISO 22301 certificate?

Essential ISO 22301 Resources:

  1. ISO22301 (ISO 22301) BCMS Requirements
  2. The Route Map to Business Continuity Management. Meeting the Requirements for ISO22301 (ISO 22301)
  3. Business Continuity Management Systems – Implementation and Certification to ISO 22301
  4. ISO 22301 Business Continuity Management System (BCMS) Implementation Toolkit

One Response

  1. Howard Kenny 6th August 2013