How effective is your Business Continuity Management Implementation? Part 1

This is the first blog in a two-part blog series on the effectiveness of the implementation of Business Continuity Management. 

It is interesting to actually sit back and think about this question, whilst the purpose of any Business Continuity Management implementation seems evident, in many cases, Business Continuity Management may be viewed narrowly as the implementation of just a disaster recovery infrastructure that the Mobile Network Operator may never use, or just a “check-box” item for governance or regulatory purposes. This is a question that the Senior Management of organisations across many sectors including telecommunications have been asking from time immemorial, even though benefit realisation for such implementations should been tracked and reported.

The appropriate response to this question lies in the ability of the Mobile Network Operator to say “yes” to a number of pertinent Business Continuity implementation questions. The more questions that are in the affirmative indicates that the operator has either implemented or is on its way to implementing some of the recommendations highlighted in the GSMA BCM Report released in 2016 as summarized below.

  • Planning for resilience through BCM is a key responsibility
  • BCM needs to be a testing and iterative process
  • BCM plans should enable a reduction in friction and an increase in flexibility
  • BCM plans should be tailored to specific disaster types and levels of severity

 

It is important to note that many operators will find themselves at a different phase of their BCM implementation effectiveness journey.

There are many definitions of Business Continuity Management and how it should be implemented, but what is critical is to have a framework implemented that is holistic, supports resilience and provides the organisation with the capability to respond by restoring products and services after a disruption has occurred.

These key words: “holistic”, “resilience” and “response” highlight the work that the Disaster Response team have been undertaking via the Humanitarian Connectivity Charter and other initiatives which bring about collaboration with Mobile Network Operators, aid agencies and other organisations within the Disaster Management value chain. This is to help alleviate impact on affected populace caught up in disaster situations. The programme propagates the importance of preparedness, response, recovery and mitigation by the operators for humanitarian purposes.

So what are these BCM related questions that operators should be able to say “yes” to as it relates to best practice implementation of Business Continuity Management?

Your BCM Strategy

The first set of questions are based on your organisation’s Business Continuity Management Strategy. The importance of having this strategy cannot be over emphasised, as this defines the direction your organisation intends to take its business continuity implementation. The strategy should drive the implementation from a holistic viewpoint.

The questions are as follows:

  • Do you have a Business Continuity Management Strategy? Is the strategy aligned with your organisational strategic goals and objectives?
  • Does the strategy define the relationship with governmental, humanitarian and regulatory agencies before, during and post disaster situations?
  • Have you identified the risks and threats to the organisation in relation to business continuity management?
  • At a strategic level, have you agreed on how to respond to the various disaster types or do you have a generic approach across the board?
  • Have you agreed the Recovery Time Objective-RTO and the Recovery Point Objective- RPO that the organisation will be able to cope with?

 

Your Preparedness Levels

The second set of questions are based on your disaster response preparedness level. The better the preparedness level, the better you will be able to respond during disaster situations. Here at the GSMA, one of the aims of the Disaster Response Programme is to ensure that operators responses to disaster situations becomes more predictable, to enable operators to play a more effective role in the wider coordinated response to an incident.

The questions are as follows:

    • Do you have a nomenclature for preparedness activities to deal with both internal or corporate and external crises/incidents?
    • Have you defined and tested your Business Continuity Management Plan? Do you conduct both full failover and desktop test and does it involve all mission critical services?
    • Do you have resilience “built in at source” for both your Network and IT infrastructure? Is this done at design stage or is it bolted on at implementation?
    • Have you documented your crisis management process? Is everyone aware of what to do when an incident occurs?
    • Has a business impact analysis been done and risk factor identified for each mission critical process?
    • Have you identified and documented your mission critical processes (SMS, Data & Voice being the core services provided by mobile operators)?

 

A Mobile Network Operator answering “Yes” to many of the above questions and the questions in part two of this blog should give some comfort about their level of preparedness for disaster situations.

The GSMA Disaster Response programme will continue to take a focus on Business Continuity through its technical stream. A new webinar series in 2017 will focus on these issues and more and an updated version of the Business Continuity Guideline is forthcoming. MNOs with a specific interest in this topic can contact the team at [email protected]

Read part two of this blog series here.

The Disaster Response programme is funded by the UK Department for International Development (DFID) and supported by the GSMA and its members.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.