How effective is your Business Continuity Management Implementation? Part 2  

 This blog looks at how an organisations Business Continuity Management implementation may be deemed effective or ineffective. As already highlighted in the first part of this blog series, it is important for organisations to view such implementation beyond IT infrastructure and widen the scope to cover both the business and social responsibilities they may have to their various stakeholders, including shareholders, subscribers, the regulatory and governmental agencies and the wider community in which they operate.

The Disaster Response Programme at the GSMA has been working hard to highlight the importance of preparedness in Disaster Response activities via the Humanitarian Connectivity Charter. The importance of having an ongoing Business Continuity Management (BCM) programme cannot be over emphasised as it forms the backbone of any MNO’s preparedness levels, this combined with other CSR activities works to deliver overall company objectives that will not only bring commercial rewards but also deliver the MNO’s corporate social responsibilities.

As previously highlighted, the GSMA BCM report published in 2016 stated that the responsibility for resilience lies solely with the MNO; it is indeed a key responsibility that cannot be avoided or neglected. It stated the need for the MNO’s BCM to be testable and iterative, enable a reduction in friction, increase flexibility and be tailored to specific disaster types. The better the preparedness level, the better you will be able to respond during disaster situations

As a reminder, the summary of the business continuity management related questions that mobile network operators should be able to say “Yes” to as discussed in part one of this blog series can be summarised as follows:

  • The first set of questions were based on the operator’s Business Continuity Strategy and Policy and how it should drive implementation from a holistic viewpoint.
  • The second set of questions focused on the need to identify key critical services based on a Risk assessment and a Business Impact Assessment. It also covers organisational agreement on the mobile operators Recovery Time Objective and Recovery Point Objective.

As a follow up to the summary above, we will now look at the third and fourth set of questions that the MNO needs to answer “Yes” to before its business continuity management implementation can be deemed effective.

 

RESPONSIVENESS

This set of questions will focus on responsiveness levels when incidents and or a disaster occurs. It is pertinent that mobile operators’ responses to disaster situations become more predictable, fast, effective and comprehensive in nature. The faster the response, the better the likelihood that they can help reduce fatalities when disasters occur.

The questions are as follows:

  • Do you have a Crisis or Incident Management Plan? Does it clearly define who is responsible, who is accountable, who needs to be consulted and informed at every single stage?
  • Do you have procedures for invoking the plan? Do you have clearly defined criteria for invocation? Has who, what and when scenario been defined?
  • Do you have a notification method or Call Tree in place?
  • Do you have an operational Command Centre in place?
  • Do you have a communication strategy/plan for staff, subscribers, shareholders, families of affected individuals or affected staff and the general public at large when an incident or a disaster occurs?
  • Are your vendors and or suppliers involved in your business continuity activities? Do they know what to do during the crises?
  • Do you have a plan on how to supply and move critical resources (both human and material resources) when an incident or disaster occurs? e.g. fuel to power generators as alternative power source.

 

RECOVERY

This set of questions will focus on the recovery strategy post-incident. This is key for learnings to be captured and documented for events that may occur in the future.

The questions are as follows:

  • Do you document lessons learned after an incident? And are briefings conducted when they are supposed to be conducted?
  • Do you have a testing methodology post disaster period?
  • Do you update your business continuity artefacts post incident period and are they version controlled?
  • Do you conduct business continuity management roadshows with all stakeholder so updates can be shared to all those that need to be in the know?
  • Do you capture your post incident CAPEX/OPEX for technology and facilities requirements?
  • Does Senior Management review and approve your business continuity actions? And do they support required Network upgrades that build resilience in areas lacking?
  • Do you have a DR site to run mission critical services if your main Datacentre becomes inaccessible?
  • Is your Disaster Recovery site in a different location to Production Datacentre?
  • Do you have a training programme specifically for business continuity management in your organisation?
  • Do you have business continuity management champions in the organisation?
  • Is the percentage of staff or business continuity management champions who have undergone the training programme more than those that have yet to attend the training?

 

In order to further support the mobile operators’ business continuity drive, the Disaster Response programme has put together an Effective BCM Implementation Guideline for Mobile Operators based on the Plan, Do, Check and Act approach, that can be utilised to implement and maintain a business continuity programme. This document is one of the many resources that the programme provides and will continue to provide for mobile operator’s use. The information provided in the guideline will help operators achieve a “yes” answer to many of the questions asked in both parts of the blog series and aid the implementation of an effective and sustainable programme.

Here at the GSMA, our aim is to provide guidance documents, tools and reports that will help guide preparedness, response and recovery approaches across the board and ultimately help reduce the impact of disasters on affected communities. The programme will continue to take a focus on Business Continuity through its technical stream. MNOs with a specific interest in this topic can contact the team at [email protected]

The Disaster Response programme is funded by the UK Department for International Development (DFID) and supported by the GSMA and its members.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.