An online Panel Discussion

Business Continuity Planning and Management is the ability of an organization to maintain essential functions during, and after a disaster. When properly implemented, it is a system that not only affects strategy but also protects all the processes of high value to the organization. Large and small, global or local, all the organizations around the world are affected by this unprecedented lock-down due to COVID-19. A complete halt in the business operations will affect productivity and profits which will have long term impacts. How to tackle such issues or state of emergency?

It is a fact that we don’t know how and in what manner the disaster is going to hit us. In the majority of cases, there is no chance to know about the upcoming disaster or pandemic in advance. However, businesses/organisations can devise a business continuity plan well in advance that is helpful in such unexpected situations.

Need for a Business Continuity Plan (BCP)

Business continuity is the process of maintaining or resuming of business operations during a major commotion, caused by natural calamities, pandemic, or malicious cyberattacks. To avoid and mitigate the risks of such disruptions, businesses/organisations should formulate a proactive business continuity plan well in advance to maintain financial sustainability.

Creating a business continuity plan (BCP) helps to identify the steps to be taken during and after any unexpected situations to maintain financial stability, build confidence in customers and employees about the sustainability of the business, preserve brand value and reputation, cultivate a resilient organisational culture, and get a competitive advantage.

Significance of Business Continuity Today

Business Continuity Planning and management emerged as one of the crucial pillars of organizational survival which are affected by COVID-19.  The objective of this online panel discussion is to educate the audience on how businesses can continue their operations without being affected during disruptions. Agnidipta Sarkar set the context of the discussion with a brief on the process of setting up a business continuity plan on the wake of WHO’s announcement of COVID-19 as a pandemic. Risk Assessment, Impact Analysis and Planning and Management are essentials processes to be set up before invoking Business Continuity. The format of the discussion was around a set of pre-defined questions on the best and next practices to implement the BCP in an organization which the experts responded based on their expertise.

Discussion Points

How a pandemic response like COVID-19 different from other disruptions?

Citing the examples of natural disasters and how businesses managed such tough times, the panellists pointed out the differences such as:

• Spark risk and spread risk, in which spark risk is the risk caused by the lack of pandemic preparedness and spread risk is the risk of spreading the disease to the majority.
• Caused morbidity and increased mortality risks
• Posed mobility risk because of the fear of the spread
• Disrupted the entire supply chain creating an economic crisis
• Created panic amongst the global population

How do we monitor situations like COVID-19 and when would be the right time for the organisations to invoke their business continuity plans?

A proactive business continuity plan is a must to deal with a pandemic like COVID-19. Some of the suggestions include:

• Businesses should monitor the situations and be updated with the recent circumstances
• Following authentic news resource is important, e.g. World Health Organisation in case of a pandemic. WHO has proposed 8-stages of this pandemic with a pre and post-stage and a set of guidelines (Refer the WHO link here)  Each stage needs different action plans which need to be reviewed. Remote working need to be invoked as per the directives of the local and central government.
• Staying connected with industry peers and associations on the situation
• Build a situational awareness program within the organisation
• Engage with senior leadership and CMD and create a war room setup if needed, which can cut through organizational red-tapism and bureaucracy.
• Reframe the business ecosystem based on the situations
• Be vigilant and invoke business continuity plan after considering various factors such as different phases of pandemic spread, information released by WHO and government regulations.
• Quick decision-making is the key, life safety is the priority.

Are organisations equipped to handle pandemic as part of their business continuity program?

There are typically two kinds of organisations; the first kind has a very hierarchical reporting structure, centralised leadership, tightly coupled teams, have a specialised and concentrated workforce, and highly driven by policies whereas the second type has a flat structure, distributed leadership, loosely coupled teams, non-specialist workforce and not bound by stringent policies.

Most of the times, the second type of organizations, will be more successful in handling the pandemic because the interdependency of the teams is less. Such organisations can work independently without being affected by the pandemic. The tweets from Anand Mahindra shows how manufacturing companies such as Mahindra has shown how independent organizations can lead innovations during these hard times, one of their facilities is used to manufacture life-saving equipment.

It is essential to create a clear communication strategy with all the key stakeholders, employees, customers, vendors and partners. It is also good to have a pandemic command centre to manage such communications at regular intervals. The communication strategy must lay out the safety policies for your customers and employees. The employees’ mental state also need to be addressed at regular intervals.

Is BCP enough to take care of the disruptions caused?

BCP may not be enough to take care of the disruptions caused. Because most of the organisations depend on the guidelines of the government. Most of the organisations may not have faced such kind of situations. Most of the organizations have ignored such warnings always. We need to have a proper pandemic response plan for the organisation because businesses have to also handle the mental health of the employees, especially in a pandemic situation like COVID-19. This response plan must align well with organizations crisis management team as well. In the US, one of the studies shows 7 out of 10 are highly stressed, which is not a good situation. The mental health of the employees needs to be addressed on a priority.

What are the other factors playing a critical role in successful business continuity?

Multiple factors play a critical role in a successful business continuity plan such as proper pandemic response plan, remote working plan, and technological tools.

What kind of technology readiness is critical to handle a situation like today? Which technologies are proving out to be of immense help now?

The organisations have to offer various technological tools to their employees to handle pandemic situations such as:

• Good network connectivity for remote work through broadband and or dongles.
• Good VPN connection to access the organizational resources
• Communication tools such as MS Teams, WebEx, GoToMeeting etc.
• Accessibility to right tools to deal with cyberattacks

Organizations may not encourage BYOD (Bring-Your-own-Device) without inspecting and double-checking the safety and authenticity of the software used, an appropriate configuration of firewalls etc.

Organizations like CISCO offers free encrypted VPN, WebEx DNS security tools which could be leveraged during these times. MS Teams is another lightweight option with excellent collaboration tools. Slack is a good tool to improve productivity. Event new joiners’ training can be done using these tools seamlessly. Government has also encouraging lightweight solutions to reduce the pressure on bandwidth.

How do you think the future is going to change after the Corona Virus?

Having a solid BIA (Business Impact Assessment) and RA (Risk Assessment) documentation is critical and the team need to double click all the major risks associated. Ensure the right documentation on the key processes, assets, vendors and supply chain details, evacuation protocols, key contacts etc. Sanitisation and fumigation to be ensured at the office space when employees return after weeks of lockdown.

Going forward, most of the organizations will go online to bring organizational resilience.  Online education, delivery etc will become very common. Supply chain dependencies on one large supplier will be reviewed and de-risking will happen.  Flexible work options, shrunken office spaces, creation of remote jobs, balanced dependencies, and human-centric work practices will come into being.

How BCP Can Help Organisations

A proper business continuity plan can help the organisations to come up with a successful business strategy that will help in the long run. The organisations should have a proper BCP document to execute the right BCM strategies. To create proper BCP, businesses should:

• Identify business functions and processes including day-to-day business operations
• Ensure the safety of critical files and information
• Have solutions to deal with various threats including cyberattack and crises
• Keep an updated list of emergency contact details such as helplines, hospitals, rescue centres, etc.
• Have a disaster recovery team

Stay Safe, Stay Connected!

BCP Experts as esteemed Panellists

The esteemed panellists include Sridhar Govardhan, Senior Director and Head of Information Security, Flipkart; Ram Kumar G, Strategic Information Security Leader; Venkatesh PS, Business Continuity Management Leader, Cognizant; and Deepak Singh, Chairman- Business Continuity Institute and CEO, Gorisco Solutions joined the discussion along with the moderator Agnidipta Sarkar, Evangelist Emeritus and Business Continuity Leader, Director, CMS IT Services.

Note: Do connect with the panellists if you want to learn more on BCP. Please share your feedback with us on [email protected].