Sumash Singh, EMC

Worldwide disaster recovery and business continuity arrangements look bleak, and South African companies echo these trends.

Although business continuity management (BCM) uptake has increased by 3% in the UK over the past few years, very few companies are concerned about the BCM practices of their supply chain, according to a recent report released by The Chartered Management Institute in the UK (in partnership with the British Standards Institution, the Business Continuity Institute and the Cabinet Office).

“Less than one in 10 businesses with business continuity plans in place for their own operations (7%) expect the same of their suppliers, and just 3% see this changing in the future,” the report says.

Furthermore, according to the report, BCM uptake is only at 61% this year. Unfortunately, it seems local uptake and interest is no better. To get an understanding of backup and disaster recovery trends in SA, EMC sponsored a survey of 250 IT decision-makers across a variety of industries and company sizes (research was commissioned by research agency Vanson Bourne). “Our goal was to understand the real causes of systems downtime and data loss in SA, as well as the associated commercial consequences among both private and public organisations,” explains Sumash Singh, business unit manager: backup recovery systems at EMC Southern Africa. “The results indicated that 74% of IT decision-makers in SA are not confident they could fully recover after a disaster.”

He continues: “Of the companies surveyed, only 56% review their backup and recovery plans after disaster strikes, and 39% increase spending on backup and recovery when they have had a disaster. This is despite the fact that 31% needed a day or more to return to full business operations. The research found that, on average, organisations in SA are spending around 10% of their annual IT budgets on IT backup and recovery, and 40% of respondents did not think their organisation was spending enough on backup and recovery.”

THE SUPPLY CHAIN

Mark Beverley, GM of Service Delivery at ContinuitySA, says the company understands the strategic advantages of having a plan in place to ensure the recoverability of the organisation after an incident.

Mark Beverley, ContinuitySA

“However, should one of our critical suppliers experience a disaster, it would affect our services to our clients significantly.”

He says downtime will reflect badly on the company and pose a risk to its clients’ businesses.

“This is particularly true of real-time suppliers, ie, telcos, municipalities and cloud service providers. Currently, we have alternative arrangements with other suppliers of these services, and in doing so, reducing the risks where possible.”

Singh agrees that any organisation would be affected by a disaster experienced by a member of its supply chain. “In fact, the knock-on effect can be just as harmful for partners and suppliers up and down the supply chain. A disaster of epic proportions does not have to occur for a business to suffer disastrous consequences in relation to backup and recovery. We live in an economic time when investments need to be made wisely, and there can be no tolerance for interruptions to the business because of an IT systems failure. By transforming backup and recovery strategies, companies can improve both recovery from day-to-day outages, as well as recoveries from something more severe.”

When it comes to responsibility, does an organisation have to ensure the companies in its supply chain have adequate BCM? According to Beverley, any organisation has an obligation to assess all risks and to make sure BCM addresses that risk. “So this will extend to the supply chain. The level to which an organisation can assess and apply pressure for compliance further down the supply chain is debatable, though. I don’t think many organisations have taken these assessments far enough.” Singh believes it makes good business sense for all the companies in a supply chain to have an effective business continuity plan in place. “Information is a critical corporate asset and the lifeblood of most organisations. Yet, as much as companies are investing in the systems and devices to create and access data, there is a disconnect with regards to the investments companies are making to companies protect data and applications. Lost revenue, loss of employee productivity and decreased customer loyalty are most often the result of a prolonged disruption, so an organisation, therefore, has a responsibility to prevent these negative impacts by ensuring that the companies in its supply chain are as well protected as possible.”

LOCAL DISASTERS

In SA, says Beverley, there are fewer natural or seasonal disruption causes. “We find the biggest failures are caused by power- and hardware-related issues.”

Beverley explains that his company’s spend in resilient infrastructure has increased, both on an IT and an infrastructure perspective. “BMS monitoring systems have been enhanced. Our change and incident management processes have been enhanced to cater for infrastructure and IT systems,” he says.

According to the EMC-sponsored survey, explains Singh, the top three causes of data loss and system downtime in SA are loss of power (56%), hardware failure (51%) and software failure (50%). “This is hurting business in the following ways: loss of employee productivity (42%), loss of revenue (38%) and loss of customer confidence (32%),” he explains.