Intranets and business continuity: lessons from 1987
This week marks 25 years since the Great Storm of 1987, widely (but erroneously) considered the only UK hurricane in living memory. 23 people died in the storm, which also caused £7.8bn worth of damage, cut power to thousands of homes and drove transport to a halt as fallen trees blocked roads and train lines.
But one of the less-well-known consequences was in the financial markets. Severe travel problems across the south of England meant few traders managed to struggle into work in London on Friday 16 October 1987. Unfortunately this coincided with the Hong Kong and Tokyo stock markets crashing and financial crisis spreading west through Europe.
Many analysts believe part of the blame for the speed, timing and impact of Black Monday was due to the storm which left London’s markets unable to function on that crucial working day. By the time London re-opened on the following Monday (19 October) there was mass panic selling of stocks, with the FTSE 100 closing 10.8% down. At the time it was the biggest one-day fall ever and destroyed £50bn of market value.
In 1987 the web was still a twinkle in Tim Berners-Lee’s eye, with the first web browser not emerging until three years later. Surely the same thing wouldn’t happen today? Enterprise technology means knowledge workers can access work systems from multiple locations and devices, right?
But it’s not quite that simple. The challenge for digital workplace professionals is to ensure their tools support business continuity plans effectively and work in the event of a crisis. So how do you do that?
Identify the business impacts
As part of their planning process, most organisations will have carried out Business Impact Analysis, which identifies the most crucial functions and the length of time the organisation can survive without them. Part of this process is focused on gathering technical or logistical requirements for each of these critical functions to be restored.
Intranet managers have a key role to plan in this process, liaising between IT, business stakeholders and end users so that the planned solution isn’t just feasible, but it something that people can use and rely on.
Key questions to ask include:
- What are your vital systems – the ones your organisation simply couldn’t work without?
- Who needs them?
- How can they access them?
- What information do they need to use these? As well as access to business systems themselves, people may also need to access supporting information or documentation, particularly if they’re using these in usual or exceptional circumstances.
Know your threats
Weatherman Michael Fish famously dismissed suggestions that a hurricane might be heading our way. Don’t be so dismissive, or you too might end up a laughing stock, to be ridiculed for decades to come. Alongside the impact analysis, your business continuity planners will also have undertaken some threat and risk analysis. This considers the likely threats, how they might be eliminated or minimised, and what specific steps might need to be considered to recover in the event of a particular event or set of circumstances.
As part of your intranet business continuity plan, you should consider possible threats and what might need to change on the intranet in order to recover from this. Remember, this might include your own non-availability; who will manage your intranet and other critical systems in the event of your absence?
Establish and implement a plan
You have identified the business impact and threats and now it is time to create your intranet business continuity plan. Be realistic, your plan may document specific scenarios, remember to establish an overall approach in order to help you, your team and your colleagues react to a number of situations.
Involve key stakeholders to test your plan. Walk them through the potential risks and impacts to the business and your approach to each one. The success of a business continuity plan relies heavily on your colleagues. Make sure they understand and agree with your plan.
Test your plan
No one had considered the impact of a single day’s widespread absence following the 1987 storm, and how business-critical it was for the workforce to be there. A simulated exercise will help you test your business continuity plan, revealing weaknesses and the potential risks to your business. Running through a test exercise will help to uncover any holes or gaps, or where people do not have the information they need.
Test your technology
Don’t wait until a real incident to check your equipment works. Ensure your priority teams have a real drill in re-located or home working so that if disaster strikes they’re confident their technology works.
Remember that in a real emergency everyone will be accessing remotely, so ensure your testing doesn’t just prove everyone can log on, but that they can all log on at the same time. When the UK Civil Service planned for the London Olympics this year, they did real, fortnight-long exercises involving the full workforce to ensure their systems were resilient enough to support large numbers of people working remotely for extended periods. In doing this, they could be confident their systems could support both short-term transport failures and any unexpected but more catastrophic incidents too.
Think about what would be important in an emergency situation
What are the few things that become vital if staff were forced to work from home or from an unfamiliar office? Which departments or teams might need to call in extra staff or support? How might your homepage change to support these things in a business continuity plan? Do people have permission to edit the page in emergencies?
Use this to your advantage
All too often, the crucial role the intranet can play in business continuity only becomes clear when it is tested in a real crisis. In fact, the vital role the digital workplace plays in avoiding and recovering from catastrophe is one of the strongest reasons to invest in usable and resilient technology. Your intranet is what could stop your business going down the pan in the event of a crisis. This should definitely be in your next business case for intranet investment.
Maintain, measure & evaluate
Never ignore your plan until you need it. Always review your plan, have others review your plan and ensure it is up to date. It may be useful to hold biannual or annual review sessions with your team and key business stakeholders. These meetings should confirm the plan is still factually correct, that employees identified in the plan are trained and are aware of their role and that there has been a yearly test conducted to evaluate the plan.
Remember, a successful intranet business continuity plan follows the highly effective ‘Plan-Do-Check-Act’ model. If you are struggling to create your plan, break it down into easy to manage pieces. You can always start small and grow from there. If you are still struggling, you can always buy the business continuity standard.