Intranets and business continuity: lessons from 1987
This week marks 25 years since the Great Storm of 1987, widely (but erroneously) considered the only UK hurricane in living memory. 23 people died in the storm, which also caused £7.8bn worth of damage, cut power to thousands of homes and drove transport to a halt as fallen trees blocked roads and train lines.
But one of the less-well-known consequences was in the financial markets. Severe travel problems across the south of England meant few traders managed to struggle into work in London on Friday 16 October 1987. Unfortunately this coincided with the Hong Kong and Tokyo stock markets crashing and financial crisis spreading west through Europe.
Many analysts believe part of the blame for the speed, timing and impact of Black Monday was due to the storm which left London’s markets unable to function on that crucial working day. By the time London re-opened on the following Monday (19 October) there was mass panic selling of stocks, with the FTSE 100 closing 10.8% down. At the time it was the biggest one-day fall ever and destroyed £50bn of market value.
In 1987 the web was still a twinkle in Tim Berners-Lee’s eye, with the first web browser not emerging until three years later. Surely the same thing wouldn’t happen today? Enterprise technology means knowledge workers can access work systems from multiple locations and devices, right?
But it’s not quite that simple. The challenge for digital workplace professionals is to ensure their tools support business continuity plans effectively and work in the event of a crisis. So how do you do that?
Identify the business impacts
As part of their planning process, most organisations will have carried out Business Impact Analysis, which identifies the most crucial functions and the length of time the organisation can survive without them. Part of this process is focused on gathering technical or logistical requirements for each of these critical functions to be restored.
Intranet managers have a key role to plan in this process, liaising between IT, business stakeholders and end users so that the planned solution isn’t just feasible, but it something that people can use and rely on.
Key questions to ask include:
- What are your vital systems – the ones your organisation simply couldn’t work without?
- Who needs them?
- How can they access them?
- What information do they need to use these? As well as access to business systems themselves, people may also need to access supporting information or documentation, particularly if they’re using these in usual or exceptional circumstances.
Know your threats
Weatherman Michael Fish famously dismissed suggestions that a hurricane might be heading our way. Don’t be so dismissive, or you too might end up a laughing stock, to be ridiculed for decades to come. Alongside the impact analysis, your business continuity planners will also have undertaken some threat and risk analysis. This considers the likely threats, how they might be eliminated or minimised, and what specific steps might need to be considered to recover in the event of a particular event or set of circumstances.
As part of your intranet business continuity plan, you should consider possible threats and what might need to change on the intranet in order to recover from this. Remember, this might include your own non-availability; who will manage your intranet and other critical systems in the event of your absence?
Establish and implement a plan
You have identified the business impact and threats and now it is time to create your intranet business continuity plan. Be realistic, your plan may document specific scenarios, remember to establish an overall approach in order to help you, your team and your colleagues react to a number of situations.
Involve key stakeholders to test your plan. Walk them through the potential risks and impacts to the business and your approach to each one. The success of a business continuity plan relies heavily on your colleagues. Make sure they understand and agree with your plan.
Test your plan
No one had considered the impact of a single day’s widespread absence following the 1987 storm, and how business-critical it was for the workforce to be there. A simulated exercise will help you test your business continuity plan, revealing weaknesses and the potential risks to your business. Running through a test exercise will help to uncover any holes or gaps, or where people do not have the information they need.
Test your technology
Don’t wait until a real incident to check your equipment works. Ensure your priority teams have a real drill in re-located or home working so that if disaster strikes they’re confident their technology works.
Remember that in a real emergency everyone will be accessing remotely, so ensure your testing doesn’t just prove everyone can log on, but that they can all log on at the same time. When the UK Civil Service planned for the London Olympics this year, they did real, fortnight-long exercises involving the full workforce to ensure their systems were resilient enough to support large numbers of people working remotely for extended periods. In doing this, they could be confident their systems could support both short-term transport failures and any unexpected but more catastrophic incidents too.
Think about what would be important in an emergency situation
What are the few things that become vital if staff were forced to work from home or from an unfamiliar office? Which departments or teams might need to call in extra staff or support? How might your homepage change to support these things in a business continuity plan? Do people have permission to edit the page in emergencies?
Use this to your advantage
All too often, the crucial role the intranet can play in business continuity only becomes clear when it is tested in a real crisis. In fact, the vital role the digital workplace plays in avoiding and recovering from catastrophe is one of the strongest reasons to invest in usable and resilient technology. Your intranet is what could stop your business going down the pan in the event of a crisis. This should definitely be in your next business case for intranet investment.
Maintain, measure & evaluate
Never ignore your plan until you need it. Always review your plan, have others review your plan and ensure it is up to date. It may be useful to hold biannual or annual review sessions with your team and key business stakeholders. These meetings should confirm the plan is still factually correct, that employees identified in the plan are trained and are aware of their role and that there has been a yearly test conducted to evaluate the plan.
Remember, a successful intranet business continuity plan follows the highly effective ‘Plan-Do-Check-Act’ model. If you are struggling to create your plan, break it down into easy to manage pieces. You can always start small and grow from there. If you are still struggling, you can always buy the business continuity standard.
What a great post Sharon – loved the way you opened with the interesting telling of a captivating story.
When you imagine a day when every single employee has to work from home instead of heading into the office, there are three technological requirements that stand out for me:
1) Searchable employee directory: If I am working from home all of a sudden, in an unexpected and unfamiliar situation, I need to be able to find and contact people. The employee directory needs to be searchable by names as well as keywords and employee profiles should include everything from photos and email addresses to mobile numbers and any sort of messaging/video conference usernames. If you can’t find and connect with people beyond email, then the digital workplace is… well, it’s just an overactive inbox.
2) Presence: When I’m working remotely I simply HAVE to be able to see if people are available so I can reach someone immediately or decide the best communications medium or to contact someone else. Presence should at least be available in each main communications software system, though preferably as a persistent feature that shows up the same in all systems.
3) Full spectrum of communications tools: Email isn’t enough. I should have communications tools that span the spectrums of i) synchronous-asynchronous and ii) one-on-one to many-to-many. Skype’s model of being able to scale a one-on-one chat into a group chat, into a group call is a good initial example of scalable synchronous communications.
These three technical features/systems/toolsets that allow employees to connect, communicate and work together through the proper channels/mediums are critical. Without them, the potential disaster that forces people to work from home can bring a company to a virtual standstill.
The perspective of disaster preparedness that you’ve put forward can light a fire under the bums of folks who’ve been procrastinating on modernizing their digital workplaces. Way to go!
Another important bit of the jigsaw is to look at the IT disaster recovery plan. They may well have decided that the intranet is not a priority because it’s ” just a web application”. The web site may well be externally hosted but not the intranet, so perhaps some core information can be accessed through a log-on hidden on the web site.
Not only do you need to know how long it will take to get the intranet back up but what will be the date of the recovered site. It might be several days earlier depending on the caching of the servers.
You may also find that the search application is low down the priority. In fact this needs to be at the top if you are going to search for people etc. The problem here is again when the index was last backed up. SharePoint 2007 is a particular problem – I won’t go iinto details but if I tell you that the standard book on SP2010 disaster recovery runs to 450 pages you may get a sense of the scale of the potential problems. Sp2007 is even more tricky.
When a disaster does arise access by mobile devices will be very important. Blackberrys operate on a hosted service but if you have a BYOD policy it is advisable to check VERY carefully with IT about how these are going to be supported.
Finally, access to many services may be through a corporate-supplied lap-top and if you are using your own from home authentication could be a serious challenge, perhaps not to the intranet but possibly to applications that run beneath it. It may not be obvious which little widgets are sitting inside your corporate lap-top until there is nothing to shake hands with back at HQ.
good info about business continuity and i advise you to read the info on drbcpt.com as there are lots of good information as well.
[…] this month we talked about the intranet’s role in preparing for and recovering from catastrophe. But are you prepared for a zombie […]
It’s hard to come by educated people oon this topic,
but you sound like you know what you’re
talking about! Thanks