Information Disaster Planning: An Integral Component of Corporate Risk Management

Article excerpt

Business risk analysis and management is the carefully planned preparation at the corporate level to counteract major business threats (including risk analysis of opportunities) and to provide for the provision of business continuity during and after crisis situations. Business continuity planning is no longer considered a luxury, but rather a necessity; in fact, it is mission critical. Many organisations never fully recover after a disaster, largely due to a simple lack of foresight and planning. Organisations need to plan for the worst to optimise their chances of survival. Emphasis should be on loss prevention techniques: the identification of the potential risks and the development of worst case scenarios to eliminate and control or contain the identified risks. The essential issue is corporate survival. The faster an organisation can swing into disaster recovery mode the greater the savings in time and money, and the more likely the preservation of the business enterprise and reputation. The ability to act quickly and effectively is critical in limiting loss.

The overriding aims of disaster planning are to ensure employee safety and minimise loss or extent of damage, that is, to save lives and reduce a potential catastrophe to a manageable problem through informed and intelligent planning, and to get the organisation back in business as soon as possible. Effective disaster planning should reduce likelihood and severity of disaster, reduce anxiety and speed recovery. In effect, planning should be pro-active (before the event), rather than re-active (after the event). It is necessary to investigate thoroughly the disasters possible in the particular environment (macro and micro) and develop contingency plans to protect, minimise, salvage and restore business operations from the disaster scenarios identified.

THE BENEFITS ARE OBVIOUS

There is no single correct information counter-disaster planning solution for all organisations. Much depends on the overall risk management objectives and their prioritisation at the company level, but the basic premise is the same: isolate the risks, eliminate or minimise wherever possible, and where not possible, transfer the risk. Risk management is an expensive exercise, but in the aftermath of a disaster that has been successfully weathered, the benefits are obvious, and in hindsight very economic. As well as the clearly demonstrated value of pro-active planning in risk minimisation through the identification of potential hazards, etc., another factor in favour of risk management disaster planning is the reduction in the anxiety level, the constant worry about what could happen. Too many 'successful' companies simply cease to exist after a disaster, and not all these disasters are of the cataclysmic type.[1] Careful and informed planning for the survival and continuation of the business in the advent of a disaster (of any type) significantly reduces stress and anxiety levels. "The best way to prevent a disaster is to plan for one."[2] Planning reduces the degree of vulnerability. Crisis management should be viewed as an extremely critical and effective corporate management tool, no small part of which should be information disaster planning.

STAGES IN RISK MANAGEMENT

Risk management theory identifies a number of basic stages in risk management.[3] These include:

* Acceptance of risk and mandate from top management;

* Identification and assessment of risk and development of worst case scenarios;

* Elimination or minimisation of potential risks;

* Creation of formal disaster plan/s; and

* Transfer of risk.

When information disaster planning is analysed the same stages may be identified, and it is important to integrate the process of information disaster planning into corporate risk management. Information disaster planning should be a natural component of the larger overall organisational risk management picture, and strategic planners should be cognisant of this fact. …