By Greg Christian, Head of Business Continuity Management, Oracle Corporation
Businesses live and die by their reputation. If nobody wants to do business with you, for any reason, you have no company. Reputation is the hardest asset to acquire and the easiest to lose. During times of crises, you must maintain operations to serve the customers who rely on your products or services. Your reputation counts on it.
Heading into 2020, no one could have fully expected COVID-19 and the implications that a global pandemic can have on a business, let alone our day-to-day lives. But companies with a strong business continuity plan—combined with a trained response team and purpose-built systems—can navigate potential disruptions due to a sick colleague, an outbreak at a work site, or partner issues in the supply chain, to deliver on their promises to customers who rely on them most.
Business continuity management is simply a tool, and a process, to keep all of your critical functions going and keep your customer promises in situations when they might otherwise break down. This includes keeping your employees safe, as well as keeping data and systems functioning properly to keep your business running well.
As the head of business continuity management at Oracle—with over 15 years of experience in emergency management and business continuity planning in multiple technology organizations—I’ve seen how external forces from 9/11, to the 2011 Japan earthquake and tsunami, and now a global pandemic can impact companies of all types. I’ve also had the chance to successfully implement business continuity plans. I’ve seen how an organization can build operational resilience and manage through external events and internal disruptions to emerge stronger, while maintaining and building trust with its customers.
|"At Oracle, we plan for disruption impacts before they occur.”|
At Oracle, we’ve put in place business continuity processes that include internal use of Oracle Fusion Cloud Risk Management, our data centers, applications, and people. More than 400,000 customers around the world rely on us, so we need built-in systemic and operational resilience to keep delivering for them.
How did we do it? 3 steps: Prepare. Act. Anticipate.
At the outset, it’s vitally important to get prepared for anything and everything.
To do so, you need to identify and build an effective group of cross-functional subject matter experts and key stakeholders who care about your organization’s ability to weather a storm. For us, that included key people in customer success and support, cloud services, product development, human resources, legal, and real estate and facilities.
In addition, it’s critical to document your continuity plan with assigned owners, as opposed to trying to rely on memory or tribal knowledge when chaos is raining down.
But documentation is only the first step. Once your policies and processes are “in writing,” it’s time to capture, streamline and automate these plans through purpose-built systems. At Oracle, we leverage Oracle Cloud Risk Management to manage, execute and monitor our business.
Instead of preparing for all the possible individual scenarios and threats that could occur, we base our program on the following four impact areas:
With this approach, our reporting dashboards provide us a summary glance of what’s going on across our work sites and data centers all around the world. It’s much easier to manage four planning aspects than potentially hundreds of individual incident threats.
The next part of planning is to identify gaps, and prevent single points of failure, by testing your plans through simulations. Just like any great team, practice is key.
At Oracle, we ran a simulation in 2019, and I believe that exercise helped our cross-functional response team prepare for what we’ve seen across 2020. For example, we identified limited corporate VPN capacity in our licensing support center in India, which we addressed after the simulation.
In a global pandemic, it’s much better to act too quickly than too slowly. Since you have a plan already in place, it’s now all about execution and staying ahead of the game.
The first step is to activate your business continuity plans as soon as you’re sure that customer support, or critical internal operations, might be interrupted longer than the acceptable recovery time (often pre-determined in your plan).
Through your reporting protocols and dashboards, keep track of how things are going at all levels and proactively mitigate impacts that might cascade, and collateral damage. Along the way, capture lessons to drive continuous improvement.
To date, we at Oracle have not experienced any covid-19 outbreaks that have truly impacted our workforce. The primary workplace impact has been the closing of offices and work sites, as precautionary measures. However, even a low incidence rate can affect an organization—so, in anticipation of future events and impacts, it’s important to use this time to build redundancy, strengthen skills, cross train your response team members, and recruit new members.
Once practice time is over, you should keep asking yourself, “How could this get worse?” My team and I asked ourselves a few such questions, including:
If and when an event does occur, it’s important to conduct an “after-action review” that analyzes performance. Ask the team and yourself what didn’t work or can be improved. Capture lessons learned and implement improvements into your existing business continuity plans.
And finally, stay ready! Review plans at least annually. Make it a policy requirement and measure it. An obsolete plan is a failure waiting to happen.
The world is nearly a year into the current crisis, yet it’s not too late for any business to establish and/or strengthen its business continuity plan using these best practices and learnings.
Proactive planning and action are critical. Having plans in place now is smart business; not having one might be the difference between how your business recovers when disruption is at your door, versus becoming an incident statistic.
For Oracle Cloud ERP customers, we have a blueprint within Oracle Cloud Risk Management that makes it easier to implement and automate business continuity processes, plans, and workflows—and we have a team of experts who are ready to assist you. With these tools in place, you can evaluate risks, document and review plans, and achieve real-time collaboration among all stakeholders, wherever they work.
About the Author
Greg Christian is the head of business continuity management at Oracle and has over 15 years of experience in emergency management and business continuity planning in technology organizations.
A veteran of the 9/11 and Japan earthquake and tsunami incidents, Greg has been instrumental in developing an impact-based business continuity management program here at Oracle.