After every natural disaster, people are deprived of basic amenities like water, food and power. On the other side of the coin, the utility industry is always at the receiving end to succumb to any type of disaster, be it man-made or natural. In this scenario, this sector needs a comprehensive business continuity management strategy to serve the people even during a crisis.
The services delivered by these utility companies are critical to the economic and social well-being of a society. Thus, continuity of utility sectors like Power Distribution is a critical issue to be considered by senior management and concerned authorities.
Business Continuity Management strategy helps you prepare for the worst. However, that worst may not happen many times. Then why do we need a separate policy and committed resources for a prophecy?
Risk Management Vs Business Continuity Management
Business continuity is an integral part of risk management. Organisations cannot ignore the possible external effect on the operations. Sometimes, the internal risks may surprise and effect both at the organisation and operational levels.
Many a times, BCM is mistaken for a Disaster recovery plan, which is confined mostly to technology and data protection. However, it is more to do with a top-to-bottom approach, where continuity management is required at every stage of various operations in an organisation.
An outage may be subsided with risk planning and emergency measures. But it is very difficult to measure to what extent this outage may percolate into multiple operations of the organisation.
Let us check some of the possible natural and man-made hazards, which may disturb the operations of utility firms, specifically power supply companies.
The possible natural and man-made hazards for power distribution firms:
• Cyclone & Flash Floods – Most of the Middle East, Malaysia, and other coastal countries are prone to tropical cyclones, which lead to flash floods. The power distribution companies from these areas may suffer from infrastructure damage, property loss and may require to relocate their operations while continuing to provide their services
• Power Outages – The generator and grid failure are often predictable outages and connected cities may go dark without power and gas supplies
• Fire – Electricity short circuits or any man-made negligence may expose the companies to fire accidents. Many vital records may be burnt and even impact their IT
• Physical & Cyber Attacks – Physical attacks are very rare. However, the utility firms are vulnerable to internal conflicts and terrorist rampage. Here, there is a probability of human and property loss to some extent.
Whereas, Cyber-attacks are inevitable due to hackers and anti-management groups. Although the data pilferage may not directly impact the power supply, but may interrupt the billing and other operations. This, in turn, may fluctuate cash flow and imbalance the balance sheets
• Pandemic – Epidemic diseases like Ebola are highly unpredictable. However, the rumours and fear may result in unfavourable incidents within the organisation.
All the above incidents may damage the organisation’s reputation, properties and data, demotivate staff and disturb the demand & supply operations.
At this juncture, any power firm is expected to perform
• Timely restoration to job
• Monitor business & operational risk
• Handle technology outages, unavailability of employees, incapacitated facilities, interrupted critical vendors
• Manage grid reliability and large number of interconnected business process supporting this goal
• Holistic approach to business resiliency and disaster recovery
• Understand the risk and impact of disruption on business processes
Now, the question is, “are you ready and equipped for any incident?”
If yes, then check whether you are able to fulfil the above parameters.
If no, then:
• Conduct some initial hierarchical board meetings
• Check the strength of internal Business Continuity Management
• Consult an external expert for Business Impact Analysis (BIAs) and
• Facilitate the internal BCM team with some test cases or simulation crisis workshops
Some of the case studies of Power distribution companies in the Middle East and other countries have reported the need for automation of Business Continuity Management. Many companies are aiming to bring all their BCM processes and records together into a centralized environment to proactively monitor and mitigate business disruption threats with a click of a button through BCM software.
This major initiative towards BCM is also a step towards being compliant with regulations issued in accordance with Section 3 Part 1 of National Emergency Crisis and Disasters Management Authority (NCEMA) Standard 7000:2012. These regulations are formed to regulate water, waste water and electricity sectors in Emirates to develop BCM and BCP in compliance with NCEMA 7000:2012.
Some of the NCEMA 7000:2012 Regulations include:
• Define own organisational criteria and trigger for executing a Business Continuity response in accordance with respective Business Continuity Programme in the event of a Disruption
• Define a scope of BCM in terms of mission critical processes & functions
• Establish a BCM Committee to address organisational, functional, and operational issues
• Appoint a business continuity coordinator
• Conduct BIAs – determine and document the RTO & RPO for all mission critical processes & functions
• Identify threats and assess impact of threats, vulnerability of those impacts, likelihood of identified threats and finally calculate and evaluate the risks
• Measure BCM with internal audits, managerial reviews and measurement against KPIs
• Provide awareness & training and conduct test cases & exercises
• Above all, organisations should religiously review and update their BCM on a regular basis
To conclude, utility companies are responding well to localized emergencies. However, challenging economic environments and changing scenarios, forcing the companies to put aside their long-term concerns. Looking at the changing landscape, it is the right time to revisit Business Continuity Management and show urgency for continuity preparedness.
How Do You Set Consulting Fees?
What Is an Internet Security Consultant?
Disaster Recovery – He Who Screams Loudest Doesn’t Recover First