Government is, one could say, the most important business in any country—particularly across the continent of Africa. Service delivery, leadership in governance, cooperation between government departments—they are all vital for the life of citizens and the confidence of foreign investors.
“Given the importance of the government ‘machine’, it’s vital that it continues to function no matter what disasters occur,” says Jacob Makgwesha Mothupi, Managing Director, ContinuitySA Botswana. “Effective business continuity across all tiers of government is a national priority that is receiving growing attention from oversight bodies like the Auditor-General. But too many people equate business continuity with disaster recovery and so they tend to miss out on the real benefits.”
Mothupi argues that business continuity is a complex undertaking that needs to be managed carefully. It takes a holistic view of the entire business process environment to establish the potential threats for each component and how to mitigate them. Obviously, a key focus area is the ICT systems but also included are the processes that run on them, and the people who manage those processes. Thus with a proper business continuity plan in place, a government entity will be able to keep its services flowing, with knock-on effects for citizen and investor confidence.
“Creating and then maintaining a business continuity plan is a rigorous process that now has its own standard, ISO 22301, in place,” Mothupi says. “The business continuity plan also helps the organisation to identify and remedy weaknesses, so becoming more resilient. A proper business continuity plan will also minimise the financial and reputational costs of a disaster.”
Mothupi says that an added benefit is that government departments can also gain a clearer picture of their dependencies on other departments for day-to-day functioning. Such an understanding, she believes, can also promote further inter-departmental co-operation leading to enhanced service delivery.
Putting a comprehensive business continuity plan in place is, as noted above, a demanding process, but Mothupi advises government entities to begin with four logical steps (as illustrated in the diagram):
- Define and test basic emergency response and crisis management procedures. These processes need to be documented and then tested regularly.
- Understand the business continuity landscape of your organisation. Each department must be analysed to determine how quickly each business process needs to be restored, what the underlying infrastructure is and who the staff are. Again, every aspect needs to be documented.
- Align the ICT continuity infrastructure with the needs identified in step 2. The requirements defined by each department in step 2 must be aligned to the infrastructure dedicated to ICT continuity. The infrastructure must be able to cope with the defined demands.
- Test, test, test. A business continuity plan is just marks on paper unless it is tested rigorously and regularly.
“These steps give one a good structure for coming to grips with business continuity, and thus to experiencing the benefits it can bring,” Mothupi concludes. “I just can’t stress enough the need to test your plan to make sure it really does work—this is not something you want to find out when an incident has taken place!”