The story that has been dominating the news this week was the release of the three women in the City of Cleveland.  

They had been abducted and held captive for ten years! Their story is both joyous and truly disturbing. Joyous for the families who have their daughters back when they had given them up for dead.  It is so disturbing that one human can do this to another, and that Ariel Castro, the alleged kidnapper had managed to carry this on for so long and why neighbours and the police never realised that the three women were being held in Seymour Avenue. It is beginning to come out that there was some evidence of strange events happening at the house, but nobody put all the pieces together to find out that these three women and a child were being held there. Perhaps with hindsight, somebody should have realised.

I have been working recently with a technology company. They have had to implement business continuity due to the requirements of one of their key customers. PlanB Consulting was lucky enough to get the work to implement business continuity into the company.

In carrying out a risk assessment they had one major single point of failure.  Although they have offices worldwide they have all of their IT in one single server room.  If they were to lose their server room or the whole office even a simple incident such as a loss of power, they would lose their website, their email system (for all users worldwide) which is critical, and most of their systems.  They do have the systems backed up, but as we know if you lose your primary datacentre, it would take days if not weeks to recover your systems.  This would involve finding a rack in a datacentre, purchasing the relevant servers, purchasing network access, rebuilding all the systems and then doing the necessary desktop work so that users can access the systems.  If this risk was to materialise; it could be debated whether they, as a company would survive or at least business plans would be severely set back.

What interests me and here is the link to the news story. If this risk is so obvious – why did some one not do something about it?  I am sure if they sat down and systematically looked at their risks, they would have identified this as one of their critical risks. In the same way as the Cleveland case, if the police and neighbours had systematically looked at the events in Seymour Avenue, then they might have deduced that something strange was going on in the house, and would have carried out further investigations.

Working with the technology company we have identified the risk and the company is working towards a comprehensive solution to mitigate the effects.  If this event was to occur once the solution is in place, users worldwide may not even notice they have lost their primary datacentre.

So what is the relevance to us business continuity people?

1. For me discovering a major risk and mitigating it, I think is one of the greatest pleasures of being a business continuity manager, especially when the organisation recognises it and gets on with mitigating it. I feel when this happens you are really making a difference to the company and have made your own contribution to their success.
2. Have you looked at your own organisation and identified any major risk, or single points of failure that would have a major impact on the organisation if the risk materialised.
3. Where you have done this, make sure that people are aware of the risk and your own contribution to its’ mitigation.  I think this is especially important, as we all have to show our contribution to the organisation and justification on the continued funding of our role.

So if you have nothing better to do, go out, analyse the organisation and identify those organisation critical risks which all others have missed or ignored and add value to your role!