As the crisis media team moves into action to deal with the incident which is taking place on the other side of the world from your offices; one you would never have thought might have struck your company after the care and attention to detail you and your team give to the safe running of the fleet, your critical IT system shuts down through an unexpected power outage caused by storms overhead.
For many shipping companies, business continuity management is seen as an integral part of their management systems for dealing with disruptive events such as a casualty, but closer to home incidents can disrupt day-to-day activities. And they always happen at the wrong time.
A business continuity plan needs to include prepare for emergency response, information and communication technology (ICT), incident management, business and disaster recovery, information security management, business activity recovery time and data recovery and the arrangements for getting back to your robust ‘business as usual’ operations and managing your fleet.
For most firms in every business sector, ICT is now regarded as being a critical component and a vital part of its business activities. The increasing use of the internet and social media when taken together with business systems and applications means that most businesses are now extremely reliant on their ICT infrastructure.
All such systems must therefore have high reliability and availability and be physically robust. They must also be able to protect and ensure the reliability of the company’s data files, its core structure and intellectual property so as to safeguard data confidentiality, its integrity and availability to those within the business who need to have immediate access to be able to continue to do their jobs. The technical team or designated person ashore (DPA) spring to mind.
As the crisis media team work on behalf of the firm to manage the immediate news output so too will the organisation’s critical business activities need to be protected as part of its business continuity management arrangements.
These include any disruptions to ICT networks that can create risks to the company’s reputation and its ability to operate. The failure of ICT including security breaches, such as cyber-attacks and virus infections, something referred to in an earlier MTI blog post can have a serious impact on the continuity of any company’s business operations. The management and security of ICT are therefore seen as a key part of business continuity management requirements.
As the shipping company’s business activities will usually be dependent on its having immediate access to reliable up-to-date company information, part of the business continuity management plan will therefore need to specify how much data the company can afford to lose and how current that information needs to be. Manifests? Bunkers? Crewing changeovers? Commercial arrangements?
Any ICT data recovery plan that is put in place must take into account the company’s business requirements and priorities and include information continuity solutions to meet those business continuity management needs as specified within a specific recovery point. A system restore point for those familiar with Windows operating systems if you like.
The recovery point will include the data restoration of current information for each business activity, HR, Commercial, Crewing, Operations, etc, when it should be recovered and the requirements to ensure the continuing confidentiality, integrity and availability in order to provide a robust and reliable data backup of vital company information.
The ICT data recovery plan must also include information for backup that will include how the data is to be securely stored, such as through physical backup media such as tape, optical devices or transmission up to the ‘Cloud’; how often it is backed up; and the safe environment in which the data is to be held either on site or off site.
No one likes a flood in the basement where all the servers are sited along with the uninterrupted power supply which is now under water.
The plan should also include the arrangements and expected timescales for data retrieval and its restoration.
In addition to data storage and access, the data recovery plan should also include other components such as alternate site requirements, the arrangements for the ‘failing over’ and ‘failing back’ of data to an alternative data centre site, power and cooling requirements for equipment as well as a maintenance, testing and a robust exercise programme.