It doesn’t matter how much planning you’ve done – for the time being you’re fucked.’ In that sharp slice of Anglo-Saxon, Nick Robertson finds the ideal sentiment to sum up the dry-mouthed, leaden-stomach moment when his business was dealt a calamitous blow.
A co-founder of online fashion retailer ASOS, Robertson had been building up the business since 1999 and, having been hit by logistical tribulations around the crucial Christmas period in 2004, he was keen to show what it could do when all the cogs were fully greased. Robertson moved depots in autumn 2005 to a brand new warehouse in a Hemel Hempstead industrial park and the company began to move up the gears as the Yuletide orders flooded in.
Early on the morning of 11 December 2005, however, a series of huge explosions at the Buncefield oil storage terminal seriously damaged ASOS’ new warehouse nearby. Nobody was allowed on-site for five days. When finally they were, they found the blast had destroyed the office inside the warehouse and weeks of stock had been ruined by the sprinkler system.
‘In terms of disaster recovery we had no back-up,’ explains Robertson. ‘As a fast-growing company, the dynamics of the business meant that we had just one distribution centre.
‘Big companies have resources for this and small companies generally don’t. When you’re busy growing a business the last thing on your mind is making a robust recovery plan. Often, all you do is carry out a business health-check and then get necessary insurance cover – that will generally be your only concession to disaster recovery.’
The 300 ASOS workers who were due to arrive on Sunday morning had to be contacted and, thanks to an assurance from the insurers, would be paid. The ASOS.com website – the company’s only shop-front – was closed to transactions for five and a half weeks. ‘We shifted our staff from near Luton to the London office to complete the refunds of the 19,000 undeliverable orders,’ remembers Robertson. ‘The nature of this business is that we have a high turnover of stock and only carry about six or seven weeks’ worth. But all that just got put to one side and the big issue was how quickly we could get the warehouse back up and running.’
In a way, Robertson was lucky – lucky to have such a hugely popular service and to have an almost ‘virtual’ business with a fairly fast turnover of stock. How many other businesses could cope with not being able to do any business for a month and a half and then still make a profit, let alone survive? Not many.
Perception and reality
In fact, 70 per cent of businesses that suffer a ‘discontinuity’ in trading – not even necessarily five weeks of it – will be forced to cease trading, according to a recent survey by the DTI. And, while we’re running with the stats, a Chartered Management Institute survey this year found that only 46 per cent of SMEs have business continuity plans and that just 37 per cent of those with plans will rehearse or exercise them.
So, despite the possibility of going belly-up and losing everything, business owners’ perception of potential danger is fairly low. ‘SMEs don’t have the resources and management capability to make plans,’ asserts Dr Greg French, managing director of disaster recovery specialist Belfor. ‘They think that conducting contingency planning impacts their bottom line. Compiling a plan and testing it works is considered unnecessary because they don’t foresee anything bad happening to their business.’
Blind optimism aside, most growing businesses are in a state of change, making it easy to forget about things under the surface. But if you start thinking early about what you’re going to do in the event of a disaster then the business can be in much better shape for it – and putting in place a plan to deal with risks will help reassure your shareholders, customers and employees. Furthermore, evidence of a continuity plan is likely to get you a lower insurance premium.
Running a medium-sized business might even mean that you ought to be more inclined to create a disaster recovery plan than if you were a lot bigger. Rob Thompson, marketing director of business continuity experts SunGard Availability Services explains: ‘A very strong reason for growing companies to plan for disaster is that key staff and locations are fewer in number. Larger companies are generally more geographically diversified, so business functions are replicated in other areas. In smaller, entrepreneurial businesses this is much less likely. So, if there’s a single point of failure, say in the finance department, there’s no one to replace them in an emergency.
‘You’ve also got the classic supply chain pressures if you’re supplying to someone who supplies to someone else,’ he adds. ‘Contingency plans are often expected of suppliers and if you don’t have them then you might not be able to able to win some contracts.’ This need is going to be underlined soon by the introduction of a kitemark for continuity plans, British Standard 25999 [*UPDATE – BS 25999 was withdrawn in 2012 (part 2) and 2013 (part 1) following the publication of the international standards ISO 22301 and ISO 22313], in public consultation phase at the moment and comes into practice in 2007. It won’t be compulsory, but large firms that comply may insist their small suppliers have one.
The real cost
‘A common misconception is that putting plans in place will be an horrendously costly exercise. But the important thing is to look carefully at where to spend your recovery plan pound,’ informs Thompson. ‘Formats can range hugely from one paper copy in someone’s drawer – not advisable – right through to complex business continuity software that can map potential points of business failure and run you through everything that should happen.’
Although the concept of ‘disaster’ brings to mind events like terrorist bombings and Buncefield, by far the most common catastrophes are mundane; an over-exuberant road-digger cutting a power cable is every bit as traumatic for a business as a bomb going off. You can’t prevent most disasters, but you can lessen the resulting interruption to your business.
Generally, the first step for a company with little or no contingency planning is just to start backing up your electronic data and taking it home at night. An advantage that growing businesses have over their bigger brothers is that it’s fairly cheap to get small amounts of data storage, a relatively easy disaster recovery technique. There are a vast variety of IT service providers out there that will very economically offer remote data storage and hosting arrangements, so staff can upload work files onto any home computer.
The next step up, and the foundation of a simple and cheap plan, involves looking at every part of your business, working out what could happen to it and how you’d deal with that eventuality. Then you need to put into place who will deal with it, be it a third party or an internal individual.
If you’re starting to worry that many hours of toil lie ahead, Belfor’s Greg French has some encouraging words: ‘The biggest problems with disaster recovery plans is that they can become too detailed and focus too much on staff. People have a habit of changing jobs and the most generic plans are generally the best – prescriptive plans go out of date in a few months.’
One thing that is essential to include in your plan, in the event of a substantial disaster, is to not stop trying to win new business. Alison Williams, chairman of market researcher FDS Group – another business that fell victim to fire – says that, because of temporarily putting business development on hold, even three years after the blaze the company hasn’t reached the level she’d expected to be at. ‘We had a disaster recovery plan, but it is much more thorough now. Our business continuity insurance is considerably increased, we have broadband from our offices in Kent to our offices in High Wycombe to offer continuous work in case of another disaster and our plan has provisions within it that will mean we shall not put new business development on hold.’
Williams’ current plan includes contact numbers of staff, customers, suppliers, insurance and utilities; details of emergency update lines for staff post-emergency; and detailed instructions and lists of who does what and when (including deputies for each role). ‘Plan for the worst case,’ she stresses, ‘then anything less will be covered.’