Disasters can become disastrous. Planning for disasters will save money and may even save the business, writes David Gilroy.
Checkout scanning is core to all data analytics in retailing and wholesaling today. Without item level sales capture at the point-of-sale, replenishment and ordering systems don’t function. Checkout self-scan and productivity gains aren’t possible. Category sales analysis is a non-starter thus ruling out effective space planning and product performance monitoring. The industry depends on smooth frictionless scanning capabilities. It is hard to imagine a world without scanning, yet it was not until well into the 1980s that it became commonplace. And there were all sorts of problems along the way. Inaccurate bar codes, inefficient product file maintenance, non-existent bar codes, flaky operating systems and inexperienced technophobic management. All combining to cause pressure points and frustration at the checkouts. Overlay this with a totally different social and trading environment with no Sunday trading and peak sales concentrated into Saturdays and late nights on Fridays and grocery shopping could be hellish for all participants. It was in this sepia prehistoric world that the great Asda disaster of 1981 occurred. Asda was an early adopter of scanning and led the industry in store roll-out. On a warm summer’s Friday evening in High Wycombe disaster struck. The store was heaving and trading intensely when the entire checkout operating system failed. Despite desperate attempts to reboot, it was dead. There was no effective back-up. Queues quickly built up, tempers frayed, and management had no choice but to close the store. The local traffic became gridlocked and the nearby M40 motorway congested to a standstill. It turned nasty and the police were needed to restore order. This event had a lasting effect on the business and all existing and future installations were scrutinised for disaster recovery protocols and system fail-overs. The High Wycombe debacle became the stuff of legend and was frequently referenced in procedural and systems planning for many years.
I was reminded of this recently when the electrical substation fire broke out near Heathrow airport bringing the entire operation to a standstill and effectively wiping out one of the world’s busiest airports for more than twenty-four hours. Now Heathrow’s chief executive warns that it could cost up to £1bn to install a more “resilient” generating system allowing it to switch across power sources and avoid a repeat of the airport closure. How can this be allowed to happen? Simple. Ineffective continuity and disaster recovery planning.
The problem with disaster recovery is that no one really wants to talk about it. It’s not sexy, can be very costly and requires a lot of painstaking gutty work gamifying all the possible scenarios and then problem solving for events that may never happen. I have been involved in a few disaster recovery planning groups and it’s a nightmare. Everyone is too busy with their day jobs to engage properly as there is no instant reward for their effort and yet nothing could be more important. Disaster recovery encompasses the policies, tools, and procedures that enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Unlike broader business continuity planning, which addresses maintaining all essential aspects of business operations during disruptions, DR focuses specifically on IT and technology systems.
To enhance resilience and ensure swift recovery from disruptions, wholesalers should consider a range of components in their disaster recovery strategies. Conducting a thorough risk assessment and Business Impact Analysis (BIA) is foundational to any DR plan. This process involves identifying potential threats (e.g. cyberattacks, natural disasters, technical failures) and evaluating their impact on critical business functions.
Understanding these risks enables organisations to prioritise systems and processes for recovery. Defining clear recovery objectives is crucial:
• Recovery Time Objective (RTO): The maximum acceptable duration to restore functions after a disaster.
• Recovery Point Objective (RPO): The maximum acceptable data loss measured in time.
These objectives guide the selection of appropriate recovery strategies and technologies.
Implementing regular data backups and ensuring offsite or cloud storage is vital. Offsite backups protect against localised disasters, while cloud solutions offer scalability and accessibility. Despite its importance, Business Computing reckons that nearly a quarter of UK businesses lack offsite backups, highlighting a significant area for improvement. Integrating robust cybersecurity measures within the DR plan is essential to safeguard against digital threats. This includes proactive monitoring, threat detection, and incident response strategies. Regular testing of IT systems’ resilience against cyberattacks ensures a swift recovery and minimises potential damage. A DR plan is only effective if regularly tested and updated. Simulating various disaster scenarios helps to identify gaps and areas for improvement. Despite its importance, 42% of UK organisations have not tested their DR processes in the past year, underscoring the need for routine evaluations.
Educating employees about their roles during a disaster ensures a coordinated and efficient response. Training should cover emergency procedures, communication protocols, and basic cybersecurity practices to prevent incidents. For SMEs with limited resources, partnering with Managed Service Providers (MSPs) can provide access to expertise and resources necessary for effective disaster recovery planning. MSPs can assist in risk assessment, strategy development, implementation, and ongoing support. Adhering to established standards, such as the UK’s Civil Contingencies Act of 2004 and relevant British Standards (e.g., BS 25999), ensures that DR plans meet legal and industry requirements. Compliance not only mitigates legal risks but also demonstrates a commitment to resilience and reliability.
While developing a comprehensive DR plan is a long-term endeavour, wholesalers can implement several quick wins to enhance resilience immediately:
• Regular Backups: Automate backups of critical data and store them securely offsite or in the cloud.
• Multi-Factor Authentication (MFA): Implement MFA across systems to enhance security against unauthorised access.
• Update and Patch Systems: Regularly update all software and systems to protect against vulnerabilities.
• Document Key Processes: Create clear documentation of essential business processes to guide recovery efforts.
Heathrow was a timely reminder. Maybe this is good time to dust off those DR plans and check their validity?
Comments are closed.