At one time in the evolution of manufacturing, business continuity was as simple as the father handing the keys to the front door and the combination of the safe to a son, or sometimes a daughter. Today, strategies for ensuring non-interrupted “business as usual” operations tend to be more complex. They often address several tiers in the organization, involve multiple possible scenarios, and are designed to withstand a variety of possible threats, from retirement of a key executive to a natural disaster or terrorist attack. The organization’s business software solution is often a critical component of a continuity plan. Unfortunately, it can also be a serious roadblock.
Unravelling the Problem
Most IT professionals would agree that the organization’s business solution needs to be considered as part of any comprehensive Business Continuation plan — whether it’s a full scale plan for disaster recovery or typical HR issues, like retirement, leave of absence, or an involuntary separation. The manufacturer must continue fulfilling orders and supplying goods to customers in order to protect the brand and reputation. In many cases, critical services are at stake, such as medical device equipment, parts for airlines, firetrucks and ambulances, generators, equipment for oil drilling and mining, not to mention pharmaceuticals and life sciences. Major gaps in service and delivery can cause disruptive ripples through the economy. No one wants that.
Addressing continuity of IT systems isn’t always easy. There are many threats and complications which get in the way, jeopardizing overall effectiveness. No matter how detailed the total Business Continuity plan is, if there is no access to data, account information, inventory status, parts numbers and shop floor schedules, the manufacturing plant will quickly come to a halt. The stakes are too high to take a risk at “flying blind” or reverting to guesses or manual processes. Expensive equipment, high temperatures, dangerous conditions and costly raw materials can’t be risked.
How could this type of loss of data access occur? Natural disasters, such as tornadoes, hurricanes, floods or fires pose a threat. Events in the plant, like a fire or explosion, can be disastrous. Criminal acts of sabotage or crimes against people, such as shootings, account for some down time. But, by far, the biggest threat comes in the form of cybercrime.
There are no easy answers. The obvious tactics, like frequent backups, hardware in dual locations, server rooms secured and monitored, and attack-resilient security and virus detection, can only go so far in the battle. Extensive training of personnel is also needed to prevent social engineering attacks where the user unknowingly clicks on ransom-ware, spyware or a virus which eats through the network.
Cybercrime is a serious threat. McAfee estimates that the annual global cost of cybercrime could be over $400 billion. It’s not just businesses who are affected. An independent research firm recently concluded that 47 percent of American adults have had their personal data stolen, primarily through data breaches at large companies. In 2013, 43 percent of companies had a data breach.
As the incidents increase, executives are taking note and reacting. According to a PwC survey of CEOs, concern has doubled in two years. In 2014 22 percent of CEOs said they extremely concerned about data security. In 2016, it jumped to 44 percent. But, should it be even higher?
A growing emphasis on Continuity Plans is at least one positive result. Increasingly, manufacturers are trying to set in place safeguards and backups, around all systems, not just software. Documenting existing processes, on the shop floor and back office, is one of the typical starting places.
In some manufacturing plants, the systems are complex. Machines may be outdated adding to complications. Silos of information can be hard to integrate and back up. Heavily modified IT systems, patched, a combination of legacy solutions and some add-ons with open source code, some apps that aren’t integrated and a patchwork quilt of workarounds and fixes can add to the confusion. Documenting that kind of chaos and prescribing how to recover a working version of data after an emergency would be a monumental task.
It’s easy to see how that dangerous predicament could happen. In the case of rigid, monolithic ERPs, organizations sometimes go on modification frenzies, investing heavily into specialized features and use-case specific functionality to make their ERP solution align to their methodology. The system can “creep” out of its original parameters and seem to take on a life of its own, making it difficult to upgrade, document, back up, and teach to new hires. One seasoned veteran may be the only one who understands the tangle.
Alternatives to the Chaos and Uncertainty
Fortunately, steps can be taken to repair, improve and prevent complications that will impede sound Business Continuation plans. Now is the ideal time to review basic strategies for safeguarding systems and processes. Manufacturers are already starting to gear up for waves of digitalization predicted to hit soon. They are also considering various tactics for meeting escalating market pressures and performing due diligence research on much-needed modernization. As those IT strategies are being mapped, it makes sense to also map contingencies and continuation protocols at the same time. Here are some tips to consider:
Avoid modifications. Heavily modified systems become complex and unwieldy, difficult to manage and maintain. It makes more sense to choose ERP solutions which already have the functionality you need built in. Often, you can use personalization features to adapt forms and reporting to achieve the specialized requirements you need.
Trust cloud deployment. When you turn to cloud deployment you leave security to the experts who do nothing but focus on keeping your data safe. The large cloud data centers typically have more resources and investments in secure technology and staying on top of changing issues than an individual company. You can also count on regular backups.
Comply with standard best practices. If your company has non-standard terms in use or idiosyncrasies left over from past generations, you may want to consider adopting more standardized practices. This will make it easier to hire and train personnel, including temporary employees that may be called in during an emergency.
Document procedures. Not only do you need to document procedures, you need make sure that documentation is readily accessible, consumable, and relevant to the people who need it. If it is written in highly technical language, line operators may find it useless. Remember the audience and applications.
Cross-train personnel. Training personnel in multiple tasks and positions helps to ensure you have back-up options if needed. Not only should line personnel be involved in cross-training, but remember that managers and executives should also have a broad knowledge base.
Be vigilant. Be alert. Watch for early warning signs of impending threats from both internal and external sources. Any unusual activity, from employee behavior to web traffic, should be viewed through lens of cautiousness.
These few tips can help you create a strategy for Business Continuity which recognizes the essential role of your software solutions, the value of access and the benefits of removing complexities like excessive modifications.
Mark Humphlett is a Sr. Director of Industry & Product Marketing at Infor.