I have a friend who refuses to wear a seatbelt. When questioned about his persistent tempting of fate, he pontificates about paranoia, media hype, and his “superb auto and medical insurance.” If by some twisted alignment of the stars, he finds himself broken and his car crushed…he’s covered. And after all, he’s an “excellent driver,” and cannoning through a windshield isn’t likely to happen to him. So, with all the laws and statistics begging him to choose otherwise, he continues to sit firmly in his position, unrestrained…and really, unprotected.
A similar attitude towards business continuity management programs (BCMPs) dominates many an organization’s boardroom and executive suites. BCMPs are their seatbelts, and insurance and disaster recovery plans (DRPs) reign as sufficient safeguards - in the ‘off-chance’ catastrophe hits. Also keeping company with this mentality is the notion that only the big disasters matter. Minor disruptions are, well, minor. We don’t need to “sweat the small stuff.” Or plan for it.
Global supply chains, create more complexity and with it, more risk opportunities
But the reality is, without comprehensive business continuity (BC) plans and procedures in place, even minor disturbances can burst into an enterprise-wide epidemic of loss and damage. But for most organizations, fulfilling an enterprise-wide BCMP requires executive buy-in. And it’s not something gained through a drop-by office visit on a Friday afternoon. Your proposal needs a plan. Here are some tips.
Your Protocol for BCMP Exec Buy-In
- Define the Difference
One of the first pushbacks you may get in your proposal, as mentioned above, is the claim that a DRP is adequate in the event of a disaster. Explain to the decision-makers that DRPs, in the most basic sense, come into play after you’ve done all the prevention and mitigation you can do, when it’s time for cleanup and restoration. Insurance is an after-the-fact buffer as well. But what about maintaining critical business functions in spite of a disaster? What about preventing a disruption altogether? Inform upper management that this is where a BCMP will help. It powers your organization’s documented processes and procedures to preserve integral operations during an interruption. It also delivers preventative measures to help bypass avoidable threats, and mitigation efforts to lessen loss and damage. DPRs are reaction, BCMPs are prevention.
- Dive Deeper, Briefly
Then it’s time to get a bit more specific about how a BCMP will benefit your organization, but don’t overwhelm your audience. Present concise information that doesn’t meander into minutia. Include ways it can help shield your reputation, keep you in compliance, and build trust with investors, wholesalers, and patients.
- Get Industry-Specific
Delve into pharma’s unique risk factors and reason why operational resiliency, and thus a BCMP, is so critical to the pharma industry:
- Global supply chains, create more complexity and with it, more risk opportunities
- Frequently changing regulations and incongruitous global regulations, challenge compliance statuses
- Sensitive intellectual property and copious patient data attract more sophisticated and determined cyber criminals and espionage actors
- The profound responsibility to produce a sufficient supply of products on which consumers’ lives depend, sometimes in emergencies or pandemic conditions
- Talk About the Small Stuff
Emphasize that the well-being of your organization – and the consumers for which you provide products – goes far beyond disasters. Any amount of downtime, no matter the cause, can cripple business and manufacturing operations. The most common causes for downtime in pharma are:
- Regulatory issues
- Quality control/product tampering
- Global supply chain disruptions
- Political unrest
- Global workforce strikes and working conditions concerns
- Data Security/Cyber attacks
- Extreme weather
Cyber crime just may be the most urgent of those threats. In 2018, total global attacks increase a whopping 62% at 210 million.3 A well-endowed BCMP will help you address these issues with preventative and mitigative measures.
- Present a Plan
Executives will eventually want to know specifics: budget allocation, required resources, will those include external support as well as internal, implementation time-frame, etc. Give them a play-by-play of the development process.
- Talk Up the Competition
Executives are always interested in what the competition is doing. Research your competition’s BCMP strategies, cite both those who have benefited from well-placed programs and those who suffered loss and damage for lack thereof.
- Prepare for Opposition
Rarely is such as proposition received with immediate acceptance. Consider what points top-management may challenge you and be ready to counter with solid information.
- Show Them the Money
Money talks to executives. Give them numbers. If the aforementioned tactics lack impact, switch gears from benefits and implementation to the costs of foregoing a BCMP - downtime, cyber attacks, etc. Demonstrate financial advantages from losses avoided and efficiencies gained. Throw in some heavy statistics for an extra punch. For example:
- A data breach costs healthcare providers and pharma $3.7 million in lost revenue annually1
- GDPR violation fines can grab up to 4% of an organization’s global annual revenue
- HIPPA violations can take $100 - $50,000 per violation, with $1.5 million annual max2
- Only 1% of data loss comes from natural disasters
- Average downtime cost runs about $260,000 per hour; 80% of companies underestimate downtime cost by as much as 300%
Pharma companies must spare not time or expense to ensure operational resiliency
Many organizations operate under an air of “it won’t happen to us.” And pharma is no different. But what does set pharma apart from many other industries? Its profound responsibility to continuously distribute sufficient supplies of needful products. To that end, pharma companies must spare not time or expense to ensure operational resiliency in the face of any disruption, large or small, man-made or nature-made. A full-spectrum BCMP is the remedy to deliver that protection.
For more great industry info, check out our free whitepaper:
1. “Health Breaches Costs $6.2B Annually,” Becker’s Hospital Review, 2017
2. “What Does a Ransomware Attack in Healthcare Really Cost?” Fortinet, 2017
3. 2018 HIMSS Cybersecurity Survey, Healthcare Information and Management Systems Society, 2018
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.