Business continuity through a COVID-19 lens

Issue 8 2020 Security Services & Risk Management

The COVID-19 crisis has certainly put the spotlight on business continuity. While lockdowns and other imposed restrictions forced certain sectors to cease operating, a number of organisations continued to service customers and deliver products, with varying levels of success. For the latter, one may ask, did having a business continuity plan actually assist during this crisis?

“The simple answer is ‘yes’,” says Padma Naidoo, general manager: Advisory, ContinuitySA. Although the plans may not have considered a pandemic of this magnitude, organisations with a well-established business continuity capability have largely applauded it for enabling a swifter activation of remote work and other contingencies required to continue operating.

Padma Naidoo.

What worked?

Here are some of the business continuity planning aspects that assisted:

Business priorities – having a business-analysed view of the critical functions that needed to be resumed versus those that could stand for longer. With less than a week between the announcement and activation of lockdown, this helped direct the effective use of available resources and efforts.

Resource requirements – organisations that completed a business impact analysis had a clear understanding of existing capabilities and additional requirements, such as:

• The number of staff required to meet minimum acceptable levels of service and product delivery.

• Employees equipped to work remotely versus those that would require laptops/3G cards.

• The IT/network limitations regarding remote work numbers.

• Functions that could not take place remotely and why.

Having this information readily available assisted organisations to mobilise the additional resources required quickly, at a time when companies were competing for available stock.

Response structures – having a clear and tested framework for incident management and decision making. Even though a pandemic of this scale may not have been catered for, the entrenched principles of incident management were certainly useful.

Established teams – having established teams at different levels within an organisation, with trained and rehearsed individuals to implement the response.

Implemented continuity strategies – although identified contingencies may not have worked as intended, they did offer some advantages, for example:

• Work area recovery facilities were used to achieve social distancing and split an organisation’s risk.

• Critical staff were already equipped for remote work.

• Identified manual workarounds were utilised while additional staff were being equipped for remote work.

• In some instances, supply chain diversification assisted with supply delays.

Looking to the future

While existing business continuity frameworks did offer benefits, it is evident that they can be improved based on the lessons learnt over the past few months. COVID-19 marks a turning point for business, social and other spheres. The extent to which change occurs remains to be seen, with several predictions being made by analysts and futurists.

So, how should the face of business continuity change to meet emerging needs? Naidoo suggests that a strategic focus needs to be placed on resilience. As organisations ponder long term changes to their business and operating models, either for enhancement or as a response to macro environment developments, resilience needs to underpin their thought process, with continuity principles built into all changes.

For example, if an organisation is looking to increase remote work, mechanisms should be put in place to ensure that cross-skilling and succession planning takes place to avoid key skill vulnerabilities. With increased cybersecurity risks, it’s time to re-evaluate the approach to and measures for information security.

If an organisation seeks to diversify/localise its supply chain, due consideration should be given to second and third tier suppliers, as well as driving resilience through collaboration. Taking it a step further, why not use the automation of big data analytics to detect, inform and assess continuity threats and responses? The opportunities are endless.

“We live in a volatile time, and the decisions made now will impact the course of organisations in the future. This is the time for business continuity and risk practitioners to step up and ensure that new world that emerges post COVID-19 is a resilient one,” concludes Naidoo.

For more information contact ContinuitySA, +27 11 554 8216,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Meeting compliance obligations
Issue 7 2020 , Security Services & Risk Management
Helping businesses in SA understand and meet their compliance obligations to local regulations.

Industrialisation or imperialism?
Issue 7 2020 , Security Services & Risk Management
4IR has to be a matter of national agenda; national economic and political sovereignty and national security - necessitating commensurate prioritisation.

Password vulnerabilities in South Africa
Issue 7 2020, Kaspersky , Security Services & Risk Management
Research from Kaspersky has shown that people are putting their online safety at risk by making bad password decisions and simple password mistakes that may have far-reaching consequences.

The greatest crime-fighting weapon is predictably
Issue 7 2020 , Security Services & Risk Management
Predictability fuelled by artificial intelligence (AI) and big data has the ability to reduce violent crimes by 25% by 2023 according to Aura.

PCI DSS can be your PoPIA security blueprint
Issue 6 2020, Galix Group , Security Services & Risk Management
Some of the requirements of PCI DSS can also be used to comply with PoPIA, South Africa’s data privacy law.

Monopoly: AI edition
Issue 6 2020 , Security Services & Risk Management
Due to the inherent nature of artificial intelligence (AI), AI-powered industries naturally tend towards monopolisation.

eVisa solutions for Botswana
Issue 6 2020 , Security Services & Risk Management
Travelers to Botswana will soon be able to complete visa applications online and ease their entry into the country.

Three steps to kick-start POPIA compliance
Issue 6 2020 , Security Services & Risk Management
Complying with data privacy, security laws and regulations can be a daunting task for any organisation.

Digital evidence handling in the cloud
Issue 5 2020 , Security Services & Risk Management
Investigate Xpress is a free, cloud-based digital evidence management solution designed to make police forces more efficient and productive.

The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.