AWS Public Sector Blog

Addressing emergencies and disruptions to create business continuity

man's hand moving pin and string on design board

While disruptive events are challenging for any organization, sudden and large-scale incidents such as natural disasters, IT outages, pandemics, and cyber-attacks can expose critical gaps in technology, culture, and organizational resiliency. Even smaller, unexpected events such as water damage to a critical facility or electrical outages can negatively impact your organization if there is no long-term resiliency plan in place. These events can have significant consequences on your employees, stakeholders, and mission, and can result in long-term financial losses, lost productivity, loss of life, a deterioration of trust with citizens and customers, and lasting reputational damage.

For organizations serving the public, disasters and emergencies can derail missions and critical emergency response, public safety, and public health services. Many organizations move from crisis to crisis with short-term fixes, without addressing the underlying lack of a long-term strategy for resilience and business continuity. Even with an existing resiliency plan in place in one department, the plan may not cover process re-engineering requirements and dependencies in other departments, like IT, finance, human resources, legal, communications, operators, or others. Key disruption areas to address with a long-term plan, include the most common and high-impact disruptors:

  • Ensuring IT infrastructure durability, availability, and security
  • Supporting employees and tapping expertise
  • Access to data for real-time situational awareness
  • Lack of financial agility
  • Lack of planning

The COVID-19 impact

COVID-19 brought to light fissures in IT infrastructure throughout government agencies, educational institutions, nonprofits, and healthcare, as public sector organizations struggled to meet the demands of their constituents, citizens, employees, and the public at large, while trying to maintain operations and continuity. Implementing remote workforce solutions, responding to online inquiries, finding insights across data streams, enabling virtual call centers, and supporting online learning were all areas of focus.

However, the effectiveness in crisis response varied greatly, as no institution anticipated the unprecedented spike in demand for these services and shifted in resourcing needed to tackle it. And IT departments found it difficult to quickly implement solutions to address the sudden increase in demand.

Overall, decades of technical debt suddenly came due, and public sector organizations were unprepared to respond. Seven COVID-19 lessons learned are:

  1. Build a digital trust and communications platform
  2. Enable a remote workforce
  3. Develop team-wide critical skills
  4. Build a data-driven war room
  5. Modernize your legacy systems
  6. Implement financial reserves
  7. Start your resiliency planning today

How to start resiliency planning

Emergencies and disruptions are not new. And although after each incident well-intentioned organizations plan to build a resiliency strategy, often these plans never come to fruition once a crisis has ended.

What is a resiliency plan?

An organization’s resiliency and continuity plan outlines a range of disaster scenarios and the steps the organization will take to return to a regular state. Plans are written ahead of time, by key staff and multiple departments, with the goal of creating contingencies that minimize potential harm and negative impacts to the organization. A strong resilience strategy combines both operational and cultural resilience. Operational resilience includes five pillars: 1) Remote workforce enablement 2) Constituent engagement, 3) Operational continuity, 4) Real-time analytics, and 5) Process and systems modernization. A resilience plan also addresses cultural resiliency best practices that prepare your team for any disruption.

Cultural resiliency is equally important as the operational framework. Employees are the engines that drive organizations. A strong resiliency plan puts employees at the heart of emergency plan, and involves employees early and often. During emergencies, research shows that employees often feel anxious, impacting productivity, engagement, or the ability to act during an emergency. Your resiliency plan should identify employee risks, just as it identifies technology, customer and financial risks. Beyond pandemics or natural disasters, organizations can be adversely impacted by changing market conditions, mergers, or general restructuring, which can also be classified as emergencies. Regardless of the type of disruption, an employee’s alignment to organizational objectives is most at stake during times of disruption. Other elements that influence employees during crisis include the existing organizational culture, leadership, and one’s work environment—which can include technologies, tools, physical space, and processes.

Start by building a baseline resiliency plan. No resiliency plan is bullet-proof, however, having a plan in place drastically improves your organization’s odds of minimizing the impact of an emergency on your employees, customers and partners.

AWS Organizational Resiliency Framework

Resiliency planning framework

Figure 1: AWS Organizational Resiliency Framework

The severity and extent of a major disruption can challenge even the most tech-savvy, and mature organization. As a leader, you have the opportunity to determine your organization’s future state by leveraging lessons learned from past emergencies, and the latest technology tools. If your organization identifies a technological gap, the cloud offers the fastest route to remediation and preparedness, at the lowest possible cost. In particular, cloud-based IT solutions such as elastic cloud compute, storage, and data management services can quickly give you the capacity to withstand a crisis.

Amazon Web Services (AWS) and our AWS Partner Network (APN) Partners are dedicated to supporting your journey to creating a resilient organization. Learn more by visiting the Organizational Resiliency & Continuity Help Center.