Business Continuity for Manufacturing: Maintaining Production During a Disaster
Maintaining business continuity in manufacturing is critical for preventing a costly halt in production. But unfortunately, not all manufacturers are equipped to prevent every disruption.
From natural disasters to data loss, manufacturers face a wide range of threats that can interrupt operations for hours, days or even weeks. In this post, we outline some of the key systems and planning strategies that can help these companies avert a major disaster.
Why business continuity in manufacturing is so important
Every manufacturer knows the fear of an unexpected freeze in production …
When a product can’t be produced, it can’t be ordered. When it can’t be finished on time, it can’t be delivered on time. When workers can’t do their jobs, productivity and profits go down the tube.
These consequences can translate into a major loss of revenue and potentially breach customer agreements in the process.
It only snowballs from there.
Production disruptions almost literally “throw a wrench in the works,” affecting nearly every other operation within the organization. They can sever customer relationships … hurt the company’s credibility … and weigh down the bottom line for years to come (assuming the company even makes it that long): a failure to maintain business continuity in manufacturing can threaten a company’s survival.
Threats to production
One of the most common threats in manufacturing is a breakdown in production equipment. That’s why manufacturers invest heavily in human capital, hiring skilled engineers and other specialists who can rapidly make repairs when needed.
However, manufacturers should be investing just as wisely in protection against other threats that are as destructive:
- Malware: Cyberattacks like ransomware can destroy your data in a matter of minutes, making your critical applications unusable and locking you out of the files that your company runs on.
- Natural disaster: Several weather events and other natural disasters pose a major risk to your manufacturing equipment and personnel. If a factory is destroyed, and there’s no backup plan, operations may never resume.
- Fire & smoke: Even if a fire is contained, smoke damage can derail your production schedule and cause a health risk to workers. Manufacturers must not only comply with local fire codes to prevent accidents, but also must have a continuity plan that ensures production can continue soon after a disruptive incident.
- Flooding: Whether due to a severe weather event or interior damage, such as a pipe break, flooding inside a building can cause costly damage to manufacturing equipment and processes.
- Utility outages: An extended power outage or loss of other critical utilities like natural gas can result in lengthy manufacturing interruptions. Having access to redundant systems is essential for manufacturers that cannot afford to wait on utility companies to restore service at their leisure.
- IT disruptions: Data loss, network outages, server failure, software errors – each of these disruptions can have a severe impact on manufacturing operations, especially if there are no continuity systems in place.
A $310 million nightmare
One of the most high-profile manufacturing disruptions in the last few years was the 2017 ransomware attack on U.S. pharmaceutical giant Merck.
Hundreds of companies around the globe were sidelined by the same ransomware strain, known as NotPetya. But in the months that followed, details emerged that showed the attack was particularly costly for Merck.
The attack disrupted the company’s manufacturing, research and sales operations for nearly a week. Company email went down. 70,000 employees lost access to their computers (many were told to simply stay home).
In total, the attack cost Merck more than $310 million, including a $135 million loss in sales and an additional $175 million in other recovery costs.
That’s nearly a third of a billion dollars for a one-week disruption.
These numbers should alarm every manufacturer, especially smaller companies that don’t have the same financial resources to survive such an outage.
Manufacturing disaster recovery plan template
A disaster recovery plan (DRP) is a comprehensive document that outlines an organization’s protocols for responding to an operational disruption. A DRP is sometimes also referred to as a business continuity plan (BCP), although the two documents are actually a bit different. (Disaster recovery is a subset of business continuity and is sometimes focused specifically on IT-related disasters.)
Every manufacturing company—and indeed all organizations, regardless of industry—should have both a BCP and a DRP to ensure the organization is prepared for every possible disaster.
While every company is unique, a basic manufacturing disaster recovery plan template should include the following sections:
- Plan objectives: Overview of what the DRP aims to achieve and which operations it covers.
- Disaster recovery teams: List of personnel who are responsible for activating the plan and overseeing the recovery.
- Risk assessment: Analysis of the most likely threats to IT or the organization as a whole.
- Business impact analysis: How each of those threats would disrupt operations (including estimated length of outage, cost, impact on other critical processes, etc.)
- Recovery protocols: Specific steps that should follow each type of disruption in order to resume business.
- Continuity deployments: A list of current systems and processes that help to maintain continuity if/when those disruptions occur.
- Contingencies: Backup plans, assets, equipment and locations that can be used to continue operations if primary resources are unavailable.
- Communication: How disaster recovery teams will communicate with each other, with stakeholders and with all other personnel to keep them updated on operational status.
- Plan evaluation: A schedule for how often the plan should be reviewed and updated.
Vulnerable to attack
Over the last few years, the manufacturing industry has been hit hard by ransomware attacks.
Boeing, Nissan, Mondelez and Renault are just a few of the big-name producers that have been derailed by infections.
Hackers are specifically targeting manufacturers because they know that these companies are often more willing to pay higher ransom demands if their production is halted. But that’s only part of it.
Experts say that manufacturing companies also tend to be more vulnerable to attack, due to use of outdated software and unpatched operating systems. Production systems are often supported by older applications that were built in-house and have not been updated with the latest security controls. Hackers then take advantage of these flaws (as well as mishaps by unsuspecting employees) to infiltrate the company’s network.
And unfortunately, despite the fact that some subsets of manufacturing, such as pharmaceuticals, are highly regulated by federal laws, the industry does not face the kind of strict business continuity regulation as sectors like healthcare do.
A lack of redundancy
Creating operational redundancy is one of the best things manufacturers can do to ensure continuity after a disruption.
- If equipment fails, there should be a backup (or parts readily available for quick repair).
- If employees go on strike, there should be others who are already trained and can quickly fill in their shoes.
- If critical data is lost, there should be a backup.
- If an entire facility is destroyed, there should be another location ready to go.
Understandably, small manufacturers won’t have the resources for Redundant Everything. However, they should still have a plan.
Anticipating a potential disaster, and knowing how to adequately respond, is the best thing a company can do to avert a prolonged disruption (which is why a thorough risk assessment and impact analysis are so important).
For example, a small manufacturer might not be able to afford secondary production equipment that just sits around in case of a disaster. However, they should absolutely have a plan for repairing such equipment, or quickly acquiring new equipment, or leasing some through a third-party facility if needed. There must be a plan for how business will keep running.
The need for better data backups
We’ve mentioned how ransomware and other forms of data loss can threaten manufacturers. Whether it’s customer records, inventory data, order information, or the software that keeps everything running, a sudden loss of this vital data can bring operations screeching to a halt.
Having backups is essential. But also, it matters how that data is backed up and how dependable it is when you need it most.
Too many manufacturing companies are relying on outdated backup technologies that are prone to failure during recovery and also vulnerable to threats like ransomware.
For stronger data protection, companies should be deploying advanced disaster recovery systems that provide:
- Higher backup frequency: The ability to perform backups more often (every few minutes, if necessary), so that data loss is minimized when you need to roll back to the last recovery point.
- Faster access to data: The ability to instantly recover lost files or even whole servers via virtualized backups or other recovery methods. With virtualization, you don’t need to wait for a full restore to start using your critical applications again – you can spin up a machine in seconds.
- More resilient backups: Dependable backups that don’t fail during recovery and are protected by automated checks that validate the integrity of the data. For example, BC/DR solutions from Datto use image-based backups that capture a complete picture of a protected server at every backup, without being dependent on previous backups.
- Hybrid cloud protection: Backups stored locally and in the cloud to create redundancy in case on-premise infrastructure is destroyed.
- Built-in ransomware detection: An added layer of protection built into the backup system, a la the Datto SIRIS and ALTO, which automatically scan each backup for signs of an infection.
Now more than ever, manufacturers depend on data to keep production moving. A failure to adequately protect that data is just as risky as failing to safeguard any other aspect of your operations.
Without proper planning, combined with detailed protocols and dependable BC/DR technologies, producers leave their companies at risk of a catastrophic break in continuity.
Learn more about data backup for manufacturing
Get more information on disaster recovery solutions that can protect your production from data loss and operational downtime. Request a free demo or contact our business continuity experts at Invenio IT: call (646) 395-1170 or email success@invenioIT.com.