Business Continuity, Part 2: What Your Plan Should Include
In Part 1 of this post, we discussed the risks of poor business continuity planning and the distinction between business continuity and disaster recovery. Although most people associate disaster recovery with hurricanes and floods, natural disasters are far from the leading cause of data loss. Hardware failure, software corruption, human error and security breaches top the list.
With the complexity of today’s IT environments and the sheer volume of users, devices and data that networks must support, organizations should operate under the assumption that something will eventually go wrong. The key is to have an effective business continuity plan in place so you can minimize risk and continue normal business operations with little or no downtime when something does go wrong.
Disaster recovery,the process of storing data at a secondary site so the data can be quickly recovered and accessed in case of a disaster, is one component of a business continuity strategy. Gartner states that, in addition to a disaster recovery plan, business continuity should include:
- A business resumption plan, which identifies how critical services are maintained at the crisis site.
- A business recovery plan, which identifies how business functions will be recovered at a secondary site.
- A contingency plan, which identifies how events that can affect an organization will be managed.
Business continuity plans must be regularly tested and updated through mock exercises and drills so organizations can carefully analyze any number of “what if” scenarios. Weaknesses, errors, omissions, discrepancies and threats need to be identified and addressed. For example, will your plan allow you to live up to contracts with customers and business partners? Is your backup power supply adequate? How effective is your internal and external communication plan? What specific processes should users follow should a disaster strike? It’s not uncommon for organizations to discover that data may be recovered quickly, but because copies of important passwords and contact information are lost, that data becomes difficult to access.
The 24×7 nature of today’s global business environment underscores the need for effective business continuity planning. Zero downtime is the goal. Downtime measured in minutes is tolerable. Downtime measured in hours can be crippling, while downtime measured in days or more can devastate a business. We live in a world in which people expect fast access to data, fast answers to questions and fast decisions. Only through proper planning and preparation can organizations meet these expectations.
Let ICG help you fortify your business continuity plan or develop a new one from scratch so your organization can minimize the risk and cost of unplanned downtime.