Business Continuity & IT Disaster Recovery Planning
Companies and organizations depend, more than ever on the availability of their Information Technology (IT) and critical business processes, data and applications that are IT-based. Business Continuity and IT Disaster Recovery(BC/DR) is the ability to for an organization to be resilient using strategies and plans for recovering and restoring the organization’s technological infra-structure and capabilities after a serious disruption or disaster. The onset of cloud computing and the proliferation of wireless mobile devices have increased the risks. Managing is to protect the company, their assets, and their ability to do business under any circumstance. Without ‘Plan’ organizations are exposed to substantial loss of operations, negative publicity, financial losses, legal recourse, and loss of resources and people. Organizations that continually refine their ‘Plan’ are more likely to survive in the event of a disaster. Organizations that do not have a plan are on a course toward Disaster! Organizations that continually refine their ‘Plan’ are more likely to survive in the event of a disaster.
Today’s unpredictable world puts pressure on IT departments to maintain business continuity in the face of many challenges that are natural and man-made such as natural disasters, network outages, cybercrime and security breaches. Organizations need to understand the impacts of their business in the event of an emergency. They must be able to answer these critical questions: Who executes recovery actions? What is needed to recover, resume, continue or restore IT systems and business functions? When must business functions and operations be resumed? Where will people go to resume corporate, business, and operational functions? How, in detail, will recovery, resumption, continuity, and restoration be accomplished? How will you prevent or mitigate the risks identified?
Key reasons for planning and implementation are to minimize infrastructure disruptions, establish roles and responsibilities for when an event or disaster is declared, safeguard important data and information, and know how to contact employees, customers, suppliers, and other key personnel.
The main objectives for BC/DR Planning are 1) Keep the organization resilient by reducing the impact of service disruptions, events, or disasters 2) Establish recovery strategies to reduce the impact of operations being disrupted and 3) Educate the team about the recovery procedures and how to handle an event, disruption, or disaster so everyone will know what to do.
There are three basic components that all plans and programs must have to be successful –
Assessment Component: This determines the functional requirements by identifying all impacts and critical components, threats, and probability of occurring through a formal risk assessment and business impact analysis.
Planning Component: This defines the recovery strategy and information about recovery point objectives and recovery time objectives, develops the plan for all critical systems and processes for a successful recovery effort and tests the plan for assurance of some level of recovery.
Monitor/Track Component: This assures that the plan will be updated and viable; it is an iterative process that monitors the current readiness of critical systems and processes.
There are many lessons that are learned from various industries and different types of disasters. They tend to all have some important lessons that are learned when it comes to planning. Top ten lessons learned are:
For IT, utilize cloud service providers who have their facilities located in multiple geographical areas other than where you are. Assume your company or organization will be the last one that will be back in operation. When there are wide spread outages, ‘best efforts’ for recovering is the term frequently used. Consider the safety and personal needs of your employees. Personal needs of employees take precedence when an event occurs, even when an employee is asked prior to an event. Plus, hospitals may not be available for those who are injured. Have enough generating power and facilities to meet long-term needs. Identifying your facility’s critical loads is important. Understand the costs and risks associated with utility power interruptions, production losses and downtime. Plan for outages that may last a few hours to extended time of one to weeks or 30 days. While other back-up electrical supply alternatives may exist, they can often take longer to engage and have shorter supply capabilities, have higher costs, lower reliability or no reasonable refuelling options during an event. Have an alternative source of food and water as well as a plan to get it. If an outage goes over several days, supplies will be used up and will need to be replenished. Frequently test readiness. BC/DR plans must be tested. If they are not tested, then it is like having no plan at all. It is important that these plans be exercised periodically to ensure they will operate as designed in the event of an emergency or a disaster. Supply-Chain Management and Contract for reliable providers of resources that includes considering alternate suppliers for products and services. Communication before, during and after is important. It is how everyone will know what to expect, what to do, how to do it and when. Documentation of all this information is the key and it being readily available is critical for those who need to know.In general, and repeatedly, the lessons learned from major disruptions or disasters, is that communication is key.
The LSH Group has proven planning processes and best practices that are designed to minimize exposure to loss and disruption. We have extensive industry experience and are ready to assist organizations in all aspects of BC/DR planning.
Organizations that do not have a plan are on a course toward Disaster! Organizations that continually refine their ‘Plan’ are more likely to survive in the event of a disaster