Proactive strategies to position and protect your organisation
Business resiliency can be defined as the ability to adjust easily to change.The key to resilience rests in maximising the ability of systems and processes to effectively support a business under any adverse, fast changing, or unexpected condition. Change - whether caused by economic factors, natural disasters, governmental decisions, or other sources - is a constant. Resilience is different to recovery and continuity; it means being flexible enough to adapt to both positive and negative influences. It is a catalyst to propel your business forward while your competition sits still. It requires proactive, structured, integrated efforts by both IT and business executives. The evolution of risk The appropriate degree of resilience for your organisation is determined by your business priorities, risks, the impacts of those risks, and subsequently the organisation’s tolerance for risk. Business and IT must act together as one dynamic organisation in order to more quickly respond to changes in market demands and man-made or natural stresses placed on the organisation. These demands and stressors create an increased need for IT capability, availability, security, and event management. Thus, change fosters a convergence of business and IT risks. However, business and technology executives are typically uncomfortable with unexpected demands. To address their uneasiness with the unexpected, they often seek holistic, prioritised solutions that exploit positive and deflect negative aspects of these demands. Stressors and influencers Political - Governments, insurance underwriters, and industry regulatory bodies are mandating safeguards to protect the economy, political constituents, and business customers. In addition, these same organisations are pushing for more freedom to electronically monitor transactions and participants. Economic - Today’s organisations are dependent on the rapid and smooth operations of a vast array of business partners. A disruptive merger, bankruptcy, or even momentary operational failure of a key supply chain partner can cause significant disruption. Social - Social strains include increased demand for productivity and innovation; increased demand for rapid access to accurate and reliable information; and uncertainties in human behaviour, namely in the form of terrorism. Technological - Technology and the growing complexity of applications and systems, as well as a shortage in IT support personnel, will drive greater attention to resilience strategies. Businesses will have to think less about disaster probability and more about the increasing dollar value of a failure should it occur. Keys to resiliency View the problem and solution in broad
terms. Environmental - While the ills of building a data centre in an area prone to natural disaster seems like an obvious “no-no,” some environmental factors are not as predictable, such as a truck accident that spills radioactive waste. Overall, the current view regarding resilience is maturing from a focus on terrorism or natural disasters to the broader realisation that other equally challenging issues are at play. Understanding resiliency When developing a resiliency strategy, notes that it’s not only a strategy for availability or continuity, but should also include your technology strategy, financial strategy, governance strategy, and even corporate culture. In developing a resiliency strategy, an organisation must also prioritise infrastructure elements based on criticality; * Consider overlapping relationships between
infrastructure elements; A layered approach Strategy - This layer merges the enterprise's business strategies and IT strategies at the highest levels. Since an overall strategy reflects a comprehensive analysis of a business in relation to its marketplace, industry, and value chain, resilience planning must be viewed as a continuous process. As market demands change and businesses change with these demands, vulnerability points also change. Business and IT processes - Resilience plans should concentrate on both the business and IT processes that are most vital to the enterprise. Creating and sustaining processes that support resilient business operations and infrastructures requires: identification of the minimum required process functionality during disruptive events; alternate processes and procedures that allow operations to continue during periods of stress; redefinition of processes to achieve better workload balance. Alternate processes and contingency plans should be clear to stakeholders at all levels in the organisation, while still adhering to a corporate governance model that safeguards against improper use of business processes or assets. Data and applications - Companies must constantly provide reliable information to people both inside and outside the enterprise from multiple, disparate data and application sources. Rather than being aligned only with technology, data and applications are now tightly linked with business processes. Diversification of applications allows for greater workload balancing, as well as protection against organisational impacts due to the loss of key personnel. Technology - Technology plays an essential role in building a resilient, flexible business. Since a significant portion of most business budgets is used for building IT infrastructure, it is prudent to align these investments with the enterprise’s resilience objectives. Technology components to consider when planning for resilience include hardware architectures, system software, middleware, and networks. Each component must be examined to ensure that its level of availability - through reliability, redundancy, or failover - is in line with the firm’s resilience objectives. Facilities and security - Facilities and security reviews should include environmental considerations; geographical locations and distribution; levels of security (physical and logical) access to the facilities; and power protection plans. A resilience plan encompasses all enterprise locations and addresses the unique features of each location. It also integrates with crisis management plans. Building the foundation Accessibility lets enterprise personnel, partners, and customers easily access infrastructure from anywhere, in the event that the primary work site is inaccessible. It includes the deployment of diverse communication technologies such as wireless, fax, e-mail, and instant messaging. Diversification pertains to the physical distribution of resources (hard assets and people) and the implementation of redundant/diverse networking capabilities to diffuse the impact of a disaster. The goal is to create an operational infrastructure that is physically distributed but capable of being managed as a single entity. Autonomic computing describes the inclusion of self-managed hardware and software components in the infrastructure. These components either self-regulate themselves, making decisions without human intervention or, at a minimum, bypass a problem and alert the human attendant to initiate appropriate action. Much of this capability is available today and more will be introduced to the market in the near future. Conclusion About the author IBM Business Continuity and Recovery
Services Besides its expertise in business continuity management, IBM has skills in security, high availability solutions, systems and data management, network design and implementation, machine room building and desktop infrastructure as well as platform and application knowledge. Following its acquisition of the PricewaterhouseCoopers Consultancy, IBM also has industry-leading general business consulting skills. This ensures that IBM has a solution for any unforeseen issue likely to be encountered by its clients. http://www-1.ibm.com/services/uk/index.wss/offerfamily/its/a1009125 This article was first published in Contingency
Planning & Management.
•Date:
9th January 2004 •Region: Worldwide •Type:
Article •Topic: BC
general |
