The six key stages of a phased business continuity planning process
When it comes to business continuity and disaster recovery planning, hope is not a strategy. IT departments, however, are too often surprised by the inevitable when a disaster they could have seen coming changes everything. Even companies that have a good disaster recovery or even disaster recovery as a service (DRaaS) plan in place aren't immune to significant business disruptions; they may think their company is fully protected, but Logicalis US warns that having a disaster recovery plan alone may be putting the proverbial cart before the horse.
The horse, in this case, is developing a solid business continuity strategy first.
"Disaster recovery – even DR as a Service – is technology based. The technology will save whatever data you tell it to, but the success of your business depends as much – if not more – on the effectiveness and efficiencies of your processes and procedures," says David Kinlaw, Practice Manager, Data Protection and Availability Services, Logicalis US. "Critically reviewing, evaluating and improving those processes and procedures is therefore essential to ensuring the success of your business."
That's because the true value of business continuity planning is not limited to technology. Done correctly, the exercise of developing and implementing a thorough business continuity plan opens ongoing conversations between IT and business units, empowering them as a team to face whatever challenges lie ahead. Combine a well-implemented disaster recovery or DRaaS plan with a strong business continuity strategy and the organization will have a winning combination for long-term sustainability.
Six stages in business continuity planning
Taking a phased approach is the best way to reach any long-term objective, including a solid business continuity plan; and the following are the six key stages of a phased business continuity planning process:
Create a roadmap: The first step is to create a business continuity roadmap that identifies where you are now and where you want to be in the future. But, it's also important to recognize that business continuity planning is not a one-time project. It is a living process that needs to be created, then revisited periodically. A good time to talk seriously about business continuity is anytime the organization is facing a significant change, i.e., a major systems upgrade, acquiring another company or being acquired.
Identify risks: Astute company leaders need to identify risks to critical systems – both IT and business – and establish just how much risk the company is prepared to accept. The key deliverables that result from a comprehensive business continuity plan are choices; the company gets to decide what to do before a disaster instead of afterwards – or worse – in the middle of one. And, by talking about risks ahead of time, the CIO, CFO and other key stakeholders can cooperatively choose the steps the company will take to reduce or eliminate risks to the organization's continuity of operations. There may be risks the company is willing and prepared to take, but it is critical to discuss them and know what they are in order to make informed and well-planned choices in advance.
Plan the budget: A business continuity plan must project a budget that shows specifically what needs to be done, over what period of time, and how much it will cost. The important takeaway here is that it doesn't all have to be done at once. Implementing the right plan needs to be a sustainable effort, so the smart corporate team – typically led by the CIO and/or CFO – will map out what they can reasonably accomplish with available resources over an acceptable period of time.
Catalog and rate the threats: By cataloging and rating the threats to a company's survivability, the organization demystifies them, making them approachable and resolvable. Most things are scarier when your back is turned to them; having this kind of knowledge empowers the organization to act and allows the team to be proactive rather than reactive in its decisions.
Strengthen what works: Business continuity isn't just about finding what's wrong with your business operations and fixing the flaws; it's equally important to identify what is working and to strengthen those systems and processes, making them more efficient, reliable and resilient. It's an opportunity to think strategically rather than tactically.
Think outside the box: It's often hard for organizations to see all the ways in which disaster might strike, to identify their best or most vulnerable technologies and processes – or the places where they have holes in their strategies. Don't be afraid to call on an outside expert who brings a fresh perspective to something you and your team may be too close to already. When you can't see the forest for the trees, it's time to bring in a business continuity expert who can help you find the right path.
•Date: 1st August 2014 • US/World •Type: Article • Topic: BC general