Logo

Navigation
 

Effective Business Continuity Planning

By | on November 12, 2011 |
Disaster Recovery

While no one can be sure of where or when a disaster will occur, or what form the disaster will come in, it is important to be prepared for the unexpected. There are many companies today that have not taken into consideration the impact of disasters and this is a grave mistake.

If a company is subject to a disaster, whether natural or man-made, the measures it has taken to protect itself can mean the difference between the life and death of that company. Emergency management is defined as the process which involves the handling of risks, and how to avoid them. Emergency management is directly related to effective planning.

With emergency management, enterprises can learn to avoid disaster before it happens, or to recover quickly when there is no way for them to avoid it. Emergency management can be thought of as a continuous process, one that both individuals and groups will want to consider. The basic goal is to handle hazards in a manner that will either reduce or eliminate their impact on a business. In many cases, the actions that organizations take will largely be dependent on the perceptions it has towards risks. With this type of management, the measures that are taken in one area of an organization will have a dramatic effect on others.

Another term which is closely related to emergency management is BCP, or Business Continuity Planning. The ultimate goal of an enterprise should be to stay in business during and after a disaster, but this is impossible if the enterprise has not effectively planned for these events in the past. Therefore, planning could be thought of as the life blood of BCP, because without it, the company is very vulnerable. Once a BCP cycle has been completed, this means that printed material should be available as a reference during a disruptive event. This forms the most basic aspect of Business Continuity Planning.

BCP Guidelines

The reason for having a printed manual which is connected with BCP is to lower the negative impacts that could result from the perceptions stakeholders have of an emergency, as well as those affected by it, how long it will last, and how bad it is. The BIA, or Business Impact Analysis that can be measured includes the effects the event has on the economy, the environment, and with the general public.

The federal government has established a number of guidelines that can be followed in the event of a disaster, whether it is natural or man-made. Some examples of government agencies which have been formed to deal with these issues include the ABA, or American Bankers Association, along with the BAI, or Banking Administration Institute. These government agencies require there members to follow business practices which are related to business continuity in the event of a disaster.

While a number of these measures have been ignored by many enterprises, of late, the issue is considered on a very high level of importance. The good thing about BCP methodology is that it is highly scalable. This means that it can be useful to an organization of any size. While most people reading this article may consider BCP to only be useful for multinational corporations, this is not the case.

Even if you are a small business owner who owns a convenience store, BCP is something that you will want to consider, particularly when chaos result from riots, where numerous shop keepers are targeted. Any person who owns a thriving business should carefully consider the necessity of a BCP. There are a number of statistics that be used to reinforce this fact.

BCP for Effective Planning

A number of statistics have revealed that the vast majority of businesses do not take the time to create BCP strategies. For instance, a number of studies show that over 40% of all fires completely destroy the businesses that are affected by them.  Enterprises which made use of BCP are generally able to get their businesses back up and running within days after the disaster occurs.

For a small company, a BCP can be something as simple as a manual which lists the names, addresses, and numbers to call in the event of an emergency. The business owners could also store crucial data in a remote location, and insurance contracts can be stored as well.

At the highest level, a BCP can be highly complex, requiring a large number of procedures to be carried out in the event of an emergency, and training would often need to be developed for these procedures to ensure that the company can quickly respond in the event of a disaster.

Building an Efficient Recovery Solution Plan

Recovery solution plan after network or general system disaster is always an imperative. The business is often measured not only in their productivity but on their ability to rebound after network attacks or any business move that has resulted to near shut down of all its system components. If there are no plan outlined to cater the problem, data loss will happen and business will surely crumble if left unchecked. That is why it is a job for any IT managers to design a recovery solution plan before it happens.

The disaster recovery plan that should be built by the IT team should be as detailed as possible. In a worst case scenario, IT managers might be confronted with time pressured solution. Only a detailed plan could actually answer that concern. The time frame, the source of assistance and the process of build up until normalcy should be carefully outlined.

IT managers should outline who will do it, how fast they should do it, where they should do it and the objectives of that action. With a detailed plan, recovery from network or system disaster will be easier. Although stress on time is there, a pre-approved time frame for recovery solution will give everybody peace of mind in recovering their data and system.

Recovery Point Objective and Recovery Time Objective

Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are the metrics in the recovery solution plan that should be answered by network administrators.

Recovery Point Objective refers to the point where the time of data loss is recovered. The basic measurement of this objective is in time. Whenever network disaster strikes it is up to the IT department to restore all data from the time data was lost. The IT department has to ensure that the data would be restored from network interruption so that important information will still be there.

Recovery Time Objective is the metric for the IT department determining the time required to restore the data that was lost. This is usually placed in the SLA (Service Level Agreement) of the IT department or the third party provider. These metrics will measure how efficient and well planned the IT department is for data recovery.

RPO and RTO will be the bases of network recovery planning. How fast and how important are the data for the business is lined up by the RPO and RTO. That is where the IT department base their actions when network and system disaster strikes.

Hardware and Data Back Up Requirements

With RPO and RTO determined, network administrators could build actual action plans for network recovery solution. Among them is to determine the hardware requirements for data back up for faster recovery. With an efficient hardware facility, data and even the entire system will be restored in no time as network administrators would have access to an efficient data back up center.

One of the questions that network administrators have to answer is to determine whether the data back-up facility would be an onsite or offsite facility. The advantage of an onsite facility is easier access for network administrators however; it could pose a great problem whenever nature caused disaster strikes such as fire, earthquake and other related disasters. An offsite facility will protect the hardware from these events however; connectivity due to distance is always a concern for network administrators.

Another factor that should be considered by the IT department is the need to use third party providers for data recovery. Outsourcing has its advantage but distance, efficiency and reputation of the provider should always be considered. Whether or not it is onsite or outsourced, the hardware components for network recovery should be optimized for better business performance.

Evaluation

Documentation is a big part of network recovery since it outlines the actions, SLA and hardware components for better and faster network recovery. As already indicated, documentation should be very detailed so that it could offer an actual action as a solution for the problem.

However, a good documentation does not always translate into an efficient network recovery plan. Actual evaluation of the hardware components, the skills and knowledge of the IT department has to be considered based on the actual planning of the network administrators.

A thorough evaluation of the network as well as the response for network disaster has to be done. The hardware components might be feasible but it should be considered if the company has the financial ability to cater to these needs. Evaluation should also be frequent so that network disaster plans are updated.

New and more efficient attack could happen at anytime and network developers have to be updated. It is only through proper planning, updated evaluation and efficient hardware that the company will be assured that network recovery is possible with the time frame of response and could be above expectation.

« « Network Security Risk Assessment and Measurement
Business Impact Assessment and Recovery Plans » »

Author Description

Chandra Vennapoosa

Chandra Vennapoosa, B.S Arch Graduate, Managing Director - Exforsys Inc, Founder of exforsys.com and geekinterview.com. Chandra's mission is "to provide quality career coaching and interview advice for aspiring candidates". She is an avid writer and is also very passionate to help others become professional freelancers. In addition to several online trainings, she has authored the popular book "How to Become a Successful Freelancer"

Exforsys e-Newsletter

ebook
 
© 2024. All Rights Reserved.IT Training and Consulting