This article is about ensuring the continuance of your business. Mention Business Continuity and many organisations will say they are covered as they have back-up computers. The odd thing is that you will usually get this answer even if you ask business people rather than members of the IT department. The term Disaster Recovery is often confused with Business Continuity. Having ‘back-up computers’ will not provide Business Continuity; in fact it will probably not even provide real Disaster Recovery.
What does the term ‘disaster’ mean? This is something that disrupts the smooth running of your business. It can be anything from a loss of an entire set of offices, losing the people who run the business or losing data from a computer system as a result of a virus or malicious hacking.
How long can your organisation survive in the case of a disaster? If you are manufacturing company and you lost your premises, where would you relocate to, and how long would it take to relocate? If you are a public body and you lost your major systems, what impact would this have on your ability to provide service? If you are a financial institution and you lost access to your corporate data how long could you survive without it? Likewise, if you are a dot.com company how long could you survive if your web servers were unavailable?
Notice that of all these questions, only the final one relates solely to IT. For a dot.com company, the loss of the website (by losing the web server) is a disaster as anyone attempting to access the website would find it unobtainable and would go somewhere else, possibly never to return. For all other questions, a good Business Continuity plan could actually stop a company from going bust in the case of a disaster.
Obviously any plan will include information on Disaster Recovery - i.e. the technical side of Business Continuity. This will cover a full plan as to what will happen to voice and data communications, and how computer applications will be provided in the case of a disaster. The full Business Continuity plan will also cover other items relating to the business requirements, such as plans for the duplication or restoration of paper records and also details of where the business will relocate to if a disaster made the premises inaccessible
A Business Continuity plan is not something you can buy in a box! Each one is different, depending on the type of business of the organization, and perhaps more often, depending on the available budget. As usual, money rules! No board of directors will authorise investing a (potentially) large amount of money without a very, very good reason.
Therefore, the start of any Business Continuity plan is a risk assessment. This does not need to be expensive to carry out. As a starting point, the head of each of the main departments of an organisation needs to be asked simple questions such as ‘What would it cost the company if you were unable to access your offices or computers?’ and ‘What would you need to do first to re-establish your department’s functionality subsequent to a disaster?’.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.