| Business continuity planning is often thought to be | | | | towards increasing the budget for disaster |
| the domain of very large enterprises, like large | | | | recovery planning. |
| financial institutions, who need to continue trading | | | | 4. Provide staff with remote working facilities |
| even in the event of major global disaster. | | | | Technically feasible |
| However, small companies, especially ones without | | | | Remote working is now more feasible than ever, |
| dedicated IT staff are often the most vulnerable | | | | especially with advances in technology such as |
| to loss of productivity due to seemingly minor | | | | VPN connectivity in larger organisations or cloud |
| upheavals, such as weather-related staff | | | | computing for small and medium businesses. |
| shortages. For example, according to the UK | | | | Develop a remote working policy for your |
| Federation of Small Businesses, a heavy snowfall | | | | company that incorporates flexibility through |
| could translate to an estimated 1.2 billion pounds | | | | modern technology (such as 3G wireless cards for |
| lost in a day because of travel disruptions, with | | | | laptops) and offers security and control (through |
| one-fifth of the UK workforce unable to make it | | | | token access or other security measures). Cloud |
| into work." | | | | computing services can offer an excellent |
| 1. Maintain an accurate systems inventory | | | | all-in-one solution for anytime, anywhere access. |
| When a disaster of whatever nature strikes, | | | | Morale boost |
| chances are that most of the staff normally | | | | Providing staff with the means to work from |
| required to support IT systems will be unable to | | | | home as part of a corporate Flexible Working |
| make it to the office, and minor issues may have | | | | Policy (for when transport causes chaos or |
| to be put on hold to concentrate on the most | | | | unexpected child care duties get in the way) can |
| pressing problems. To help with prioritisation of | | | | be an invaluable way to increase morale and |
| issues, ensure that you have an up-to-date | | | | productivity. Besides forming a cornerstone of |
| inventory of all IT systems and applications, | | | | your flexible working policy, permitting staff to |
| including the level of business criticality, based on | | | | work from home on a regular basis allows |
| input from all key stakeholders, including members | | | | remote-access technology to be regularly tested, |
| of the business, end users and even customers. | | | | increasing the chances that any issues with |
| Ensure that your inventory also includes the | | | | connectivity or technology infrastructure will be |
| locations of servers and systems, key support | | | | caught before there's a real disaster. |
| contacts, and upstream/downstream | | | | 5. Identify key roles and cross-train |
| dependencies. This inventory will help you in the | | | | It's likely that only a skeleton crew will be available |
| heat of the moment when disaster strikes, | | | | in the event of a real disaster. Rather than |
| allowing the IT team to focus efforts on what's | | | | identifying just the key people required to keep |
| truly important. | | | | the business going, build an inventory of the key |
| 2. Understand the risks of each company site | | | | roles needed to perform any recovery scenario. |
| Use your systems inventory to determine | | | | Take the time to cross-train a number of |
| potential areas of vulnerability. Ideally, by the end | | | | individuals to perform these duties, highlighting in |
| of this analysis, you will have a contingency plan | | | | particular any duties which absolutely must be |
| for every high- and medium- priority IT system in | | | | performed on-site. Document all procedures, |
| your organisation. | | | | making sure they are updated in line with changes |
| How safe are each of your sites? | | | | to the systems. |
| Do you have servers in various office or data | | | | 6. Conduct due diligence on your vendors |
| centre locations? What are the risks associated | | | | Even if your own company's business continuity |
| with those locations? You may have a comms | | | | planning is comprehensive and thorough, it can all |
| room located in a flood plain, or an office in a city | | | | fall apart if your mission-critical systems have |
| centre which is vulnerable to terrorist attacks. | | | | dependencies on vendors who haven't planned |
| Take the risks of each site into account in your | | | | adequately for disaster recovery. Ensure that you |
| plans by identifying any contingency systems you | | | | have the conversation with each of your vendors, |
| already have in place and, if possible, building new | | | | requesting information on their business continuity |
| contingency systems in areas where it doesn't | | | | plans in detail, along with any contractual |
| already exist. | | | | provisions they may make for compensation |
| Or do you have a single point of failure? | | | | should they breach their service levels. |
| On the other hand, if you don't have servers in | | | | 7. Test your disaster recover plan at least once a |
| various locations, and have everything all in one | | | | year |
| place, you must plan for the loss of this single | | | | Finally, once your systems are inventoried and |
| point of failure. For example, what would you do if | | | | prioritised with a recovery plan for each and a |
| there was a complete loss of power to your | | | | number of staff cross-trained for the recovery |
| primary site? | | | | procedures, ensure that you actually perform a |
| 3. Create a business case for disaster recovery | | | | test of the entire process at least once a year. |
| planning | | | | Although it's resource-intensive and |
| Consider the impact of your last major outage or | | | | time-consuming, it will allow any issues to surface |
| loss of productivity, be it from a Tube strike, | | | | with remote connectivity, system |
| major snow storm or power cut. What was the | | | | interdependence and documentation. It will also |
| impact in terms of tangible sales, loss of business | | | | give you an estimate of how long it will take your |
| opportunity or damage to the company | | | | business to recover from a major disaster, |
| reputation? Apart from the loss of tangible sales, | | | | providing valuable information to your customers, |
| these can be difficult to quantify, but a good | | | | shareholders and, increasingly, external regulators. |
| estimate can provide a compelling arguments | | | | |